Description
Sielco PolyEco1000 is vulnerable to a session hijack vulnerability due to the cookie being vulnerable to a brute force attack, lack of SSL, and the session being visible in requests.
Scores
CVSS v3
8.8
EPSS
0.0008
EPSS Percentile
23.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-384
Status
published
Products (9)
sielco/polyeco1000_firmware
1.9.3
sielco/polyeco1000_firmware
1.9.4
sielco/polyeco1000_firmware
2.0.6
sielco/polyeco1000_firmware
10.19
sielco/polyeco300_firmware
2.0.0
sielco/polyeco300_firmware
2.0.2
sielco/polyeco300_firmware
10.19
sielco/polyeco500_firmware
1.7.0
sielco/polyeco500_firmware
10.16
Published
Oct 26, 2023
Tracked Since
Feb 18, 2026