Critical severity9.4NVD Advisory· Published Jun 24, 2022· Updated Jun 17, 2026
CVE-2022-2105
CVE-2022-2105
Description
Client-side JavaScript controls may be bypassed to change user credentials and permissions without authentication, including a “root” user level meant only for the vendor. Web server root level access allows for changing of safety critical parameters.
Affected products
2- Secheron/SEPCOS Control and Protection Relay firmware packagev5Range: All versions
Patches
Vulnerability mechanics
References
1- www.cisa.gov/uscert/ics/advisories/icsa-22-174-03nvdMitigationThird Party AdvisoryUS Government Resource
News mentions
0No linked articles in our index yet.