Search criteria
6 vulnerabilities found for sitemanager_1529_firmware by secomea
FKIE_CVE-2022-38125
Vulnerability from fkie_nvd - Published: 2023-04-19 12:15 - Updated: 2025-02-05 15:15
Severity ?
2.9 (Low) - CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Secomea SiteManager (FTP Agent modules) allows Exploiting Trust in Client.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:secomea:sitemanager_3549_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17034D9B-EEC0-47C4-B262-C8699DCF31CE",
"versionEndExcluding": "10.0.622465022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:secomea:sitemanager_3549:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A05A3825-9C8E-43EF-A2DC-F0B06694CCCD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:secomea:sitemanager_3539_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5483EDAF-69C3-4E09-9F12-B9E2775CB4D5",
"versionEndExcluding": "10.0.622465022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:secomea:sitemanager_3539:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D26BFEA-056C-4760-8D10-A0DF3677DAD1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:secomea:sitemanager_3529_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "36890A42-2A12-4637-8593-1D0DE0402B41",
"versionEndExcluding": "10.0.622465022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:secomea:sitemanager_3529:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C5F7D37-729C-4969-9661-C933C9F16980",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:secomea:sitemanager_3349_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66D8982B-1087-4C69-8773-998509A9C58C",
"versionEndExcluding": "10.0.622465022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:secomea:sitemanager_3349:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C7D7926-A5F5-46A1-A6B7-3C99130FA609",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:secomea:sitemanager_3339_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E54B3F5-30F2-4360-BBD9-4A21AEB78151",
"versionEndExcluding": "10.0.622465022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:secomea:sitemanager_3339:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF64F7DA-FD12-4231-B792-EF8F79B587CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:secomea:sitemanager_3329_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DD2DF889-5E8C-4183-AFC8-098355C3704E",
"versionEndExcluding": "10.0.622465022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:secomea:sitemanager_3329:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6ABE08F2-C6D0-4CA3-99F4-0654653E7BF3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:secomea:sitemanager_1549_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE4EFF13-B933-40F8-957D-5AA71AF0CC95",
"versionEndExcluding": "10.0.622465022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:secomea:sitemanager_1549:-:*:*:*:*:*:*:*",
"matchCriteriaId": "402344EC-DDE3-452B-BDD7-63E1DE7EB030",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:secomea:sitemanager_1539_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "854722A1-8028-4819-BF3E-645875E372B2",
"versionEndExcluding": "10.0.622465022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:secomea:sitemanager_1539:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5848F390-7F56-44ED-9267-38CA1971DE01",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:secomea:sitemanager_1529_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5126CFB4-1AA2-4663-9AB1-EBC101DC9F1C",
"versionEndExcluding": "10.0.622465022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:secomea:sitemanager_1529:-:*:*:*:*:*:*:*",
"matchCriteriaId": "04157541-64E2-4D44-8101-8BC9972283D0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:secomea:sitemanager_1149_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9586E608-B8C6-4531-AA5C-4CEE23290607",
"versionEndExcluding": "10.0.622465022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:secomea:sitemanager_1149:-:*:*:*:*:*:*:*",
"matchCriteriaId": "060DA5EF-B6FE-4E02-B0A5-EAAF5CF5AC35",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:secomea:sitemanager_1139_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5E7AA2FA-06B5-433A-BE7C-7E3B28838333",
"versionEndExcluding": "10.0.622465022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:secomea:sitemanager_1139:-:*:*:*:*:*:*:*",
"matchCriteriaId": "856E0FE1-D1FD-47A3-8DE0-A12F6FBD60E8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:secomea:sitemanager_1129_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "540F8642-361E-461D-A082-CAB4500BA25B",
"versionEndExcluding": "10.0.622465022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:secomea:sitemanager_1129:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29BFC1D6-82B6-4E20-BBFB-63F33373D78B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Secomea SiteManager (FTP Agent modules) allows Exploiting Trust in Client."
}
],
"id": "CVE-2022-38125",
"lastModified": "2025-02-05T15:15:15.660",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4,
"source": "VulnerabilityReporting@secomea.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-04-19T12:15:07.610",
"references": [
{
"source": "VulnerabilityReporting@secomea.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.secomea.com/support/cybersecurity-advisory/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.secomea.com/support/cybersecurity-advisory/"
}
],
"sourceIdentifier": "VulnerabilityReporting@secomea.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-923"
}
],
"source": "VulnerabilityReporting@secomea.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-923"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-38124
Vulnerability from fkie_nvd - Published: 2022-12-13 14:15 - Updated: 2024-11-21 07:15
Severity ?
