Vulnerabilities > Secheron > Sepcos Control AND Protection Relay Firmware > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-24 | CVE-2022-2105 | Unspecified vulnerability in Secheron Sepcos Control and Protection Relay Firmware 1.23.0/1.24.0/1.25.0 Client-side JavaScript controls may be bypassed to change user credentials and permissions without authentication, including a “root” user level meant only for the vendor. | 9.1 |
| 2022-06-24 | CVE-2022-2104 | Unspecified vulnerability in Secheron Sepcos Control and Protection Relay Firmware 1.23.0/1.24.0/1.25.0 The www-data (Apache web server) account is configured to run sudo with no password for many commands (including /bin/sh and /bin/bash). | 9.8 |
| 2022-06-24 | CVE-2022-2103 | Insufficiently Protected Credentials vulnerability in Secheron Sepcos Control and Protection Relay Firmware 1.23.0/1.24.0/1.25.0 An attacker with weak credentials could access the TCP port via an open FTP port, allowing an attacker to read sensitive files and write to remotely executable directories. | 9.1 |
| 2022-06-24 | CVE-2022-1668 | Weak Password Requirements vulnerability in Secheron Sepcos Control and Protection Relay Firmware 1.23.0/1.24.0/1.25.0 Weak default root user credentials allow remote attackers to easily obtain OS superuser privileges over the open TCP port for SSH. | 9.8 |