Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for sitemanager_1529_firmware by secomea

    CVE-2022-38125 (GCVE-0-2022-38125)

    Vulnerability from nvd – Published: 2023-04-19 11:58 – Updated: 2025-02-05 15:00
    VLAI
    Title
    FTP Agent forwards traffic on inactive ports to LinkManager
    Summary
    Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Secomea SiteManager (FTP Agent modules) allows Exploiting Trust in Client.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-923 - Improper Restriction of Communication Channel to Intended Endpoints
    Assigner
    Impacted products
    Vendor Product Version
    Secomea SiteManager Affected: 5.0 , ≤ 10.0 (custom)
    Create a notification for this product.
    Date Public
    2023-04-19 11:58
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:45:52.834Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.secomea.com/support/cybersecurity-advisory/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-38125",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-05T14:59:41.569876Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-923",
                    "description": "CWE-923 Improper Restriction of Communication Channel to Intended Endpoints",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-05T15:00:42.143Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "FTP Agent"
              ],
              "product": "SiteManager",
              "vendor": "Secomea",
              "versions": [
                {
                  "lessThanOrEqual": "10.0",
                  "status": "affected",
                  "version": "5.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2023-04-19T11:58:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Secomea SiteManager (FTP Agent modules) allows Exploiting Trust in Client."
                }
              ],
              "value": "Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Secomea SiteManager (FTP Agent modules) allows Exploiting Trust in Client."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-22",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-22 Exploiting Trust in Client"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 2.9,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-923",
                  "description": "CWE-923 Improper Restriction of Communication Channel to Intended Endpoints",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-19T11:58:14.508Z",
            "orgId": "f2815942-3388-4c08-ba09-6c15850fda90",
            "shortName": "Secomea"
          },
          "references": [
            {
              "url": "https://www.secomea.com/support/cybersecurity-advisory/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "FTP Agent forwards traffic on inactive ports to LinkManager",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f2815942-3388-4c08-ba09-6c15850fda90",
        "assignerShortName": "Secomea",
        "cveId": "CVE-2022-38125",
        "datePublished": "2023-04-19T11:58:14.508Z",
        "dateReserved": "2022-08-10T09:46:05.634Z",
        "dateUpdated": "2025-02-05T15:00:42.143Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-38124 (GCVE-0-2022-38124)

    Vulnerability from nvd – Published: 2022-12-13 13:06 – Updated: 2025-04-18 15:28
    VLAI
    Title
    Unwanted debug tool
    Summary
    Debug tool in Secomea SiteManager allows logged-in administrator to modify system state in an unintended manner.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-267 - Privilege Defined With Unsafe Actions
    Assigner
    Impacted products
    Vendor Product Version
    Secomea SiteManager Affected: 0 , ≤ 10.0.622425017 ("custom")
    Create a notification for this product.
    Date Public
    2022-12-12 23:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:45:52.627Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.secomea.com/support/cybersecurity-advisory/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-38124",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-18T15:28:06.181233Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-18T15:28:20.215Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SiteManager",
              "vendor": "Secomea",
              "versions": [
                {
                  "lessThanOrEqual": "10.0.622425017",
                  "status": "affected",
                  "version": "0",
                  "versionType": "\"custom\""
                }
              ]
            }
          ],
          "datePublic": "2022-12-12T23:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Debug tool in Secomea SiteManager allows logged-in administrator to modify system state in an unintended manner."
                }
              ],
              "value": "Debug tool in Secomea SiteManager allows logged-in administrator to modify system state in an unintended manner."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-121",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-121 Exploit Test APIs"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-267",
                  "description": "CWE-267 Privilege Defined With Unsafe Actions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-13T13:06:17.021Z",
            "orgId": "f2815942-3388-4c08-ba09-6c15850fda90",
            "shortName": "Secomea"
          },
          "references": [
            {
              "url": "https://www.secomea.com/support/cybersecurity-advisory/"
            }
          ],
          "source": {
            "defect": [
              "RD-6294"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Unwanted debug tool",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f2815942-3388-4c08-ba09-6c15850fda90",
        "assignerShortName": "Secomea",
        "cveId": "CVE-2022-38124",
        "datePublished": "2022-12-13T13:06:17.021Z",
        "dateReserved": "2022-08-10T09:46:05.634Z",
        "dateUpdated": "2025-04-18T15:28:20.215Z",
        "requesterUserId": "44bd1e71-3702-434c-b36b-c1ac3bb0bab6",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-38125 (GCVE-0-2022-38125)

    Vulnerability from cvelistv5 – Published: 2023-04-19 11:58 – Updated: 2025-02-05 15:00
    VLAI
    Title
    FTP Agent forwards traffic on inactive ports to LinkManager
    Summary
    Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Secomea SiteManager (FTP Agent modules) allows Exploiting Trust in Client.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-923 - Improper Restriction of Communication Channel to Intended Endpoints
    Assigner
    Impacted products
    Vendor Product Version
    Secomea SiteManager Affected: 5.0 , ≤ 10.0 (custom)
    Create a notification for this product.
    Date Public
    2023-04-19 11:58
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:45:52.834Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.secomea.com/support/cybersecurity-advisory/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-38125",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-05T14:59:41.569876Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-923",
                    "description": "CWE-923 Improper Restriction of Communication Channel to Intended Endpoints",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-05T15:00:42.143Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "FTP Agent"
              ],
              "product": "SiteManager",
              "vendor": "Secomea",
              "versions": [
                {
                  "lessThanOrEqual": "10.0",
                  "status": "affected",
                  "version": "5.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2023-04-19T11:58:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Secomea SiteManager (FTP Agent modules) allows Exploiting Trust in Client."
                }
              ],
              "value": "Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Secomea SiteManager (FTP Agent modules) allows Exploiting Trust in Client."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-22",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-22 Exploiting Trust in Client"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 2.9,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-923",
                  "description": "CWE-923 Improper Restriction of Communication Channel to Intended Endpoints",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-19T11:58:14.508Z",
            "orgId": "f2815942-3388-4c08-ba09-6c15850fda90",
            "shortName": "Secomea"
          },
          "references": [
            {
              "url": "https://www.secomea.com/support/cybersecurity-advisory/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "FTP Agent forwards traffic on inactive ports to LinkManager",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f2815942-3388-4c08-ba09-6c15850fda90",
        "assignerShortName": "Secomea",
        "cveId": "CVE-2022-38125",
        "datePublished": "2023-04-19T11:58:14.508Z",
        "dateReserved": "2022-08-10T09:46:05.634Z",
        "dateUpdated": "2025-02-05T15:00:42.143Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-38124 (GCVE-0-2022-38124)

    Vulnerability from cvelistv5 – Published: 2022-12-13 13:06 – Updated: 2025-04-18 15:28
    VLAI
    Title
    Unwanted debug tool
    Summary
    Debug tool in Secomea SiteManager allows logged-in administrator to modify system state in an unintended manner.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-267 - Privilege Defined With Unsafe Actions
    Assigner
    Impacted products
    Vendor Product Version
    Secomea SiteManager Affected: 0 , ≤ 10.0.622425017 ("custom")
    Create a notification for this product.
    Date Public
    2022-12-12 23:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:45:52.627Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.secomea.com/support/cybersecurity-advisory/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-38124",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-18T15:28:06.181233Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-18T15:28:20.215Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SiteManager",
              "vendor": "Secomea",
              "versions": [
                {
                  "lessThanOrEqual": "10.0.622425017",
                  "status": "affected",
                  "version": "0",
                  "versionType": "\"custom\""
                }
              ]
            }
          ],
          "datePublic": "2022-12-12T23:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Debug tool in Secomea SiteManager allows logged-in administrator to modify system state in an unintended manner."
                }
              ],
              "value": "Debug tool in Secomea SiteManager allows logged-in administrator to modify system state in an unintended manner."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-121",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-121 Exploit Test APIs"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-267",
                  "description": "CWE-267 Privilege Defined With Unsafe Actions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-13T13:06:17.021Z",
            "orgId": "f2815942-3388-4c08-ba09-6c15850fda90",
            "shortName": "Secomea"
          },
          "references": [
            {
              "url": "https://www.secomea.com/support/cybersecurity-advisory/"
            }
          ],
          "source": {
            "defect": [
              "RD-6294"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Unwanted debug tool",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f2815942-3388-4c08-ba09-6c15850fda90",
        "assignerShortName": "Secomea",
        "cveId": "CVE-2022-38124",
        "datePublished": "2022-12-13T13:06:17.021Z",
        "dateReserved": "2022-08-10T09:46:05.634Z",
        "dateUpdated": "2025-04-18T15:28:20.215Z",
        "requesterUserId": "44bd1e71-3702-434c-b36b-c1ac3bb0bab6",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }