Vulnerabilites related to secomea - sitemanager_firmware
CVE-2021-32003 (GCVE-0-2021-32003)
Vulnerability from cvelistv5
Published
2021-08-05 20:33
Modified
2024-08-03 23:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-523 - Unprotected Transport of Credentials
Summary
Unprotected Transport of Credentials vulnerability in SiteManager provisioning service allows local attacker to capture credentials if the service is used after provisioning. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware.
References
► | URL | Tags | |||
---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Secomea | SiteManager |
Version: All < 9.5 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T23:17:27.897Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.secomea.com/support/cybersecurity-advisory" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "platforms": [ "Hardware" ], "product": "SiteManager", "vendor": "Secomea", "versions": [ { "lessThan": "9.5", "status": "affected", "version": "All", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Unprotected Transport of Credentials vulnerability in SiteManager provisioning service allows local attacker to capture credentials if the service is used after provisioning. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-523", "description": "CWE-523 Unprotected Transport of Credentials", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-08-05T20:33:30", "orgId": "f2815942-3388-4c08-ba09-6c15850fda90", "shortName": "Secomea" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.secomea.com/support/cybersecurity-advisory" } ], "source": { "defect": [ "RD-3777" ], "discovery": "INTERNAL" }, "title": "Configuration service port remains open 10 minutes after reboot even when already provisioned", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "VulnerabilityReporting@secomea.com", "ID": "CVE-2021-32003", "STATE": "PUBLIC", "TITLE": "Configuration service port remains open 10 minutes after reboot even when already provisioned" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "SiteManager", "version": { "version_data": [ { "platform": "Hardware", "version_affected": "\u003c", "version_name": "All", "version_value": "9.5" } ] } } ] }, "vendor_name": "Secomea" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unprotected Transport of Credentials vulnerability in SiteManager provisioning service allows local attacker to capture credentials if the service is used after provisioning. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-523 Unprotected Transport of Credentials" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.secomea.com/support/cybersecurity-advisory", "refsource": "MISC", "url": "https://www.secomea.com/support/cybersecurity-advisory" } ] }, "source": { "defect": [ "RD-3777" ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "f2815942-3388-4c08-ba09-6c15850fda90", "assignerShortName": "Secomea", "cveId": "CVE-2021-32003", "datePublished": "2021-08-05T20:33:30", "dateReserved": "2021-05-03T00:00:00", "dateUpdated": "2024-08-03T23:17:27.897Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2021-32002 (GCVE-0-2021-32002)
Vulnerability from cvelistv5
Published
2021-08-05 20:33
Modified
2024-08-03 23:17
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Improper Access Control vulnerability in web service of Secomea SiteManager allows local attacker without credentials to gather network information and configuration of the SiteManager. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware.
References
► | URL | Tags | |||
---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Secomea | SiteManager |
Version: All < 9.5 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T23:17:27.964Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.secomea.com/support/cybersecurity-advisory" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "platforms": [ "Hardware" ], "product": "SiteManager", "vendor": "Secomea", "versions": [ { "lessThan": "9.5", "status": "affected", "version": "All", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper Access Control vulnerability in web service of Secomea SiteManager allows local attacker without credentials to gather network information and configuration of the SiteManager. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-284", "description": "CWE-284 Improper Access Control", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-200", "description": "CWE-200 Information Exposure", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-08-05T20:33:27", "orgId": "f2815942-3388-4c08-ba09-6c15850fda90", "shortName": "Secomea" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.secomea.com/support/cybersecurity-advisory" } ], "source": { "defect": [ "RD-3776" ], "discovery": "INTERNAL" }, "title": "SiteManager troubleshooter allows access without authentication from local network ", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "VulnerabilityReporting@secomea.com", "ID": "CVE-2021-32002", "STATE": "PUBLIC", "TITLE": "SiteManager troubleshooter allows access without authentication from local network " }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "SiteManager", "version": { "version_data": [ { "platform": "Hardware", "version_affected": "\u003c", "version_name": "All", "version_value": "9.5" } ] } } ] }, "vendor_name": "Secomea" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Improper Access Control vulnerability in web service of Secomea SiteManager allows local attacker without credentials to gather network information and configuration of the SiteManager. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-284 Improper Access Control" } ] }, { "description": [ { "lang": "eng", "value": "CWE-200 Information Exposure" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.secomea.com/support/cybersecurity-advisory", "refsource": "MISC", "url": "https://www.secomea.com/support/cybersecurity-advisory" } ] }, "source": { "defect": [ "RD-3776" ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "f2815942-3388-4c08-ba09-6c15850fda90", "assignerShortName": "Secomea", "cveId": "CVE-2021-32002", "datePublished": "2021-08-05T20:33:27", "dateReserved": "2021-05-03T00:00:00", "dateUpdated": "2024-08-03T23:17:27.964Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2020-29020 (GCVE-0-2020-29020)
Vulnerability from cvelistv5
Published
2021-03-05 19:12
Modified
2024-09-16 18:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-284 - Improper Access Control
Summary
Improper Access Control vulnerability in web service of Secomea SiteManager allows remote attacker to access the web UI from the internet using the configured credentials. This issue affects: Secomea SiteManager All versions prior to 9.4.620527004 on Hardware.