5.7 (Medium) - CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Summary
Debug tool in Secomea SiteManager allows logged-in administrator to modify system state in an unintended manner.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:secomea:sitemanager_1129_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBB646D2-225E-4579-A38C-12C86578C4FA",
"versionEndExcluding": "10.0.622425017",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:secomea:sitemanager_1129:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29BFC1D6-82B6-4E20-BBFB-63F33373D78B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:secomea:sitemanager_3329_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B8524A9-3DFE-4631-AAB1-32562F36F275",
"versionEndExcluding": "10.0.622425017",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:secomea:sitemanager_3329:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6ABE08F2-C6D0-4CA3-99F4-0654653E7BF3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:secomea:sitemanager_1529_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DEEE2505-C9E9-4820-95A1-97F1C11EEBEA",
"versionEndExcluding": "10.0.622425017",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:secomea:sitemanager_1529:-:*:*:*:*:*:*:*",
"matchCriteriaId": "04157541-64E2-4D44-8101-8BC9972283D0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:secomea:sitemanager_3529_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5CDB6569-AC7C-485C-AE08-0AB327B0FB9D",
"versionEndExcluding": "10.0.622425017",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:secomea:sitemanager_3529:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C5F7D37-729C-4969-9661-C933C9F16980",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:secomea:sitemanager_1139_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E5E5520-93F0-4A55-B0E2-2EB24551F8C0",
"versionEndExcluding": "10.0.622425017",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:secomea:sitemanager_1139:-:*:*:*:*:*:*:*",
"matchCriteriaId": "856E0FE1-D1FD-47A3-8DE0-A12F6FBD60E8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:secomea:sitemanager_3339_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "986022D5-B335-4E74-AEF5-A8147FDB31B0",
"versionEndExcluding": "10.0.622425017",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:secomea:sitemanager_3339:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF64F7DA-FD12-4231-B792-EF8F79B587CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:secomea:sitemanager_1539_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4935E34D-7B75-4362-81BF-1BC455D23BEC",
"versionEndExcluding": "10.0.622425017",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:secomea:sitemanager_1539:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5848F390-7F56-44ED-9267-38CA1971DE01",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:secomea:sitemanager_3539_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5EEE5350-A868-480E-9751-7446F985B963",
"versionEndExcluding": "10.0.622425017",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:secomea:sitemanager_3539:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D26BFEA-056C-4760-8D10-A0DF3677DAD1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:secomea:sitemanager_1149_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50125628-E81B-4A56-9794-BDD9BDB6CDBD",
"versionEndExcluding": "10.0.622425017",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:secomea:sitemanager_1149:-:*:*:*:*:*:*:*",
"matchCriteriaId": "060DA5EF-B6FE-4E02-B0A5-EAAF5CF5AC35",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:secomea:sitemanager_3349_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1DBA6309-D9AE-49CB-9FFD-7C4FBFA333AA",
"versionEndExcluding": "10.0.622425017",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:secomea:sitemanager_3349:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C7D7926-A5F5-46A1-A6B7-3C99130FA609",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:secomea:sitemanager_1549_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6772A0C6-E11E-4157-BE84-01A00CA90487",
"versionEndExcluding": "10.0.622425017",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:secomea:sitemanager_1549:-:*:*:*:*:*:*:*",
"matchCriteriaId": "402344EC-DDE3-452B-BDD7-63E1DE7EB030",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:secomea:sitemanager_3549_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F26498CC-1921-4A7C-B0E0-626D2681F890",
"versionEndExcluding": "10.0.622425017",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:secomea:sitemanager_3549:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A05A3825-9C8E-43EF-A2DC-F0B06694CCCD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Debug tool in Secomea SiteManager allows logged-in administrator to modify system state in an unintended manner."
},
{
"lang": "es",
"value": "La herramienta de depuraci\u00f3n en Secomea SiteManager permite al administrador conectado modificar el estado del sistema de manera no deseada."
