CVE-2020-29020
CRITICALSecomea SiteManager < 9.4.620527004 - Improper Access Control in Web Service
Title source: llmDescription
Improper Access Control vulnerability in web service of Secomea SiteManager allows remote attacker to access the web UI from the internet using the configured credentials. This issue affects: Secomea SiteManager All versions prior to 9.4.620527004 on Hardware.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.secomea.com/support/cybersecurity-advisory/#3217
Scores
CVSS v3
9.1
EPSS
0.0174
EPSS Percentile
74.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-284
CWE-863
Status
published
Products (1)
secomea/sitemanager_firmware
< 9.4.620527004
Published
Mar 05, 2021
Tracked Since
Feb 18, 2026