Vulnerabilities > Sielco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-26 | CVE-2023-46663 | Unspecified vulnerability in Sielco products Sielco PolyEco1000 is vulnerable to an attacker bypassing authorization and accessing resources behind protected pages. | 8.1 |
| 2023-10-26 | CVE-2023-46664 | Unspecified vulnerability in Sielco products Sielco PolyEco1000 is vulnerable to an improper access control vulnerability when the application provides direct access to objects based on user-supplied input. | 9.1 |
| 2023-10-26 | CVE-2023-46665 | Unspecified vulnerability in Sielco products Sielco PolyEco1000 is vulnerable to an authentication bypass vulnerability due to an attacker modifying passwords in a POST request and gain unauthorized access to the affected device with administrative privileges. | 9.8 |
| 2023-10-26 | CVE-2023-0897 | Session Fixation vulnerability in Sielco products Sielco PolyEco1000 is vulnerable to a session hijack vulnerability due to the cookie being vulnerable to a brute force attack, lack of SSL, and the session being visible in requests. | 9.8 |
| 2023-10-26 | CVE-2023-46661 | Unspecified vulnerability in Sielco products Sielco PolyEco1000 is vulnerable to an attacker escalating their privileges by modifying passwords in POST requests. | 9.8 |
| 2023-10-26 | CVE-2023-46662 | Unspecified vulnerability in Sielco products Sielco PolyEco1000 is vulnerable to an information disclosure vulnerability due to improper access control enforcement. | 7.5 |
| 2023-10-26 | CVE-2023-5754 | Improper Restriction of Excessive Authentication Attempts vulnerability in Sielco products Sielco PolyEco1000 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system. | 9.8 |
| 2023-10-26 | CVE-2023-41966 | Improper Privilege Management vulnerability in Sielco products The application suffers from a privilege escalation vulnerability. | 8.8 |
| 2023-10-26 | CVE-2023-42769 | Improper Restriction of Excessive Authentication Attempts vulnerability in Sielco products The cookie session ID is of insufficient length and can be exploited by brute force, which may allow a remote attacker to obtain a valid session, bypass authentication, and manipulate the transmitter. | 9.8 |
| 2023-10-26 | CVE-2023-45228 | Unspecified vulnerability in Sielco products The application suffers from improper access control when editing users. A user with read permissions can manipulate users, passwords, and permissions by sending a single HTTP POST request with modified parameters. | 6.5 |