}
],
"id": "CVE-2022-38124",
"lastModified": "2024-11-21T07:15:50.557",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 5.2,
"source": "VulnerabilityReporting@secomea.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-13T14:15:09.947",
"references": [
{
"source": "VulnerabilityReporting@secomea.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.secomea.com/support/cybersecurity-advisory/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.secomea.com/support/cybersecurity-advisory/"
}
],
"sourceIdentifier": "VulnerabilityReporting@secomea.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-267"
}
],
"source": "VulnerabilityReporting@secomea.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2022-38125 (GCVE-0-2022-38125)
Vulnerability from cvelistv5 – Published: 2023-04-19 11:58 – Updated: 2025-02-05 15:00
VLAI?
Title
FTP Agent forwards traffic on inactive ports to LinkManager
Summary
Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Secomea SiteManager (FTP Agent modules) allows Exploiting Trust in Client.
Severity ?
CWE
- CWE-923 - Improper Restriction of Communication Channel to Intended Endpoints
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Secomea | SiteManager |
Affected:
5.0 , ≤ 10.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:45:52.834Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.secomea.com/support/cybersecurity-advisory/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-38125",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T14:59:41.569876Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-923",
"description": "CWE-923 Improper Restriction of Communication Channel to Intended Endpoints",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T15:00:42.143Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"FTP Agent"
],
"product": "SiteManager",
"vendor": "Secomea",
"versions": [
{
"lessThanOrEqual": "10.0",
"status": "affected",
"version": "5.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-04-19T11:58:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Secomea SiteManager (FTP Agent modules) allows Exploiting Trust in Client."
}
],
"value": "Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Secomea SiteManager (FTP Agent modules) allows Exploiting Trust in Client."
}
],
"impacts": [
{
"capecId": "CAPEC-22",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-22 Exploiting Trust in Client"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-923",
"description": "CWE-923 Improper Restriction of Communication Channel to Intended Endpoints",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-19T11:58:14.508Z",
"orgId": "f2815942-3388-4c08-ba09-6c15850fda90",
"shortName": "Secomea"
},
"references": [
{
"url": "https://www.secomea.com/support/cybersecurity-advisory/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "FTP Agent forwards traffic on inactive ports to LinkManager",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f2815942-3388-4c08-ba09-6c15850fda90",
"assignerShortName": "Secomea",
"cveId": "CVE-2022-38125",
"datePublished": "2023-04-19T11:58:14.508Z",
"dateReserved": "2022-08-10T09:46:05.634Z",
"dateUpdated": "2025-02-05T15:00:42.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38124 (GCVE-0-2022-38124)
Vulnerability from cvelistv5 – Published: 2022-12-13 13:06 – Updated: 2025-04-18 15:28
VLAI?
Title
Unwanted debug tool
Summary
Debug tool in Secomea SiteManager allows logged-in administrator to modify system state in an unintended manner.
Severity ?
5.7 (Medium)
CWE
- CWE-267 - Privilege Defined With Unsafe Actions
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Secomea | SiteManager |
Affected:
0 , ≤ 10.0.622425017
("custom")
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:45:52.627Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.secomea.com/support/cybersecurity-advisory/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-38124",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-18T15:28:06.181233Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-18T15:28:20.215Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SiteManager",
"vendor": "Secomea",
"versions": [
{
"lessThanOrEqual": "10.0.622425017",
"status": "affected",
"version": "0",
"versionType": "\"custom\""
}
]
}
],
"datePublic": "2022-12-12T23:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Debug tool in Secomea SiteManager allows logged-in administrator to modify system state in an unintended manner."
}
],
"value": "Debug tool in Secomea SiteManager allows logged-in administrator to modify system state in an unintended manner."
}
],
"impacts": [
{
"capecId": "CAPEC-121",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-121 Exploit Test APIs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-267",
"description": "CWE-267 Privilege Defined With Unsafe Actions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T13:06:17.021Z",
"orgId": "f2815942-3388-4c08-ba09-6c15850fda90",
"shortName": "Secomea"
},
"references": [
{
"url": "https://www.secomea.com/support/cybersecurity-advisory/"
}
],
"source": {
"defect": [
"RD-6294"
],
"discovery": "EXTERNAL"
},
"title": "Unwanted debug tool",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f2815942-3388-4c08-ba09-6c15850fda90",
"assignerShortName": "Secomea",
"cveId": "CVE-2022-38124",
"datePublished": "2022-12-13T13:06:17.021Z",
"dateReserved": "2022-08-10T09:46:05.634Z",
"dateUpdated": "2025-04-18T15:28:20.215Z",
"requesterUserId": "44bd1e71-3702-434c-b36b-c1ac3bb0bab6",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38125 (GCVE-0-2022-38125)
Vulnerability from nvd – Published: 2023-04-19 11:58 – Updated: 2025-02-05 15:00
VLAI?
