Overview
- Description
- Controls limiting uploads to certain file extensions may be bypassed. This could allow an attacker to intercept the initial file upload page response and modify the associated code. This modified code can be forwarded and used by a script loaded later in the sequence, allowing for arbitrary file upload into a location where PHP scripts may be executed.
- Source
- ics-cert@hq.dhs.gov
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:P/A:N
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:secheron:sepcos_control_and_protection_relay:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "6354633F-ABAA-4263-B497-276B25052B3E"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:secheron:sepcos_control_and_protection_relay_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D957E1A9-E7FC-47AA-9AF3-9BAEC4566543",
"versionEndExcluding": "1.23.21",
"versionStartIncluding": "1.23.0"
},
{
"criteria": "cpe:2.3:o:secheron:sepcos_control_and_protection_relay_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "358E9B5A-E507-4B36-8193-B53017588312",
"versionEndExcluding": "1.24.8",
"versionStartIncluding": "1.24.0"
},
{
"criteria": "cpe:2.3:o:secheron:sepcos_control_and_protection_relay_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5495904A-D4A0-4FB4-9DCC-B146EB6C9374",
"versionEndExcluding": "1.25.3",
"versionStartIncluding": "1.25.0"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]