Approved changes feed: RSS · Atom

cpe:2.3:h:ecoa:riskbuster:-:*:*:*:*:*:*:*

part: h version: - update: *

VendorEcoa (9b3505e1-e942-58fa-a951-d0e6cb7e6512)
ProductRiskbuster (66365935-ad0c-5795-b8f3-83e7311296bb)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2021-41302 not_vulnerable 2026-06-08 05:35:20.181565 ECOA BAS controller - Missing Encryption of Sensitive Data
HIGH (7.3)
ECOA BAS controller stores sensitive data (backup exports) in clear-text, thus the unauthenticated attacker can remotely query user password and obtain user’s privilege.
Published: 2021-09-30T10:41:08.156Z
Updated: 2024-09-16T20:21:36.719Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-41300 not_vulnerable 2026-06-08 05:35:20.165410 ECOA BAS controller - Insufficiently Protected Credentials-2
CRITICAL (9.8)
ECOA BAS controller’s special page displays user account and passwords in plain text, thus unauthenticated attackers can access the page and obtain privilege with full functionality.
Published: 2021-09-30T10:41:05.097Z
Updated: 2024-09-16T23:41:00.205Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-41299 not_vulnerable 2026-06-08 05:35:20.157835 ECOA BAS controller - Use of Hard-coded Credentials
CRITICAL (9.8)
ECOA BAS controller is vulnerable to hard-coded credentials within its Linux distribution image, thus remote attackers can obtain administrator’s privilege without logging in.
Published: 2021-09-30T10:41:03.577Z
Updated: 2024-09-16T17:22:44.543Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-41298 not_vulnerable 2026-06-08 05:35:20.157137 ECOA BAS controller - Improper Access Control
HIGH (8.8)
ECOA BAS controller is vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability, attackers with general user's privilege can remotely bypass authorization and access the hidden resources in the system and execute privileged functionalities.
Published: 2021-09-30T10:41:02.047Z
Updated: 2024-09-16T20:16:40.291Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-41297 not_vulnerable 2026-06-08 05:35:20.156428 ECOA BAS controller - Insufficiently Protected Credentials-1
HIGH (8.8)
ECOA BAS controller is vulnerable to weak access control mechanism allowing authenticated user to remotely escalate privileges by disclosing credentials of administrative accounts in plain-text.
Published: 2021-09-30T10:41:00.486Z
Updated: 2024-09-16T20:22:39.752Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-41296 not_vulnerable 2026-06-08 05:35:20.155539 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-41295 not_vulnerable 2026-06-08 05:35:20.154497 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-41294 not_vulnerable 2026-06-08 05:35:20.153558 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-41293 not_vulnerable 2026-06-08 05:35:20.152941 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-41292 not_vulnerable 2026-06-08 05:35:20.152000 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-41291 not_vulnerable 2026-06-08 05:35:20.151238 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-41290 not_vulnerable 2026-06-08 05:35:20.149479 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.