cbcvebase.

Sielco Polyeco1000 vulnerabilities

7 known vulnerabilities affecting sielco/polyeco1000.

Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL5HIGH2

Vulnerabilities

Page 1 of 1
CVE-2023-46665P2CRITICALCVSS 9.8vCPU:2.0.6 FPGA:10.19vCPU:1.9.4 FPGA:10.19+4 more2023-10-26
CVE-2023-46665 [CRITICAL] CWE-284 CVE-2023-46665: Sielco PolyEco1000 is vulnerable to an authentication bypass vulnerability due to a Sielco PolyEco1000 is vulnerable to an authentication bypass vulnerability due to an attacker modifying passwords in a POST request and gain unauthorized access to the affected device with administrative privileges.
nvd
CVE-2023-5754P3CRITICALCVSS 9.8vCPU:2.0.6 FPGA:10.19vCPU:1.9.4 FPGA:10.19+4 more2023-10-26
CVE-2023-5754 [CRITICAL] CWE-307 CVE-2023-5754: Sielco PolyEco1000 uses a weak set of default administrative credentials that can be easily gue Sielco PolyEco1000 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system.
nvd
CVE-2023-46664P3CRITICALCVSS 9.1vCPU:2.0.6 FPGA:10.19vCPU:1.9.4 FPGA:10.19+4 more2023-10-26
CVE-2023-46664 [CRITICAL] CWE-284 CVE-2023-46664: Sielco PolyEco1000 is vulnerable to an improper access control vulnerability when the a Sielco PolyEco1000 is vulnerable to an improper access control vulnerability when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources behind protected pages.
nvd
CVE-2023-46661P3CRITICALCVSS 9.8vCPU:2.0.6 FPGA:10.19vCPU:1.9.4 FPGA:10.19+4 more2023-10-26
CVE-2023-46661 [CRITICAL] CWE-284 CVE-2023-46661: Sielco PolyEco1000 is vulnerable to an attacker escalating their privileges by modifying passwords Sielco PolyEco1000 is vulnerable to an attacker escalating their privileges by modifying passwords in POST requests.
nvd
CVE-2023-46663P3HIGHCVSS 8.1vCPU:2.0.6 FPGA:10.19vCPU:1.9.4 FPGA:10.19+4 more2023-10-26
CVE-2023-46663 [HIGH] CWE-284 CVE-2023-46663: Sielco PolyEco1000 is vulnerable to an attacker bypassing authorization and accessing resou Sielco PolyEco1000 is vulnerable to an attacker bypassing authorization and accessing resources behind protected pages. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests.
nvd
CVE-2023-46662P3HIGHCVSS 7.5vCPU:2.0.6 FPGA:10.19vCPU:1.9.4 FPGA:10.19+4 more2023-10-26
CVE-2023-46662 [HIGH] CWE-284 CVE-2023-46662: Sielco PolyEco1000 is vulnerable to an information disclosure vulnerability due to improper acc Sielco PolyEco1000 is vulnerable to an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this via a specially crafted request to gain access to sensitive information.
nvd
CVE-2023-0897P3CRITICALCVSS 9.8vCPU:2.0.6 FPGA:10.19vCPU:1.9.4 FPGA:10.19+4 more2023-10-26
CVE-2023-0897 [CRITICAL] CWE-384 CVE-2023-0897: Sielco PolyEco1000 is vulnerable to a session hijack vulnerability due to the cookie being vulnerab Sielco PolyEco1000 is vulnerable to a session hijack vulnerability due to the cookie being vulnerable to a brute force attack, lack of SSL, and the session being visible in requests.
nvd
Sielco Polyeco1000 vulnerabilities | cvebase