Vulnerability Description
Controls limiting uploads to certain file extensions may be bypassed. This could allow an attacker to intercept the initial file upload page response and modify the associated code. This modified code can be forwarded and used by a script loaded later in the sequence, allowing for arbitrary file upload into a location where PHP scripts may be executed.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Secheron | Sepcos Control And Protection Relay Firmware | >= 1.23.0, < 1.23.21 |
| Secheron | Sepcos Control And Protection Relay | - |
Related Weaknesses (CWE)
References
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-03MitigationThird Party AdvisoryUS Government Resource
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-03MitigationThird Party AdvisoryUS Government Resource
FAQ
What is CVE-2022-2102?
CVE-2022-2102 is a vulnerability with a CVSS score of 9.4 (CRITICAL). Controls limiting uploads to certain file extensions may be bypassed. This could allow an attacker to intercept the initial file upload page response and modify the associated code. This modified code...
How severe is CVE-2022-2102?
CVE-2022-2102 has been rated CRITICAL with a CVSS base score of 9.4/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-2102?
Check the references section above for vendor advisories and patch information. Affected products include: Secheron Sepcos Control And Protection Relay Firmware, Secheron Sepcos Control And Protection Relay.