Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for sitemanager_firmware by secomea

    CVE-2021-32003 (GCVE-0-2021-32003)

    Vulnerability from nvd – Published: 2021-08-05 20:33 – Updated: 2024-08-03 23:17
    VLAI
    Title
    Configuration service port remains open 10 minutes after reboot even when already provisioned
    Summary
    Unprotected Transport of Credentials vulnerability in SiteManager provisioning service allows local attacker to capture credentials if the service is used after provisioning. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware.
    CWE
    • CWE-523 - Unprotected Transport of Credentials
    Assigner
    References
    Impacted products
    Vendor Product Version
    Secomea SiteManager Affected: All , < 9.5 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:17:27.897Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.secomea.com/support/cybersecurity-advisory"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Hardware"
              ],
              "product": "SiteManager",
              "vendor": "Secomea",
              "versions": [
                {
                  "lessThan": "9.5",
                  "status": "affected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Unprotected Transport of Credentials vulnerability in SiteManager provisioning service allows local attacker to capture credentials if the service is used after provisioning. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-523",
                  "description": "CWE-523 Unprotected Transport of Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-08-05T20:33:30.000Z",
            "orgId": "f2815942-3388-4c08-ba09-6c15850fda90",
            "shortName": "Secomea"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.secomea.com/support/cybersecurity-advisory"
            }
          ],
          "source": {
            "defect": [
              "RD-3777"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Configuration service port remains open 10 minutes after reboot even when already provisioned",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "VulnerabilityReporting@secomea.com",
              "ID": "CVE-2021-32003",
              "STATE": "PUBLIC",
              "TITLE": "Configuration service port remains open 10 minutes after reboot even when already provisioned"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SiteManager",
                          "version": {
                            "version_data": [
                              {
                                "platform": "Hardware",
                                "version_affected": "\u003c",
                                "version_name": "All",
                                "version_value": "9.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Secomea"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unprotected Transport of Credentials vulnerability in SiteManager provisioning service allows local attacker to capture credentials if the service is used after provisioning. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-523 Unprotected Transport of Credentials"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.secomea.com/support/cybersecurity-advisory",
                  "refsource": "MISC",
                  "url": "https://www.secomea.com/support/cybersecurity-advisory"
                }
              ]
            },
            "source": {
              "defect": [
                "RD-3777"
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f2815942-3388-4c08-ba09-6c15850fda90",
        "assignerShortName": "Secomea",
        "cveId": "CVE-2021-32003",
        "datePublished": "2021-08-05T20:33:30.000Z",
        "dateReserved": "2021-05-03T00:00:00.000Z",
        "dateUpdated": "2024-08-03T23:17:27.897Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-32002 (GCVE-0-2021-32002)

    Vulnerability from nvd – Published: 2021-08-05 20:33 – Updated: 2024-08-03 23:17
    VLAI
    Title
    SiteManager troubleshooter allows access without authentication from local network
    Summary
    Improper Access Control vulnerability in web service of Secomea SiteManager allows local attacker without credentials to gather network information and configuration of the SiteManager. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Secomea SiteManager Affected: All , < 9.5 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:17:27.964Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.secomea.com/support/cybersecurity-advisory"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Hardware"
              ],
              "product": "SiteManager",
              "vendor": "Secomea",
              "versions": [
                {
                  "lessThan": "9.5",
                  "status": "affected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Access Control vulnerability in web service of Secomea SiteManager allows local attacker without credentials to gather network information and configuration of the SiteManager. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Information Exposure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-08-05T20:33:27.000Z",
            "orgId": "f2815942-3388-4c08-ba09-6c15850fda90",
            "shortName": "Secomea"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.secomea.com/support/cybersecurity-advisory"
            }
          ],
          "source": {
            "defect": [
              "RD-3776"
            ],
            "discovery": "INTERNAL"
          },
          "title": "SiteManager troubleshooter allows access without authentication from local network",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "VulnerabilityReporting@secomea.com",
              "ID": "CVE-2021-32002",
              "STATE": "PUBLIC",
              "TITLE": "SiteManager troubleshooter allows access without authentication from local network"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SiteManager",
                          "version": {
                            "version_data": [
                              {
                                "platform": "Hardware",
                                "version_affected": "\u003c",
                                "version_name": "All",
                                "version_value": "9.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Secomea"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper Access Control vulnerability in web service of Secomea SiteManager allows local attacker without credentials to gather network information and configuration of the SiteManager. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-284 Improper Access Control"
                    }
                  ]
                },
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-200 Information Exposure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.secomea.com/support/cybersecurity-advisory",
                  "refsource": "MISC",
                  "url": "https://www.secomea.com/support/cybersecurity-advisory"
                }
              ]
            },
            "source": {
              "defect": [
                "RD-3776"
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f2815942-3388-4c08-ba09-6c15850fda90",
        "assignerShortName": "Secomea",
        "cveId": "CVE-2021-32002",
        "datePublished": "2021-08-05T20:33:27.000Z",
        "dateReserved": "2021-05-03T00:00:00.000Z",
        "dateUpdated": "2024-08-03T23:17:27.964Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-29020 (GCVE-0-2020-29020)

