CVSS: 9.8EPSS: 0%CPEs: 12EXPL: 0CVE-2023-5754 – Improper Restriction of Excessive Authentication Attempts in Sielco PolyEco1000
https://notcve.org/view.php?id=CVE-2023-5754
Sielco PolyEco1000 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system. Sielco PolyEco1000 utiliza un conjunto débil de credenciales administrativas predeterminadas que pueden adivinarse fácilmente en ataques remotos a contraseñas y obtener control total del sistema. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 9.8EPSS: 0%CPEs: 12EXPL: 0CVE-2023-0897 – Session FIxation in Sielco PolyEco1000
https://notcve.org/view.php?id=CVE-2023-0897
Sielco PolyEco1000 is vulnerable to a session hijack vulnerability due to the cookie being vulnerable to a brute force attack, lack of SSL, and the session being visible in requests. Sielco PolyEco1000 es afectada por una vulnerabilidad de secuestro de sesión debido a que la cookie es vulnerable a un ataque de fuerza bruta, falta de SSL y la sesión es visible en las solicitudes. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07 • CWE-384: Session Fixation •