Client-side JavaScript controls may be bypassed to change user credentials and permissions without authentication, including a “root” user level meant only for the vendor. Web server root level access allows for changing of safety critical parameters.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Sepcos_control_and_protection_relay_firmware | Secheron | 1.23.0 (including) | 1.23.21 (excluding) |
Sepcos_control_and_protection_relay_firmware | Secheron | 1.24.0 (including) | 1.24.8 (excluding) |
Sepcos_control_and_protection_relay_firmware | Secheron | 1.25.0 (including) | 1.25.3 (excluding) |