    Vulnerability from nvd – Published: 2021-03-05 19:12 – Updated: 2024-09-16 18:55
    VLAI
    Title
    Reject Remote Management via Cellular UPLINK2
    Summary
    Improper Access Control vulnerability in web service of Secomea SiteManager allows remote attacker to access the web UI from the internet using the configured credentials. This issue affects: Secomea SiteManager All versions prior to 9.4.620527004 on Hardware.
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Secomea SiteManager Affected: All , < 9.4.620527004 (custom)
    Create a notification for this product.
    Date Public
    2021-03-04 00:00
    Credits
    TR electronic se
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T16:48:00.791Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.secomea.com/support/cybersecurity-advisory/#3217"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Hardware"
              ],
              "product": "SiteManager",
              "vendor": "Secomea",
              "versions": [
                {
                  "lessThan": "9.4.620527004",
                  "status": "affected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "TR electronic se"
            }
          ],
          "datePublic": "2021-03-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Access Control vulnerability in web service of Secomea SiteManager allows remote attacker to access the web UI from the internet using the configured credentials. This issue affects: Secomea SiteManager All versions prior to 9.4.620527004 on Hardware."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-05T19:12:30.000Z",
            "orgId": "f2815942-3388-4c08-ba09-6c15850fda90",
            "shortName": "Secomea"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.secomea.com/support/cybersecurity-advisory/#3217"
            }
          ],
          "source": {
            "defect": [
              "RD-3217"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Reject Remote Management via Cellular UPLINK2",
          "workarounds": [
            {
              "lang": "en",
              "value": "Configure Uplink (WAN) to disable management via Uplink"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "VulnerabilityReporting@secomea.com",
              "DATE_PUBLIC": "2021-03-04T22:00:00.000Z",
              "ID": "CVE-2020-29020",
              "STATE": "PUBLIC",
              "TITLE": "Reject Remote Management via Cellular UPLINK2"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SiteManager",
                          "version": {
                            "version_data": [
                              {
                                "platform": "Hardware",
                                "version_affected": "\u003c",
                                "version_name": "All",
                                "version_value": "9.4.620527004"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Secomea"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "TR electronic se"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper Access Control vulnerability in web service of Secomea SiteManager allows remote attacker to access the web UI from the internet using the configured credentials. This issue affects: Secomea SiteManager All versions prior to 9.4.620527004 on Hardware."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-284 Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.secomea.com/support/cybersecurity-advisory/#3217",
                  "refsource": "MISC",
                  "url": "https://www.secomea.com/support/cybersecurity-advisory/#3217"
                }
              ]
            },
            "source": {
              "defect": [
                "RD-3217"
              ],
              "discovery": "EXTERNAL"
            },
            "work_around": [
              {
                "lang": "en",
                "value": "Configure Uplink (WAN) to disable management via Uplink"
              }
            ]
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f2815942-3388-4c08-ba09-6c15850fda90",
        "assignerShortName": "Secomea",
        "cveId": "CVE-2020-29020",
        "datePublished": "2021-03-05T19:12:30.259Z",
        "dateReserved": "2020-11-24T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:55:36.049Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-32003 (GCVE-0-2021-32003)

