CVE-2022-2105
Published: 24 June 2022
Summary
CVE-2022-2105 is a critical-severity Improper Enforcement of Behavioral Workflow (CWE-841) vulnerability in Secheron Sepcos Control And Protection Relay Firmware. Its CVSS base score is 9.4 (Critical).
Operationally, ranked at the 42.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-34393
Vulnerability details
Client-side JavaScript controls may be bypassed to change user credentials and permissions without authentication, including a “root” user level meant only for the vendor. Web server root level access allows for changing of safety critical parameters.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.