PT-2022-3478 · Secheron · Sepcos Control/Protection Relay Firmware Package+2

Anthony Candarini

Published

2022-05-10

Updated

2022-07-05

CVE-2022-1668

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions No specific software name or versions are mentioned in the provided descriptions.

Description The issue is related to weak default root user credentials, which allow remote attackers to easily obtain OS superuser privileges over the open TCP port for SSH. This can be exploited by attackers to gain elevated privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-521

Related Identifiers

BDU:2022-04257

CVE-2022-1668

Affected Products

Sepcos Control/Protection Relay Firmware Package

Sepcos Single Package

Sepcos Control/Protection Relay Firmware

PT-2022-3478 · Secheron · Sepcos Control/Protection Relay Firmware Package+2

CVE-2022-1668

Weakness Enumeration

Related Identifiers

Affected Products

References · 9