    Vulnerability from cvelistv5 – Published: 2021-08-05 20:33 – Updated: 2024-08-03 23:17
    VLAI
    Title
    Configuration service port remains open 10 minutes after reboot even when already provisioned
    Summary
    Unprotected Transport of Credentials vulnerability in SiteManager provisioning service allows local attacker to capture credentials if the service is used after provisioning. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware.
    CWE
    • CWE-523 - Unprotected Transport of Credentials
    Assigner
    References
    Impacted products
    Vendor Product Version
    Secomea SiteManager Affected: All , < 9.5 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:17:27.897Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.secomea.com/support/cybersecurity-advisory"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Hardware"
              ],
              "product": "SiteManager",
              "vendor": "Secomea",
              "versions": [
                {
                  "lessThan": "9.5",
                  "status": "affected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Unprotected Transport of Credentials vulnerability in SiteManager provisioning service allows local attacker to capture credentials if the service is used after provisioning. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-523",
                  "description": "CWE-523 Unprotected Transport of Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-08-05T20:33:30.000Z",
            "orgId": "f2815942-3388-4c08-ba09-6c15850fda90",
            "shortName": "Secomea"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.secomea.com/support/cybersecurity-advisory"
            }
          ],
          "source": {
            "defect": [
              "RD-3777"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Configuration service port remains open 10 minutes after reboot even when already provisioned",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "VulnerabilityReporting@secomea.com",
              "ID": "CVE-2021-32003",
              "STATE": "PUBLIC",
              "TITLE": "Configuration service port remains open 10 minutes after reboot even when already provisioned"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SiteManager",
                          "version": {
                            "version_data": [
                              {
                                "platform": "Hardware",
                                "version_affected": "\u003c",
                                "version_name": "All",
                                "version_value": "9.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Secomea"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unprotected Transport of Credentials vulnerability in SiteManager provisioning service allows local attacker to capture credentials if the service is used after provisioning. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-523 Unprotected Transport of Credentials"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.secomea.com/support/cybersecurity-advisory",
                  "refsource": "MISC",
                  "url": "https://www.secomea.com/support/cybersecurity-advisory"
                }
              ]
            },
            "source": {
              "defect": [
                "RD-3777"
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f2815942-3388-4c08-ba09-6c15850fda90",
        "assignerShortName": "Secomea",
        "cveId": "CVE-2021-32003",
        "datePublished": "2021-08-05T20:33:30.000Z",
        "dateReserved": "2021-05-03T00:00:00.000Z",
        "dateUpdated": "2024-08-03T23:17:27.897Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-32002 (GCVE-0-2021-32002)

    Vulnerability from cvelistv5 – Published: 2021-08-05 20:33 – Updated: 2024-08-03 23:17
    VLAI
    Title
    SiteManager troubleshooter allows access without authentication from local network
    Summary
    Improper Access Control vulnerability in web service of Secomea SiteManager allows local attacker without credentials to gather network information and configuration of the SiteManager. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Secomea SiteManager Affected: All , < 9.5 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:17:27.964Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.secomea.com/support/cybersecurity-advisory"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Hardware"
              ],
              "product": "SiteManager",
              "vendor": "Secomea",
              "versions": [
                {
                  "lessThan": "9.5",
                  "status": "affected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Access Control vulnerability in web service of Secomea SiteManager allows local attacker without credentials to gather network information and configuration of the SiteManager. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Information Exposure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-08-05T20:33:27.000Z",
            "orgId": "f2815942-3388-4c08-ba09-6c15850fda90",
            "shortName": "Secomea"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.secomea.com/support/cybersecurity-advisory"
            }
          ],
          "source": {
            "defect": [
              "RD-3776"
            ],
            "discovery": "INTERNAL"
          },
          "title": "SiteManager troubleshooter allows access without authentication from local network",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "VulnerabilityReporting@secomea.com",
              "ID": "CVE-2021-32002",
              "STATE": "PUBLIC",
              "TITLE": "SiteManager troubleshooter allows access without authentication from local network"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SiteManager",
                          "version": {
                            "version_data": [
                              {
                                "platform": "Hardware",
                                "version_affected": "\u003c",
                                "version_name": "All",
                                "version_value": "9.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Secomea"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper Access Control vulnerability in web service of Secomea SiteManager allows local attacker without credentials to gather network information and configuration of the SiteManager. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-284 Improper Access Control"
                    }
                  ]
                },
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-200 Information Exposure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.secomea.com/support/cybersecurity-advisory",
                  "refsource": "MISC",
                  "url": "https://www.secomea.com/support/cybersecurity-advisory"
                }
              ]
            },
            "source": {
              "defect": [
                "RD-3776"
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f2815942-3388-4c08-ba09-6c15850fda90",
        "assignerShortName": "Secomea",
        "cveId": "CVE-2021-32002",
        "datePublished": "2021-08-05T20:33:27.000Z",
        "dateReserved": "2021-05-03T00:00:00.000Z",
        "dateUpdated": "2024-08-03T23:17:27.964Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-29020 (GCVE-0-2020-29020)

