Balakrishna Subramoney

**Name of the Vulnerable Software and Affected Versions** SEPCOS Single Package versions (affected versions not specified) **Description** The issue is related to insecure privilege management in the SEPCOS Single Package software. It allows a remote attacker to elevate their privileges. The `www-data` account, used by the Apache web server, is configured to run `sudo` with no password for many commands, including `/bin/sh` and `/bin/bash`. **Recommendations** For SEPCOS Single Package, restrict the use of the `sudo` command for the `www-data` account to minimize the risk of exploitation. As a temporary workaround, consider disabling the ability of the `www-data` account to run commands like `/bin/sh` and `/bin/bash` until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Secheron SEPCOS Single Package relay control and protection software (affected versions not specified) **Description** The issue is related to the incorrect implementation of a sequence of actions in the software. This could allow a remote attacker to change user credentials and permissions without authentication. The attacker may also gain access to a "root" user level, which is meant only for the vendor, and modify safety-critical parameters through web server root level access. **Recommendations** As a temporary workaround, consider disabling remote access to the software until a patch is available. Restrict access to the web server root level to minimize the risk of exploitation. Avoid using the software for critical operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SEPCOS Single Package versions (affected versions not specified) **Description** The issue is related to inadequate access control, allowing an attacker with weak credentials to access sensitive files and write to remotely executable directories via an open FTP port. This could enable a remote attacker to read confidential files and write to directories that can be executed remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SEPCOS Single Package (affected versions not specified) **Description** The issue is related to the bypassing of controls that limit uploads to certain file extensions. This could allow an attacker to intercept and modify the initial file upload page response, enabling arbitrary file upload into locations where PHP scripts may be executed. The vulnerability may also be related to the incorrect implementation of the sequence of actions in the SEPCOS Single Package firmware upload handler, potentially allowing a remote attacker to upload arbitrary files. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software name or versions are mentioned in the provided descriptions. **Description** The issue is related to weak default root user credentials, which allow remote attackers to easily obtain OS superuser privileges over the open TCP port for SSH. This can be exploited by attackers to gain elevated privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Secheron SEPCOS Single Package relay control and protection software (affected versions not specified) **Description** The issue is related to the incorrect implementation of a sequence of actions in the software. It allows a remote attacker to reboot the device by running a JS function or loading a corresponding PHP script. This can be achieved by directly running a JS function to reboot the PLC, for example, from the browser console, or by loading the browser-accessible PHP script. **Recommendations** As a temporary workaround, consider disabling the JS function that allows rebooting the device until a patch is available. Restrict access to the PHP script that can reboot the device to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software name or versions are mentioned in the provided descriptions. **Description** The issue concerns a weak default password for a root user, specifically a vendor's private account, which uses an MD5 hash. This weakness can be exploited using a widely available open-source tool to crack the password. Additionally, there's a mention of insufficient protection of registration data in some software, potentially allowing a remote attacker to disclose protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.