Vulnerabilities > Sielco > Polyeco300 Firmware > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-26 | CVE-2023-46665 | Unspecified vulnerability in Sielco products Sielco PolyEco1000 is vulnerable to an authentication bypass vulnerability due to an attacker modifying passwords in a POST request and gain unauthorized access to the affected device with administrative privileges. | 9.8 |
| 2023-10-26 | CVE-2023-46664 | Unspecified vulnerability in Sielco products Sielco PolyEco1000 is vulnerable to an improper access control vulnerability when the application provides direct access to objects based on user-supplied input. | 9.1 |
| 2023-10-26 | CVE-2023-5754 | Improper Restriction of Excessive Authentication Attempts vulnerability in Sielco products Sielco PolyEco1000 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system. | 9.8 |
| 2023-10-26 | CVE-2023-46661 | Unspecified vulnerability in Sielco products Sielco PolyEco1000 is vulnerable to an attacker escalating their privileges by modifying passwords in POST requests. | 9.8 |
| 2023-10-26 | CVE-2023-0897 | Session Fixation vulnerability in Sielco products Sielco PolyEco1000 is vulnerable to a session hijack vulnerability due to the cookie being vulnerable to a brute force attack, lack of SSL, and the session being visible in requests. | 9.8 |