Title
FTP Agent forwards traffic on inactive ports to LinkManager
Summary
Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Secomea SiteManager (FTP Agent modules) allows Exploiting Trust in Client.
Severity ?
CWE
- CWE-923 - Improper Restriction of Communication Channel to Intended Endpoints
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Secomea | SiteManager |
Affected:
5.0 , ≤ 10.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:45:52.834Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.secomea.com/support/cybersecurity-advisory/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-38125",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T14:59:41.569876Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-923",
"description": "CWE-923 Improper Restriction of Communication Channel to Intended Endpoints",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T15:00:42.143Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"FTP Agent"
],
"product": "SiteManager",
"vendor": "Secomea",
"versions": [
{
"lessThanOrEqual": "10.0",
"status": "affected",
"version": "5.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-04-19T11:58:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Secomea SiteManager (FTP Agent modules) allows Exploiting Trust in Client."
}
],
"value": "Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Secomea SiteManager (FTP Agent modules) allows Exploiting Trust in Client."
}
],
"impacts": [
{
"capecId": "CAPEC-22",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-22 Exploiting Trust in Client"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-923",
"description": "CWE-923 Improper Restriction of Communication Channel to Intended Endpoints",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-19T11:58:14.508Z",
"orgId": "f2815942-3388-4c08-ba09-6c15850fda90",
"shortName": "Secomea"
},
"references": [
{
"url": "https://www.secomea.com/support/cybersecurity-advisory/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "FTP Agent forwards traffic on inactive ports to LinkManager",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f2815942-3388-4c08-ba09-6c15850fda90",
"assignerShortName": "Secomea",
"cveId": "CVE-2022-38125",
"datePublished": "2023-04-19T11:58:14.508Z",
"dateReserved": "2022-08-10T09:46:05.634Z",
"dateUpdated": "2025-02-05T15:00:42.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38124 (GCVE-0-2022-38124)
Vulnerability from nvd – Published: 2022-12-13 13:06 – Updated: 2025-04-18 15:28
VLAI?
Title
Unwanted debug tool
Summary
Debug tool in Secomea SiteManager allows logged-in administrator to modify system state in an unintended manner.
Severity ?
5.7 (Medium)
CWE
- CWE-267 - Privilege Defined With Unsafe Actions
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Secomea | SiteManager |
Affected:
0 , ≤ 10.0.622425017
("custom")
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:45:52.627Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.secomea.com/support/cybersecurity-advisory/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-38124",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-18T15:28:06.181233Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-18T15:28:20.215Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SiteManager",
"vendor": "Secomea",
"versions": [
{
"lessThanOrEqual": "10.0.622425017",
"status": "affected",
"version": "0",
"versionType": "\"custom\""
}
]
}
],
"datePublic": "2022-12-12T23:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Debug tool in Secomea SiteManager allows logged-in administrator to modify system state in an unintended manner."
}
],
"value": "Debug tool in Secomea SiteManager allows logged-in administrator to modify system state in an unintended manner."
}
],
"impacts": [
{
"capecId": "CAPEC-121",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-121 Exploit Test APIs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-267",
"description": "CWE-267 Privilege Defined With Unsafe Actions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T13:06:17.021Z",
"orgId": "f2815942-3388-4c08-ba09-6c15850fda90",
"shortName": "Secomea"
},
"references": [
{
"url": "https://www.secomea.com/support/cybersecurity-advisory/"
}
],
"source": {
"defect": [
"RD-6294"
],
"discovery": "EXTERNAL"
},
"title": "Unwanted debug tool",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f2815942-3388-4c08-ba09-6c15850fda90",
"assignerShortName": "Secomea",
"cveId": "CVE-2022-38124",
"datePublished": "2022-12-13T13:06:17.021Z",
"dateReserved": "2022-08-10T09:46:05.634Z",
"dateUpdated": "2025-04-18T15:28:20.215Z",
"requesterUserId": "44bd1e71-3702-434c-b36b-c1ac3bb0bab6",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}