Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

sitemanager

Source -

NVD

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

5
Related CVEsRelated VendorsRelated AssignersReports
5Vulnerabilities found
CVE-2021-32003
Assigner-Secomea A/S
ShareView Details
Assigner-Secomea A/S
CVSS Score-8||HIGH
EPSS-0.04% / 11.79%
||
7 Day CHG~0.00%
Published-05 Aug, 2021 | 20:33
Updated-03 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Configuration service port remains open 10 minutes after reboot even when already provisioned

Unprotected Transport of Credentials vulnerability in SiteManager provisioning service allows local attacker to capture credentials if the service is used after provisioning. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware.

Action-Not Available
Vendor-Secomea A/S
Product-sitemanager_firmwaresitemanagerSiteManager
CWE ID-CWE-523
Unprotected Transport of Credentials
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-32002
Assigner-Secomea A/S
ShareView Details
Assigner-Secomea A/S
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 11.52%
||
7 Day CHG~0.00%
Published-05 Aug, 2021 | 20:33
Updated-03 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SiteManager troubleshooter allows access without authentication from local network

Improper Access Control vulnerability in web service of Secomea SiteManager allows local attacker without credentials to gather network information and configuration of the SiteManager. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware.

Action-Not Available
Vendor-Secomea A/S
Product-sitemanager_firmwaresitemanagerSiteManager
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-284
Improper Access Control
CVE-2020-29020
Assigner-Secomea A/S
ShareView Details
Assigner-Secomea A/S
CVSS Score-9.1||CRITICAL
EPSS-0.66% / 70.31%
||
7 Day CHG~0.00%
Published-05 Mar, 2021 | 19:12
Updated-16 Sep, 2024 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reject Remote Management via Cellular UPLINK2

Improper Access Control vulnerability in web service of Secomea SiteManager allows remote attacker to access the web UI from the internet using the configured credentials. This issue affects: Secomea SiteManager All versions prior to 9.4.620527004 on Hardware.

Action-Not Available
Vendor-Secomea A/S
Product-sitemanager_firmwaresitemanagerSiteManager
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-863
Incorrect Authorization
CVE-2020-11642
Assigner-Asea Brown Boveri Ltd. (ABB)
ShareView Details
Assigner-Asea Brown Boveri Ltd. (ABB)
CVSS Score-7.7||HIGH
EPSS-0.31% / 53.43%
||
7 Day CHG~0.00%
Published-15 Oct, 2020 | 14:58
Updated-17 Sep, 2024 | 01:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SiteManager Denial of Service via Local File Inclusion Vulnerability

The local file inclusion vulnerability present in B&R SiteManager versions <9.2.620236042 allows authenticated users to impact availability of SiteManager instances.

Action-Not Available
Vendor-B&R Industrial Automation GmbH
Product-sitemanagerSiteManager
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2020-11641
Assigner-Asea Brown Boveri Ltd. (ABB)
ShareView Details
Assigner-Asea Brown Boveri Ltd. (ABB)
CVSS Score-7.7||HIGH
EPSS-0.22% / 45.04%
||
7 Day CHG~0.00%
Published-15 Oct, 2020 | 14:58
Updated-17 Sep, 2024 | 04:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SiteManager Local File Inclusion Vulnerability

A local file inclusion vulnerability in B&R SiteManager versions <9.2.620236042 allows authenticated users to read sensitive files from SiteManager instances.

Action-Not Available
Vendor-B&R Industrial Automation GmbH
Product-sitemanagerSiteManager
CWE ID-CWE-552
Files or Directories Accessible to External Parties