CVE-2022-1666
published 2022-06-24CVE-2022-1666: The default password for the web application’s root user (the vendor’s private account) was weak and the MD5 hash was used to crack the password using a widely…
PriorityP338medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
0.72%
49.4th percentile
The default password for the web application’s root user (the vendor’s private account) was weak and the MD5 hash was used to crack the password using a widely available open-source tool.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| secheron | sepcos_control_and_protection_relay_firmware | >= 1.23.0 < 1.23.21 | 1.23.21 |
| secheron | sepcos_control_and_protection_relay_firmware | >= 1.24.0 < 1.24.8 | 1.24.8 |
| secheron | sepcos_control_and_protection_relay_firmware | >= 1.25.0 < 1.25.3 | 1.25.3 |
| secheron | sepcos_control_and_protection_relay_firmware_package | >= All versions < 1.23.21 | 1.23.21 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3v6j-9mf5-wv3f: The default password for the web application’s root user (the vendor’s private account) was weak and the MD5 hash was used to crack the password using
ghsa_unreviewed·2022-06-25
CVE-2022-1666 [MEDIUM] CWE-522 GHSA-3v6j-9mf5-wv3f: The default password for the web application’s root user (the vendor’s private account) was weak and the MD5 hash was used to crack the password using
The default password for the web application’s root user (the vendor’s private account) was weak and the MD5 hash was used to crack the password using a widely available open-source tool.
CISA ICS
Secheron SEPCOS Control and Protection Relay
cisa_ics·2022-06-23
Secheron SEPCOS Control and Protection Relay
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Secheron SEPCOS Control and Protection Relay
Last RevisedJune 23, 2022
Alert CodeICSA-22-174-03
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.9
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Secheron
- Equipment: SEPCOS Control and Protection Relay
- Vulnerabilities: Improper Enforcement of Behavioral Workflow, Lack of Administrator Control over Security, Improper Privilege Management, Insufficiently Protected Credentials, Improper Access Control
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to obtain full, root acc
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-06-24
Published