    Vulnerability from cvelistv5 – Published: 2021-03-05 19:12 – Updated: 2024-09-16 18:55
    VLAI
    Title
    Reject Remote Management via Cellular UPLINK2
    Summary
    Improper Access Control vulnerability in web service of Secomea SiteManager allows remote attacker to access the web UI from the internet using the configured credentials. This issue affects: Secomea SiteManager All versions prior to 9.4.620527004 on Hardware.
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Secomea SiteManager Affected: All , < 9.4.620527004 (custom)
    Create a notification for this product.
    Date Public
    2021-03-04 00:00
    Credits
    TR electronic se
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T16:48:00.791Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.secomea.com/support/cybersecurity-advisory/#3217"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Hardware"
              ],
              "product": "SiteManager",
              "vendor": "Secomea",
              "versions": [
                {
                  "lessThan": "9.4.620527004",
                  "status": "affected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "TR electronic se"
            }
          ],
          "datePublic": "2021-03-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Access Control vulnerability in web service of Secomea SiteManager allows remote attacker to access the web UI from the internet using the configured credentials. This issue affects: Secomea SiteManager All versions prior to 9.4.620527004 on Hardware."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-05T19:12:30.000Z",
            "orgId": "f2815942-3388-4c08-ba09-6c15850fda90",
            "shortName": "Secomea"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.secomea.com/support/cybersecurity-advisory/#3217"
            }
          ],
          "source": {
            "defect": [
              "RD-3217"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Reject Remote Management via Cellular UPLINK2",
          "workarounds": [
            {
              "lang": "en",
              "value": "Configure Uplink (WAN) to disable management via Uplink"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "VulnerabilityReporting@secomea.com",
              "DATE_PUBLIC": "2021-03-04T22:00:00.000Z",
              "ID": "CVE-2020-29020",
              "STATE": "PUBLIC",
              "TITLE": "Reject Remote Management via Cellular UPLINK2"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SiteManager",
                          "version": {
                            "version_data": [
                              {
                                "platform": "Hardware",
                                "version_affected": "\u003c",
                                "version_name": "All",
                                "version_value": "9.4.620527004"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Secomea"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "TR electronic se"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper Access Control vulnerability in web service of Secomea SiteManager allows remote attacker to access the web UI from the internet using the configured credentials. This issue affects: Secomea SiteManager All versions prior to 9.4.620527004 on Hardware."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-284 Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.secomea.com/support/cybersecurity-advisory/#3217",
                  "refsource": "MISC",
                  "url": "https://www.secomea.com/support/cybersecurity-advisory/#3217"
                }
              ]
            },
            "source": {
              "defect": [
                "RD-3217"
              ],
              "discovery": "EXTERNAL"
            },
            "work_around": [
              {
                "lang": "en",
                "value": "Configure Uplink (WAN) to disable management via Uplink"
              }
            ]
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f2815942-3388-4c08-ba09-6c15850fda90",
        "assignerShortName": "Secomea",
        "cveId": "CVE-2020-29020",
        "datePublished": "2021-03-05T19:12:30.259Z",
        "dateReserved": "2020-11-24T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:55:36.049Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }