CVSS: 8.1EPSS: 0%CPEs: 27EXPL: 0CVE-2021-32010 – Clients may connect to a GateManager with TLS 1.0
https://notcve.org/view.php?id=CVE-2021-32010
Inadequate Encryption Strength vulnerability in TLS stack of Secomea SiteManager, LinkManager, GateManager may facilitate man in the middle attacks. This issue affects: Secomea SiteManager All versions prior to 9.7. Secomea LinkManager versions prior to 9.7. Secomea GateManager versions prior to 9.7. Una vulnerabilidad de la fuerza de encriptación inapropiada en la pila TLS de Secomea SiteManager, LinkManager y GateManager puede facilitar ataques de tipo man in the middle. • https://www.secomea.com/support/cybersecurity-advisory • CWE-326: Inadequate Encryption Strength •
CVSS: 6.5EPSS: 0%CPEs: 18EXPL: 0CVE-2021-32005 – SiteManager Log View XSS Issue
https://notcve.org/view.php?id=CVE-2021-32005
Cross-site Scripting (XSS) vulnerability in log view of Secomea SiteManager allows a logged in user to store javascript for later execution. This issue affects: Secomea SiteManager Version 9.6.621421014 and all prior versions. Una vulnerabilidad de tipo cross-site Scripting (XSS) en la visualización de registro de Secomea SiteManager permite a un usuario que ha iniciado sesión almacenar javascript para su posterior ejecución. Este problema afecta a: Secomea SiteManager versión 9.6.621421014 y todas las versiones anteriores • https://www.secomea.com/support/cybersecurity-advisory/#5017 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2021-32003 – Configuration service port remains open 10 minutes after reboot even when already provisioned
https://notcve.org/view.php?id=CVE-2021-32003
Unprotected Transport of Credentials vulnerability in SiteManager provisioning service allows local attacker to capture credentials if the service is used after provisioning. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware. Una vulnerabilidad de Transporte Desprotegido de Credenciales en el servicio de aprovisionamiento de SiteManager, permite a un atacante local capturar credenciales si el servicio es usado después del aprovisionamiento. Este problema afecta a: Secomea SiteManager Todas las versiones anteriores a 9.5 en Hardware • https://www.secomea.com/support/cybersecurity-advisory • CWE-522: Insufficiently Protected Credentials CWE-523: Unprotected Transport of Credentials •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-32002 – SiteManager troubleshooter allows access without authentication from local network
https://notcve.org/view.php?id=CVE-2021-32002
Improper Access Control vulnerability in web service of Secomea SiteManager allows local attacker without credentials to gather network information and configuration of the SiteManager. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware. Una vulnerabilidad de control de acceso inapropiado en el servicio web de Secomea SiteManager permite a un atacante local sin credenciales recopilar información de red y configuración del SiteManager. Este problema afecta a: Secomea SiteManager Todas las versiones anteriores a 9.5 en Hardware • https://www.secomea.com/support/cybersecurity-advisory • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-29020 – Reject Remote Management via Cellular UPLINK2
https://notcve.org/view.php?id=CVE-2020-29020
Improper Access Control vulnerability in web service of Secomea SiteManager allows remote attacker to access the web UI from the internet using the configured credentials. This issue affects: Secomea SiteManager All versions prior to 9.4.620527004 on Hardware. Una vulnerabilidad de Control de Acceso Inapropiado en el servicio web de Secomea SiteManager, permite a un atacante remoto acceder a la interfaz de usuario web desde Internet usando las credenciales configuradas. Este problema afecta a: Secomea SiteManager Todas las versiones anteriores a 9.4.620527004 en hardware • https://www.secomea.com/support/cybersecurity-advisory/#3217 • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •