CVE-2022-38124
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Exploitability: 1.2 / Impact: 5.2
Source: NVD
Description
Debug tool in Secomea SiteManager allows logged-in administrator to modify system state in an unintended manner.
Affected (12)
Products: Secomea: Sitemanager 1129 Firmware, Sitemanager 3329 Firmware, Sitemanager 1529 Firmware, Sitemanager 3529 Firmware, Sitemanager 1139 Firmware, Sitemanager 3339 Firmware, Sitemanager 1539 Firmware, Sitemanager 3539 Firmware, Sitemanager 1149 Firmware, Sitemanager 3349 Firmware, Sitemanager 1549 Firmware, Sitemanager 3549 Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.0.622425017 |
| Running on/with | Platform Versions |
|---|---|
Secomea Sitemanager 1129 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.0.622425017 |
| Running on/with | Platform Versions |
|---|---|
Secomea Sitemanager 3329 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.0.622425017 |
| Running on/with | Platform Versions |
|---|---|
Secomea Sitemanager 1529 | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.0.622425017 |
| Running on/with | Platform Versions |
|---|---|
Secomea Sitemanager 3529 | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.0.622425017 |
| Running on/with | Platform Versions |
|---|---|
Secomea Sitemanager 1139 | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.0.622425017 |
| Running on/with | Platform Versions |
|---|---|
Secomea Sitemanager 3339 | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.0.622425017 |
| Running on/with | Platform Versions |
|---|---|
Secomea Sitemanager 1539 | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.0.622425017 |
| Running on/with | Platform Versions |
|---|---|
Secomea Sitemanager 3539 | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.0.622425017 |
| Running on/with | Platform Versions |
|---|---|
Secomea Sitemanager 1149 | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.0.622425017 |
| Running on/with | Platform Versions |
|---|---|
Secomea Sitemanager 3349 | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.0.622425017 |
| Running on/with | Platform Versions |
|---|---|
Secomea Sitemanager 1549 | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.0.622425017 |
| Running on/with | Platform Versions |
|---|---|
Secomea Sitemanager 3549 | All versions |
Related CWEs
CWE-267
Privilege Defined With Unsafe Actions
A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity.
CWE-269
Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
References (2)
Source: VulnerabilityReporting@secomea.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.