CVE-2022-2102

Controls limiting uploads to certain file extensions may be bypassed. This could allow an attacker to intercept the initial file upload page response and modify the associated code. This modified code can be forwarded and used by a script loaded later in the sequence, allowing for arbitrary file upload into a location where PHP scripts may be executed.
References
Link Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-03 Mitigation Third Party Advisory US Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-03 Mitigation Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:secheron:sepcos_control_and_protection_relay_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:secheron:sepcos_control_and_protection_relay_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:secheron:sepcos_control_and_protection_relay_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:secheron:sepcos_control_and_protection_relay:-:*:*:*:*:*:*:*

History

21 Nov 2024, 07:00

Type Values Removed Values Added
CVSS v2 : 5.0
v3 : 7.5
v2 : 5.0
v3 : 9.4
References () https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-03 - Mitigation, Third Party Advisory, US Government Resource () https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-03 - Mitigation, Third Party Advisory, US Government Resource

Information

Published : 2022-06-24 15:15

Updated : 2024-11-21 07:00


NVD link : CVE-2022-2102

Mitre link : CVE-2022-2102

CVE.ORG link : CVE-2022-2102


JSON object : View

Products Affected

secheron

  • sepcos_control_and_protection_relay_firmware
  • sepcos_control_and_protection_relay
CWE
CWE-841

Improper Enforcement of Behavioral Workflow

CWE-434

Unrestricted Upload of File with Dangerous Type