Search criteria
6 vulnerabilities found for sitemanager_1549_firmware by secomea
FKIE_CVE-2022-38125
Vulnerability from fkie_nvd - Published: 2023-04-19 12:15 - Updated: 2025-02-05 15:15
Severity ?
2.9 (Low) - CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Secomea SiteManager (FTP Agent modules) allows Exploiting Trust in Client.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:secomea:sitemanager_3549_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17034D9B-EEC0-47C4-B262-C8699DCF31CE",
"versionEndExcluding": "10.0.622465022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:secomea:sitemanager_3549:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A05A3825-9C8E-43EF-A2DC-F0B06694CCCD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:secomea:sitemanager_3539_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5483EDAF-69C3-4E09-9F12-B9E2775CB4D5",
"versionEndExcluding": "10.0.622465022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:secomea:sitemanager_3539:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D26BFEA-056C-4760-8D10-A0DF3677DAD1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:secomea:sitemanager_3529_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "36890A42-2A12-4637-8593-1D0DE0402B41",
"versionEndExcluding": "10.0.622465022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:secomea:sitemanager_3529:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C5F7D37-729C-4969-9661-C933C9F16980",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:secomea:sitemanager_3349_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66D8982B-1087-4C69-8773-998509A9C58C",
"versionEndExcluding": "10.0.622465022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:secomea:sitemanager_3349:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C7D7926-A5F5-46A1-A6B7-3C99130FA609",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:secomea:sitemanager_3339_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E54B3F5-30F2-4360-BBD9-4A21AEB78151",
"versionEndExcluding": "10.0.622465022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:secomea:sitemanager_3339:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF64F7DA-FD12-4231-B792-EF8F79B587CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:secomea:sitemanager_3329_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DD2DF889-5E8C-4183-AFC8-098355C3704E",
"versionEndExcluding": "10.0.622465022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:secomea:sitemanager_3329:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6ABE08F2-C6D0-4CA3-99F4-0654653E7BF3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:secomea:sitemanager_1549_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE4EFF13-B933-40F8-957D-5AA71AF0CC95",
"versionEndExcluding": "10.0.622465022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:secomea:sitemanager_1549:-:*:*:*:*:*:*:*",
"matchCriteriaId": "402344EC-DDE3-452B-BDD7-63E1DE7EB030",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:secomea:sitemanager_1539_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "854722A1-8028-4819-BF3E-645875E372B2",
"versionEndExcluding": "10.0.622465022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:secomea:sitemanager_1539:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5848F390-7F56-44ED-9267-38CA1971DE01",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:secomea:sitemanager_1529_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5126CFB4-1AA2-4663-9AB1-EBC101DC9F1C",
"versionEndExcluding": "10.0.622465022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:secomea:sitemanager_1529:-:*:*:*:*:*:*:*",
"matchCriteriaId": "04157541-64E2-4D44-8101-8BC9972283D0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:secomea:sitemanager_1149_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9586E608-B8C6-4531-AA5C-4CEE23290607",
"versionEndExcluding": "10.0.622465022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:secomea:sitemanager_1149:-:*:*:*:*:*:*:*",
"matchCriteriaId": "060DA5EF-B6FE-4E02-B0A5-EAAF5CF5AC35",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:secomea:sitemanager_1139_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5E7AA2FA-06B5-433A-BE7C-7E3B28838333",
"versionEndExcluding": "10.0.622465022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:secomea:sitemanager_1139:-:*:*:*:*:*:*:*",
"matchCriteriaId": "856E0FE1-D1FD-47A3-8DE0-A12F6FBD60E8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:secomea:sitemanager_1129_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "540F8642-361E-461D-A082-CAB4500BA25B",
"versionEndExcluding": "10.0.622465022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:secomea:sitemanager_1129:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29BFC1D6-82B6-4E20-BBFB-63F33373D78B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Secomea SiteManager (FTP Agent modules) allows Exploiting Trust in Client."
}
],
"id": "CVE-2022-38125",
"lastModified": "2025-02-05T15:15:15.660",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4,
"source": "VulnerabilityReporting@secomea.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-04-19T12:15:07.610",
"references": [
{
"source": "VulnerabilityReporting@secomea.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.secomea.com/support/cybersecurity-advisory/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.secomea.com/support/cybersecurity-advisory/"
}
],
"sourceIdentifier": "VulnerabilityReporting@secomea.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-923"
}
],
"source": "VulnerabilityReporting@secomea.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-923"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-38124
Vulnerability from fkie_nvd - Published: 2022-12-13 14:15 - Updated: 2024-11-21 07:15
Severity ?
5.7 (Medium) - CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Summary
Debug tool in Secomea SiteManager allows logged-in administrator to modify system state in an unintended manner.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:secomea:sitemanager_1129_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBB646D2-225E-4579-A38C-12C86578C4FA",
"versionEndExcluding": "10.0.622425017",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:secomea:sitemanager_1129:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29BFC1D6-82B6-4E20-BBFB-63F33373D78B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:secomea:sitemanager_3329_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B8524A9-3DFE-4631-AAB1-32562F36F275",
"versionEndExcluding": "10.0.622425017",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:secomea:sitemanager_3329:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6ABE08F2-C6D0-4CA3-99F4-0654653E7BF3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:secomea:sitemanager_1529_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DEEE2505-C9E9-4820-95A1-97F1C11EEBEA",
"versionEndExcluding": "10.0.622425017",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:secomea:sitemanager_1529:-:*:*:*:*:*:*:*",
"matchCriteriaId": "04157541-64E2-4D44-8101-8BC9972283D0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:secomea:sitemanager_3529_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5CDB6569-AC7C-485C-AE08-0AB327B0FB9D",
"versionEndExcluding": "10.0.622425017",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:secomea:sitemanager_3529:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C5F7D37-729C-4969-9661-C933C9F16980",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:secomea:sitemanager_1139_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E5E5520-93F0-4A55-B0E2-2EB24551F8C0",
"versionEndExcluding": "10.0.622425017",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:secomea:sitemanager_1139:-:*:*:*:*:*:*:*",
"matchCriteriaId": "856E0FE1-D1FD-47A3-8DE0-A12F6FBD60E8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:secomea:sitemanager_3339_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "986022D5-B335-4E74-AEF5-A8147FDB31B0",
"versionEndExcluding": "10.0.622425017",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:secomea:sitemanager_3339:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF64F7DA-FD12-4231-B792-EF8F79B587CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:secomea:sitemanager_1539_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4935E34D-7B75-4362-81BF-1BC455D23BEC",
"versionEndExcluding": "10.0.622425017",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:secomea:sitemanager_1539:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5848F390-7F56-44ED-9267-38CA1971DE01",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:secomea:sitemanager_3539_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5EEE5350-A868-480E-9751-7446F985B963",
"versionEndExcluding": "10.0.622425017",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:secomea:sitemanager_3539:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D26BFEA-056C-4760-8D10-A0DF3677DAD1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:secomea:sitemanager_1149_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50125628-E81B-4A56-9794-BDD9BDB6CDBD",
"versionEndExcluding": "10.0.622425017",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:secomea:sitemanager_1149:-:*:*:*:*:*:*:*",
"matchCriteriaId": "060DA5EF-B6FE-4E02-B0A5-EAAF5CF5AC35",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:secomea:sitemanager_3349_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1DBA6309-D9AE-49CB-9FFD-7C4FBFA333AA",
"versionEndExcluding": "10.0.622425017",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:secomea:sitemanager_3349:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C7D7926-A5F5-46A1-A6B7-3C99130FA609",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:secomea:sitemanager_1549_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6772A0C6-E11E-4157-BE84-01A00CA90487",
"versionEndExcluding": "10.0.622425017",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:secomea:sitemanager_1549:-:*:*:*:*:*:*:*",
"matchCriteriaId": "402344EC-DDE3-452B-BDD7-63E1DE7EB030",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:secomea:sitemanager_3549_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F26498CC-1921-4A7C-B0E0-626D2681F890",
"versionEndExcluding": "10.0.622425017",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:secomea:sitemanager_3549:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A05A3825-9C8E-43EF-A2DC-F0B06694CCCD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Debug tool in Secomea SiteManager allows logged-in administrator to modify system state in an unintended manner."
},
{
"lang": "es",
"value": "La herramienta de depuraci\u00f3n en Secomea SiteManager permite al administrador conectado modificar el estado del sistema de manera no deseada."
}
],
"id": "CVE-2022-38124",
"lastModified": "2024-11-21T07:15:50.557",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 5.2,
"source": "VulnerabilityReporting@secomea.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-13T14:15:09.947",
"references": [
{
"source": "VulnerabilityReporting@secomea.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.secomea.com/support/cybersecurity-advisory/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.secomea.com/support/cybersecurity-advisory/"
}
],
"sourceIdentifier": "VulnerabilityReporting@secomea.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-267"
}
],
"source": "VulnerabilityReporting@secomea.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2022-38125 (GCVE-0-2022-38125)
Vulnerability from cvelistv5 – Published: 2023-04-19 11:58 – Updated: 2025-02-05 15:00
VLAI?
Summary
Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Secomea SiteManager (FTP Agent modules) allows Exploiting Trust in Client.
Severity ?
CWE
- CWE-923 - Improper Restriction of Communication Channel to Intended Endpoints
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Secomea | SiteManager |
Affected:
5.0 , ≤ 10.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:45:52.834Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.secomea.com/support/cybersecurity-advisory/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-38125",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T14:59:41.569876Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-923",
"description": "CWE-923 Improper Restriction of Communication Channel to Intended Endpoints",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T15:00:42.143Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"FTP Agent"
],
"product": "SiteManager",
"vendor": "Secomea",
"versions": [
{
"lessThanOrEqual": "10.0",
"status": "affected",
"version": "5.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-04-19T11:58:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Secomea SiteManager (FTP Agent modules) allows Exploiting Trust in Client."
}
],
"value": "Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Secomea SiteManager (FTP Agent modules) allows Exploiting Trust in Client."
}
],
"impacts": [
{
"capecId": "CAPEC-22",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-22 Exploiting Trust in Client"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-923",
"description": "CWE-923 Improper Restriction of Communication Channel to Intended Endpoints",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-19T11:58:14.508Z",
"orgId": "f2815942-3388-4c08-ba09-6c15850fda90",
"shortName": "Secomea"
},
"references": [
{
"url": "https://www.secomea.com/support/cybersecurity-advisory/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "FTP Agent forwards traffic on inactive ports to LinkManager",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f2815942-3388-4c08-ba09-6c15850fda90",
"assignerShortName": "Secomea",
"cveId": "CVE-2022-38125",
"datePublished": "2023-04-19T11:58:14.508Z",
"dateReserved": "2022-08-10T09:46:05.634Z",
"dateUpdated": "2025-02-05T15:00:42.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38124 (GCVE-0-2022-38124)
Vulnerability from cvelistv5 – Published: 2022-12-13 13:06 – Updated: 2025-04-18 15:28
VLAI?
Summary
Debug tool in Secomea SiteManager allows logged-in administrator to modify system state in an unintended manner.
Severity ?
5.7 (Medium)
CWE
- CWE-267 - Privilege Defined With Unsafe Actions
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Secomea | SiteManager |
Affected:
0 , ≤ 10.0.622425017
("custom")
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:45:52.627Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.secomea.com/support/cybersecurity-advisory/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-38124",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-18T15:28:06.181233Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-18T15:28:20.215Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SiteManager",
"vendor": "Secomea",
"versions": [
{
"lessThanOrEqual": "10.0.622425017",
"status": "affected",
"version": "0",
"versionType": "\"custom\""
}
]
}
],
"datePublic": "2022-12-12T23:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Debug tool in Secomea SiteManager allows logged-in administrator to modify system state in an unintended manner."
}
],
"value": "Debug tool in Secomea SiteManager allows logged-in administrator to modify system state in an unintended manner."
}
],
"impacts": [
{
"capecId": "CAPEC-121",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-121 Exploit Test APIs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-267",
"description": "CWE-267 Privilege Defined With Unsafe Actions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T13:06:17.021Z",
"orgId": "f2815942-3388-4c08-ba09-6c15850fda90",
"shortName": "Secomea"
},
"references": [
{
"url": "https://www.secomea.com/support/cybersecurity-advisory/"
}
],
"source": {
"defect": [
"RD-6294"
],
"discovery": "EXTERNAL"
},
"title": "Unwanted debug tool",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f2815942-3388-4c08-ba09-6c15850fda90",
"assignerShortName": "Secomea",
"cveId": "CVE-2022-38124",
"datePublished": "2022-12-13T13:06:17.021Z",
"dateReserved": "2022-08-10T09:46:05.634Z",
"dateUpdated": "2025-04-18T15:28:20.215Z",
"requesterUserId": "44bd1e71-3702-434c-b36b-c1ac3bb0bab6",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38125 (GCVE-0-2022-38125)
Vulnerability from nvd – Published: 2023-04-19 11:58 – Updated: 2025-02-05 15:00
VLAI?
Summary
Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Secomea SiteManager (FTP Agent modules) allows Exploiting Trust in Client.
Severity ?
CWE
- CWE-923 - Improper Restriction of Communication Channel to Intended Endpoints
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Secomea | SiteManager |
Affected:
5.0 , ≤ 10.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:45:52.834Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.secomea.com/support/cybersecurity-advisory/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-38125",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T14:59:41.569876Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-923",
"description": "CWE-923 Improper Restriction of Communication Channel to Intended Endpoints",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T15:00:42.143Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"FTP Agent"
],
"product": "SiteManager",
"vendor": "Secomea",
"versions": [
{
"lessThanOrEqual": "10.0",
"status": "affected",
"version": "5.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-04-19T11:58:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Secomea SiteManager (FTP Agent modules) allows Exploiting Trust in Client."
}
],
"value": "Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Secomea SiteManager (FTP Agent modules) allows Exploiting Trust in Client."
}
],
"impacts": [
{
"capecId": "CAPEC-22",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-22 Exploiting Trust in Client"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-923",
"description": "CWE-923 Improper Restriction of Communication Channel to Intended Endpoints",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-19T11:58:14.508Z",
"orgId": "f2815942-3388-4c08-ba09-6c15850fda90",
"shortName": "Secomea"
},
"references": [
{
"url": "https://www.secomea.com/support/cybersecurity-advisory/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "FTP Agent forwards traffic on inactive ports to LinkManager",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f2815942-3388-4c08-ba09-6c15850fda90",
"assignerShortName": "Secomea",
"cveId": "CVE-2022-38125",
"datePublished": "2023-04-19T11:58:14.508Z",
"dateReserved": "2022-08-10T09:46:05.634Z",
"dateUpdated": "2025-02-05T15:00:42.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38124 (GCVE-0-2022-38124)
Vulnerability from nvd – Published: 2022-12-13 13:06 – Updated: 2025-04-18 15:28
VLAI?
Summary
Debug tool in Secomea SiteManager allows logged-in administrator to modify system state in an unintended manner.
Severity ?
5.7 (Medium)
CWE
- CWE-267 - Privilege Defined With Unsafe Actions
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Secomea | SiteManager |
Affected:
0 , ≤ 10.0.622425017
("custom")
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:45:52.627Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.secomea.com/support/cybersecurity-advisory/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-38124",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-18T15:28:06.181233Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-18T15:28:20.215Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SiteManager",
"vendor": "Secomea",
"versions": [
{
"lessThanOrEqual": "10.0.622425017",
"status": "affected",
"version": "0",
"versionType": "\"custom\""
}
]
}
],
"datePublic": "2022-12-12T23:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Debug tool in Secomea SiteManager allows logged-in administrator to modify system state in an unintended manner."
}
],
"value": "Debug tool in Secomea SiteManager allows logged-in administrator to modify system state in an unintended manner."
}
],
"impacts": [
{
"capecId": "CAPEC-121",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-121 Exploit Test APIs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-267",
"description": "CWE-267 Privilege Defined With Unsafe Actions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T13:06:17.021Z",
"orgId": "f2815942-3388-4c08-ba09-6c15850fda90",
"shortName": "Secomea"
},
"references": [
{
"url": "https://www.secomea.com/support/cybersecurity-advisory/"
}
],
"source": {
"defect": [
"RD-6294"
],
"discovery": "EXTERNAL"
},
"title": "Unwanted debug tool",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f2815942-3388-4c08-ba09-6c15850fda90",
"assignerShortName": "Secomea",
"cveId": "CVE-2022-38124",
"datePublished": "2022-12-13T13:06:17.021Z",
"dateReserved": "2022-08-10T09:46:05.634Z",
"dateUpdated": "2025-04-18T15:28:20.215Z",
"requesterUserId": "44bd1e71-3702-434c-b36b-c1ac3bb0bab6",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}