Vulnerabilities > Secomea > Sitemanager 1149 Firmware

DATE CVE VULNERABILITY TITLE RISK
2023-04-19 CVE-2022-38125 Unspecified vulnerability in Secomea products
Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Secomea SiteManager (FTP Agent modules) allows Exploiting Trust in Client.
local
low complexity
secomea
5.5
5.5
2022-12-13 CVE-2022-38124 Improper Privilege Management vulnerability in Secomea products
Debug tool in Secomea SiteManager allows logged-in administrator to modify system state in an unintended manner.
network
low complexity
secomea CWE-269
6.5
6.5
2022-05-04 CVE-2021-32010 Inadequate Encryption Strength vulnerability in Secomea products
Inadequate Encryption Strength vulnerability in TLS stack of Secomea SiteManager, LinkManager, GateManager may facilitate man in the middle attacks.
network
high complexity
secomea CWE-326
8.1
8.1
2022-05-04 CVE-2022-25784 Cross-site Scripting vulnerability in Secomea products
Cross-site Scripting (XSS) vulnerability in Web GUI of SiteManager allows logged-in user to inject scripting.
network
low complexity
secomea CWE-79
4.8
4.8
2022-05-04 CVE-2022-25785 Out-of-bounds Write vulnerability in Secomea products
Stack-based Buffer Overflow vulnerability in SiteManager allows logged-in or local user to cause arbitrary code execution.
network
low complexity
secomea CWE-787
7.2
7.2
2022-03-10 CVE-2021-32005 Cross-site Scripting vulnerability in Secomea products
Cross-site Scripting (XSS) vulnerability in log view of Secomea SiteManager allows a logged in user to store javascript for later execution.
network
low complexity
secomea CWE-79
5.4
5.4
2021-02-16 CVE-2020-29027 Cross-site Scripting vulnerability in Secomea products
Cross-site Scripting (XSS) vulnerability in GUI of Secomea SiteManager could allow an attacker to cause an XSS Attack.
network
low complexity
secomea CWE-79
5.4
5.4