Vulnerabilities > CVE-2020-29020 - Incorrect Authorization vulnerability in Secomea Sitemanager Firmware

CVSS 7.2 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

secomea

CWE-863

NVD

Published: 2021-03-05

Updated: 2021-03-12

Summary

Improper Access Control vulnerability in web service of Secomea SiteManager allows remote attacker to access the web UI from the internet using the configured credentials. This issue affects: Secomea SiteManager All versions prior to 9.4.620527004 on Hardware.

Vulnerable Configurations

Part	Description	Count
OS	Secomea Secomea Sitemanager Firmware -	1
Hardware	Secomea Secomea Sitemanager -	1

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://www.secomea.com/support/cybersecurity-advisory/#3217