References
► | URL | Tags | |||
---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Secomea | SiteManager |
Version: All < 9.4.620527004 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T16:48:00.791Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.secomea.com/support/cybersecurity-advisory/#3217" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "platforms": [ "Hardware" ], "product": "SiteManager", "vendor": "Secomea", "versions": [ { "lessThan": "9.4.620527004", "status": "affected", "version": "All", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "TR electronic se" } ], "datePublic": "2021-03-04T00:00:00", "descriptions": [ { "lang": "en", "value": "Improper Access Control vulnerability in web service of Secomea SiteManager allows remote attacker to access the web UI from the internet using the configured credentials. This issue affects: Secomea SiteManager All versions prior to 9.4.620527004 on Hardware." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-284", "description": "CWE-284 Improper Access Control", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-03-05T19:12:30", "orgId": "f2815942-3388-4c08-ba09-6c15850fda90", "shortName": "Secomea" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.secomea.com/support/cybersecurity-advisory/#3217" } ], "source": { "defect": [ "RD-3217" ], "discovery": "EXTERNAL" }, "title": "Reject Remote Management via Cellular UPLINK2", "workarounds": [ { "lang": "en", "value": "Configure Uplink (WAN) to disable management via Uplink" } ], "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "VulnerabilityReporting@secomea.com", "DATE_PUBLIC": "2021-03-04T22:00:00.000Z", "ID": "CVE-2020-29020", "STATE": "PUBLIC", "TITLE": "Reject Remote Management via Cellular UPLINK2" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "SiteManager", "version": { "version_data": [ { "platform": "Hardware", "version_affected": "\u003c", "version_name": "All", "version_value": "9.4.620527004" } ] } } ] }, "vendor_name": "Secomea" } ] } }, "credit": [ { "lang": "eng", "value": "TR electronic se" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Improper Access Control vulnerability in web service of Secomea SiteManager allows remote attacker to access the web UI from the internet using the configured credentials. This issue affects: Secomea SiteManager All versions prior to 9.4.620527004 on Hardware." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-284 Improper Access Control" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.secomea.com/support/cybersecurity-advisory/#3217", "refsource": "MISC", "url": "https://www.secomea.com/support/cybersecurity-advisory/#3217" } ] }, "source": { "defect": [ "RD-3217" ], "discovery": "EXTERNAL" }, "work_around": [ { "lang": "en", "value": "Configure Uplink (WAN) to disable management via Uplink" } ] } } }, "cveMetadata": { "assignerOrgId": "f2815942-3388-4c08-ba09-6c15850fda90", "assignerShortName": "Secomea", "cveId": "CVE-2020-29020", "datePublished": "2021-03-05T19:12:30.259586Z", "dateReserved": "2020-11-24T00:00:00", "dateUpdated": "2024-09-16T18:55:36.049Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Vulnerability from fkie_nvd
Published
2021-03-05 21:15
Modified
2024-11-21 05:23
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Improper Access Control vulnerability in web service of Secomea SiteManager allows remote attacker to access the web UI from the internet using the configured credentials. This issue affects: Secomea SiteManager All versions prior to 9.4.620527004 on Hardware.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
secomea | sitemanager_firmware | * | |
secomea | sitemanager | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:secomea:sitemanager_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "EEE45259-4860-4F8C-BC4B-AA5B45FE8CD9", "versionEndExcluding": "9.4.620527004", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:secomea:sitemanager:-:*:*:*:*:*:*:*", "matchCriteriaId": "5DEE66B6-F0A6-4172-8795-48A6DF6A61E9", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Access Control vulnerability in web service of Secomea SiteManager allows remote attacker to access the web UI from the internet using the configured credentials. This issue affects: Secomea SiteManager All versions prior to 9.4.620527004 on Hardware." }, { "lang": "es", "value": "Una vulnerabilidad de Control de Acceso Inapropiado en el servicio web de Secomea SiteManager, permite a un atacante remoto acceder a la interfaz de usuario web desde Internet usando las credenciales configuradas.\u0026#xa0;Este problema afecta a: Secomea SiteManager Todas las versiones anteriores a 9.4.620527004 en hardware" } ], "id": "CVE-2020-29020", "lastModified": "2024-11-21T05:23:31.227", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.3, "impactScore": 6.0, "source": "VulnerabilityReporting@secomea.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-03-05T21:15:12.420", "references": [ { "source": "VulnerabilityReporting@secomea.com", "tags": [ "Vendor Advisory" ], "url": "https://www.secomea.com/support/cybersecurity-advisory/#3217" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.secomea.com/support/cybersecurity-advisory/#3217" } ], "sourceIdentifier": "VulnerabilityReporting@secomea.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-284" } ], "source": "VulnerabilityReporting@secomea.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-863" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2021-08-05 21:15
Modified
2024-11-21 06:06
Severity ?
