CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2021-32003 – Configuration service port remains open 10 minutes after reboot even when already provisioned
https://notcve.org/view.php?id=CVE-2021-32003
Unprotected Transport of Credentials vulnerability in SiteManager provisioning service allows local attacker to capture credentials if the service is used after provisioning. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware. Una vulnerabilidad de Transporte Desprotegido de Credenciales en el servicio de aprovisionamiento de SiteManager, permite a un atacante local capturar credenciales si el servicio es usado después del aprovisionamiento. Este problema afecta a: Secomea SiteManager Todas las versiones anteriores a 9.5 en Hardware • https://www.secomea.com/support/cybersecurity-advisory • CWE-522: Insufficiently Protected Credentials CWE-523: Unprotected Transport of Credentials •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-32002 – SiteManager troubleshooter allows access without authentication from local network
https://notcve.org/view.php?id=CVE-2021-32002
Improper Access Control vulnerability in web service of Secomea SiteManager allows local attacker without credentials to gather network information and configuration of the SiteManager. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware. Una vulnerabilidad de control de acceso inapropiado en el servicio web de Secomea SiteManager permite a un atacante local sin credenciales recopilar información de red y configuración del SiteManager. Este problema afecta a: Secomea SiteManager Todas las versiones anteriores a 9.5 en Hardware • https://www.secomea.com/support/cybersecurity-advisory • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-29020 – Reject Remote Management via Cellular UPLINK2
https://notcve.org/view.php?id=CVE-2020-29020
Improper Access Control vulnerability in web service of Secomea SiteManager allows remote attacker to access the web UI from the internet using the configured credentials. This issue affects: Secomea SiteManager All versions prior to 9.4.620527004 on Hardware. Una vulnerabilidad de Control de Acceso Inapropiado en el servicio web de Secomea SiteManager, permite a un atacante remoto acceder a la interfaz de usuario web desde Internet usando las credenciales configuradas. Este problema afecta a: Secomea SiteManager Todas las versiones anteriores a 9.4.620527004 en hardware • https://www.secomea.com/support/cybersecurity-advisory/#3217 • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •