sielco CVE 脆弱性と CVE 一覧(11)

製品(CPE): — CVE 件数: 11

sielco 脆弱性概要

sielco 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。

過去の問題は主に vendor risk csrf などに関し、一部は vendor impact information disclosure を招き、vendor surface software deployment and vendor surface production workloads 関連の場面に影響します。

掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。

脆弱性分布の推移(直近24か月)

表示中 111 / 11 CVE 件数
«« 先頭 « 前へ 1 / 1 次へ »
CVE 概要 ソース CVSS 最大値 EPSS(%) 公開 更新
CVE-2023-46665 Sielco PolyEco1000 is vulnerable to an authentication bypass vulnerability due to an attacker modifying passwords in a POST request and gain unauthorized access to the affected device with administrative privileges. [email protected] 9.8 0.65% 2023-10-26 2026-06-17
CVE-2023-46664 Sielco PolyEco1000 is vulnerable to an improper access control vulnerability when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources behind protected pages. [email protected] 7.5 0.50% 2023-10-26 2026-06-17
CVE-2023-46663 Sielco PolyEco1000 is vulnerable to an attacker bypassing authorization and accessing resources behind protected pages. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. [email protected] 7.5 0.44% 2023-10-26 2026-06-17
CVE-2023-5754 Sielco PolyEco1000 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system. [email protected] 9.1 0.49% 2023-10-26 2026-06-17
CVE-2023-46662 Sielco PolyEco1000 is vulnerable to an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this via a specially crafted request to gain access to sensitive information. [email protected] 7.5 0.58% 2023-10-26 2026-06-17
CVE-2023-46661 Sielco PolyEco1000 is vulnerable to an attacker escalating their privileges by modifying passwords in POST requests. [email protected] 9.8 0.54% 2023-10-26 2026-06-17
CVE-2023-0897 Sielco PolyEco1000 is vulnerable to a session hijack vulnerability due to the cookie being vulnerable to a brute force attack, lack of SSL, and the session being visible in requests. [email protected] 8.8 0.47% 2023-10-26 2026-06-17
CVE-2023-45317 The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. [email protected] 8.8 0.24% 2023-10-26 2026-06-17
CVE-2023-45228 The application suffers from improper access control when editing users. A user with read permissions can manipulate users, passwords, and permissions by sending a single HTTP POST request with modified parameters. [email protected] 6.5 0.36% 2023-10-26 2026-06-17
CVE-2023-42769 The cookie session ID is of insufficient length and can be exploited by brute force, which may allow a remote attacker to obtain a valid session, bypass authentication, and manipulate the transmitter. [email protected] 9.8 0.79% 2023-10-26 2026-06-17
CVE-2023-41966 The application suffers from a privilege escalation vulnerability. A user with read permissions can elevate privileges by sending a HTTP POST to set a parameter. [email protected] 6.5 0.60% 2023-10-26 2026-06-17
«« 先頭 « 前へ 1 / 1 次へ »
cvelogic Threat Intelligence