The www-data (Apache web server) account is configured to run sudo with no password for many commands (including /bin/sh and /bin/bash).
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Sepcos_control_and_protection_relay_firmware | Secheron | 1.23.0 (including) | 1.23.21 (excluding) |
Sepcos_control_and_protection_relay_firmware | Secheron | 1.24.0 (including) | 1.24.8 (excluding) |
Sepcos_control_and_protection_relay_firmware | Secheron | 1.25.0 (including) | 1.25.3 (excluding) |