Riskbuster Firmware Security Vulnerabilities and Issues — Riskbuster Firmware CVE List

Lucene search

EcoaRiskbuster Firmware

3 matches found

CVE•added 2021/09/30 11:15 a.m.•50 views

CVE-2021-41297

ECOA BAS controller is vulnerable to weak access control mechanism allowing authenticated user to remotely escalate privileges by disclosing credentials of administrative accounts in plain-text.

8.8CVSS8.8AI score0.00168EPSS

CVE•added 2021/09/30 11:15 a.m.•42 views

CVE-2021-41295

ECOA BAS controller has a Cross-Site Request Forgery vulnerability, thus authenticated attacker can remotely place a forged request at a malicious web page and execute CRUD commands (GET, POST, PUT, DELETE) to perform arbitrary operations in the system.

8.8CVSS8.9AI score0.00116EPSS

CVE•added 2021/09/30 11:15 a.m.•42 views

CVE-2021-41298

ECOA BAS controller is vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability, attackers with general user's privilege can remotely bypass authorization and access the hidden r...

8.8CVSS8.8AI score0.00233EPSS