4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
Improper Access Control vulnerability in web service of Secomea SiteManager allows local attacker without credentials to gather network information and configuration of the SiteManager. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
secomea | sitemanager_firmware | * | |
secomea | sitemanager | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:secomea:sitemanager_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7A1C871A-C158-49A3-B912-14615562068D", "versionEndExcluding": "9.5.621256022", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:secomea:sitemanager:-:*:*:*:*:*:*:*", "matchCriteriaId": "5DEE66B6-F0A6-4172-8795-48A6DF6A61E9", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Access Control vulnerability in web service of Secomea SiteManager allows local attacker without credentials to gather network information and configuration of the SiteManager. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware." }, { "lang": "es", "value": "Una vulnerabilidad de control de acceso inapropiado en el servicio web de Secomea SiteManager permite a un atacante local sin credenciales recopilar informaci\u00f3n de red y configuraci\u00f3n del SiteManager. Este problema afecta a: Secomea SiteManager Todas las versiones anteriores a 9.5 en Hardware" } ], "id": "CVE-2021-32002", "lastModified": "2024-11-21T06:06:41.490", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "VulnerabilityReporting@secomea.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-08-05T21:15:11.970", "references": [ { "source": "VulnerabilityReporting@secomea.com", "tags": [ "Vendor Advisory" ], "url": "https://www.secomea.com/support/cybersecurity-advisory" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.secomea.com/support/cybersecurity-advisory" } ], "sourceIdentifier": "VulnerabilityReporting@secomea.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-200" }, { "lang": "en", "value": "CWE-284" } ], "source": "VulnerabilityReporting@secomea.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2021-08-05 21:15
Modified
2024-11-21 06:06
Severity ?
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Unprotected Transport of Credentials vulnerability in SiteManager provisioning service allows local attacker to capture credentials if the service is used after provisioning. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
secomea | sitemanager_firmware | * | |
secomea | sitemanager | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:secomea:sitemanager_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7A1C871A-C158-49A3-B912-14615562068D", "versionEndExcluding": "9.5.621256022", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:secomea:sitemanager:-:*:*:*:*:*:*:*", "matchCriteriaId": "5DEE66B6-F0A6-4172-8795-48A6DF6A61E9", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unprotected Transport of Credentials vulnerability in SiteManager provisioning service allows local attacker to capture credentials if the service is used after provisioning. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware." }, { "lang": "es", "value": "Una vulnerabilidad de Transporte Desprotegido de Credenciales en el servicio de aprovisionamiento de SiteManager, permite a un atacante local capturar credenciales si el servicio es usado despu\u00e9s del aprovisionamiento. Este problema afecta a: Secomea SiteManager Todas las versiones anteriores a 9.5 en Hardware" } ], "id": "CVE-2021-32003", "lastModified": "2024-11-21T06:06:41.620", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.1, "impactScore": 5.9, "source": "VulnerabilityReporting@secomea.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-08-05T21:15:12.053", "references": [ { "source": "VulnerabilityReporting@secomea.com", "tags": [ "Vendor Advisory" ], "url": "https://www.secomea.com/support/cybersecurity-advisory" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.secomea.com/support/cybersecurity-advisory" } ], "sourceIdentifier": "VulnerabilityReporting@secomea.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-523" } ], "source": "VulnerabilityReporting@secomea.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-522" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }