CVSS: 6.5EPSS: 0%CPEs: 18EXPL: 0CVE-2021-32005 – SiteManager Log View XSS Issue
https://notcve.org/view.php?id=CVE-2021-32005
Cross-site Scripting (XSS) vulnerability in log view of Secomea SiteManager allows a logged in user to store javascript for later execution. This issue affects: Secomea SiteManager Version 9.6.621421014 and all prior versions. Una vulnerabilidad de tipo cross-site Scripting (XSS) en la visualización de registro de Secomea SiteManager permite a un usuario que ha iniciado sesión almacenar javascript para su posterior ejecución. Este problema afecta a: Secomea SiteManager versión 9.6.621421014 y todas las versiones anteriores • https://www.secomea.com/support/cybersecurity-advisory/#5017 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2021-32003 – Configuration service port remains open 10 minutes after reboot even when already provisioned
https://notcve.org/view.php?id=CVE-2021-32003
Unprotected Transport of Credentials vulnerability in SiteManager provisioning service allows local attacker to capture credentials if the service is used after provisioning. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware. Una vulnerabilidad de Transporte Desprotegido de Credenciales en el servicio de aprovisionamiento de SiteManager, permite a un atacante local capturar credenciales si el servicio es usado después del aprovisionamiento. Este problema afecta a: Secomea SiteManager Todas las versiones anteriores a 9.5 en Hardware • https://www.secomea.com/support/cybersecurity-advisory • CWE-522: Insufficiently Protected Credentials CWE-523: Unprotected Transport of Credentials •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-32002 – SiteManager troubleshooter allows access without authentication from local network
https://notcve.org/view.php?id=CVE-2021-32002
Improper Access Control vulnerability in web service of Secomea SiteManager allows local attacker without credentials to gather network information and configuration of the SiteManager. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware. Una vulnerabilidad de control de acceso inapropiado en el servicio web de Secomea SiteManager permite a un atacante local sin credenciales recopilar información de red y configuración del SiteManager. Este problema afecta a: Secomea SiteManager Todas las versiones anteriores a 9.5 en Hardware • https://www.secomea.com/support/cybersecurity-advisory • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-29020 – Reject Remote Management via Cellular UPLINK2
https://notcve.org/view.php?id=CVE-2020-29020
Improper Access Control vulnerability in web service of Secomea SiteManager allows remote attacker to access the web UI from the internet using the configured credentials. This issue affects: Secomea SiteManager All versions prior to 9.4.620527004 on Hardware. Una vulnerabilidad de Control de Acceso Inapropiado en el servicio web de Secomea SiteManager, permite a un atacante remoto acceder a la interfaz de usuario web desde Internet usando las credenciales configuradas. Este problema afecta a: Secomea SiteManager Todas las versiones anteriores a 9.4.620527004 en hardware • https://www.secomea.com/support/cybersecurity-advisory/#3217 • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •
CVSS: 5.4EPSS: 0%CPEs: 18EXPL: 0CVE-2020-29027 – Reflected Cross Site Scripting
https://notcve.org/view.php?id=CVE-2020-29027
Cross-site Scripting (XSS) vulnerability in GUI of Secomea SiteManager could allow an attacker to cause an XSS Attack. This issue affects: Secomea SiteManager all versions prior to 9.3. Una vulnerabilidad de tipo Cross-site Scripting (XSS) en la GUI de Secomea SiteManager, podría permitir a un atacante causar un ataque de tipo XSS. Este problema afecta: Secomea SiteManager todas las versiones anteriores a 9.3 • https://www.secomea.com/support/cybersecurity-advisory/#3042 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •