secom 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
過去の問題は主に vendor risk sql injection and パス処理の欠陥 などに関し、一部は vendor impact data exposure を招き、vendor surface software deployment and vendor surface production workloads 関連の場面に影響します。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2024-7732 | Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents. | [email protected] | 9.8 | 0.94% | 2024-08-14 | 2026-06-17 |
| CVE-2024-7731 | Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents. | [email protected] | 9.8 | 0.83% | 2024-08-14 | 2026-06-17 |
| CVE-2022-26671 | Taiwan Secom Dr.ID Access Control system’s login page has a hard-coded credential in the source code. An unauthenticated remote attacker can use the hard-coded credential to acquire partial system information and modify system setting to cause partial disrupt of service. | [email protected] | 7.3 | 0.91% | 2022-04-07 | 2026-06-17 |
| CVE-2021-35962 | Specific page parameters in Dr. ID Door Access Control and Personnel Attendance Management system does not filter special characters. Remote attackers can apply Path Traversal means to download credential files from the system without permission. | [email protected] | 7.5 | 1.78% | 2021-07-16 | 2026-06-17 |
| CVE-2021-35961 | Dr. ID Door Access Control and Personnel Attendance Management system uses the hard-code admin default credentials that allows remote attackers to access the system through the default password and obtain the highest permission. | [email protected] | 9.8 | 2.19% | 2021-07-16 | 2026-06-17 |
| CVE-2020-3935 | TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, stores users’ information by cleartext in the cookie, which divulges password to attackers. | [email protected] | 7.5 | 0.93% | 2020-02-11 | 2026-06-17 |
| CVE-2020-3934 | TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, contains a vulnerability of Pre-auth SQL Injection, allowing attackers to inject a specific SQL command. | [email protected] | 9.8 | 1.39% | 2020-02-11 | 2026-06-17 |
| CVE-2020-3933 | TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, allows attackers to enumerate and exam user account in the system. | [email protected] | 5.3 | 1.24% | 2020-02-11 | 2026-06-17 |