SielcoCVEs & Vulnerabilities

11 CVEs affecting Sielco products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

polyeco1000 firmware 28polyeco300 firmware 21radio link rtx19 16polyeco500 firmware 14radio link exc19 8analog fm transmitter exc1600gx 8analog fm transmitter exc5000gx 8polyeco300 7
CVE-2023-46665CRITICAL

Sielco PolyEco1000 is vulnerable to an authentication bypass vulnerability due to an attacker modifying passwords in a POST request and gain unauthorized access to the affected device with administrative privileges.

27 Oct 2023
9.8
CVSS
CVE-2023-46664CRITICAL

Sielco PolyEco1000 is vulnerable to an improper access control vulnerability when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources behind protected pages.

27 Oct 2023
9.1
CVSS
CVE-2023-46663HIGH

Sielco PolyEco1000 is vulnerable to an attacker bypassing authorization and accessing resources behind protected pages. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests.

27 Oct 2023
8.1
CVSS
CVE-2023-5754CRITICAL

Sielco PolyEco1000 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system.

26 Oct 2023
9.8
CVSS
CVE-2023-46662HIGH

Sielco PolyEco1000 is vulnerable to an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this via a specially crafted request to gain access to sensitive information.

26 Oct 2023
7.5
CVSS
CVE-2023-46661CRITICAL

Sielco PolyEco1000 is vulnerable to an attacker escalating their privileges by modifying passwords in POST requests.

26 Oct 2023
9.8
CVSS
CVE-2023-0897CRITICAL

Sielco PolyEco1000 is vulnerable to a session hijack vulnerability due to the cookie being vulnerable to a brute force attack, lack of SSL, and the session being visible in requests.

26 Oct 2023
9.8
CVSS
CVE-2023-45317HIGH

The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

26 Oct 2023
8.8
CVSS
CVE-2023-45228MEDIUM

The application suffers from improper access control when editing users. A user with read permissions can manipulate users, passwords, and permissions by sending a single HTTP POST request with modified parameters.

26 Oct 2023
6.5
CVSS
CVE-2023-42769CRITICAL

The cookie session ID is of insufficient length and can be exploited by brute force, which may allow a remote attacker to obtain a valid session, bypass authentication, and manipulate the transmitter.

26 Oct 2023
9.8
CVSS
CVE-2023-41966HIGH

The application suffers from a privilege escalation vulnerability. A user with read permissions can elevate privileges by sending a HTTP POST to set a parameter.

26 Oct 2023
8.8
CVSS
← PrevPage 1 / 1Next →