CVE Published: 24/06/2022 |
CVE Updated: 16/09/2024 |
CVE Year: 2022 Source: icscert |
Vendor: Secheron |
Product: SEPCOS Control and Protection Relay firmware package Status : PUBLISHED
CVE-2022-2105 Description
Client-side JavaScript controls may be bypassed to change user credentials and permissions without authentication, including a “root” user level meant only for the vendor. Web server root level access allows for changing of safety critical parameters.
Metrics
CVSS Version: 3.1 |
Base Score: 9.4 CRITICAL Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H