Vulnerabilities > Ecoa

DATE CVE VULNERABILITY TITLE RISK
2021-09-30 CVE-2021-41290 Path Traversal vulnerability in Ecoa products
ECOA BAS controller suffers from an arbitrary file write and path traversal vulnerability.
network
low complexity
ecoa CWE-22
critical
9.8
2021-09-30 CVE-2021-41291 Path Traversal vulnerability in Ecoa products
ECOA BAS controller suffers from a path traversal content disclosure vulnerability.
network
low complexity
ecoa CWE-22
7.5
2021-09-30 CVE-2021-41292 Improper Authentication vulnerability in Ecoa products
ECOA BAS controller suffers from an authentication bypass vulnerability.
network
low complexity
ecoa CWE-287
critical
9.1
2021-09-30 CVE-2021-41293 Path Traversal vulnerability in Ecoa products
ECOA BAS controller suffers from a path traversal vulnerability, causing arbitrary files disclosure.
network
low complexity
ecoa CWE-22
7.5
2021-09-30 CVE-2021-41294 Path Traversal vulnerability in Ecoa products
ECOA BAS controller suffers from a path traversal vulnerability, causing arbitrary files deletion.
network
low complexity
ecoa CWE-22
critical
9.1
2021-09-30 CVE-2021-41295 Cross-Site Request Forgery (CSRF) vulnerability in Ecoa products
ECOA BAS controller has a Cross-Site Request Forgery vulnerability, thus authenticated attacker can remotely place a forged request at a malicious web page and execute CRUD commands (GET, POST, PUT, DELETE) to perform arbitrary operations in the system.
network
low complexity
ecoa CWE-352
8.8
2021-09-30 CVE-2021-41296 Weak Password Requirements vulnerability in Ecoa products
ECOA BAS controller uses weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system.
network
low complexity
ecoa CWE-521
critical
9.8
2021-09-30 CVE-2021-41297 Insufficiently Protected Credentials vulnerability in Ecoa products
ECOA BAS controller is vulnerable to weak access control mechanism allowing authenticated user to remotely escalate privileges by disclosing credentials of administrative accounts in plain-text.
network
low complexity
ecoa CWE-522
8.8
2021-09-30 CVE-2021-41298 Authorization Bypass Through User-Controlled Key vulnerability in Ecoa products
ECOA BAS controller is vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input.
network
low complexity
ecoa CWE-639
8.8
2021-09-30 CVE-2021-41299 Use of Hard-coded Credentials vulnerability in Ecoa products
ECOA BAS controller is vulnerable to hard-coded credentials within its Linux distribution image, thus remote attackers can obtain administrator’s privilege without logging in.
network
low complexity
ecoa CWE-798
critical
9.8