Sielco Polyeco500 Firmware 1.7.0 CPU Edition

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:o:sielco:polyeco500_firmware:1.7.0:*:*:*:cpu:*:*:*

part: o version: 1.7.0 update: *

VendorSielco (a8a62961-1802-5665-af0e-9c7645696d18)
ProductPolyeco500 Firmware (a4a4906d-f8fa-5d47-8157-bb9a7224f05a)
Edition*
Language*
Software editioncpu
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2023-5754 vulnerable 2026-06-03 14:53:49.536063 Improper Restriction of Excessive Authentication Attempts in Sielco PolyEco1000
CRITICAL (9.1)
Sielco PolyEco1000 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system.
Published: 2023-10-26T19:47:06.226Z
Updated: 2025-01-16T21:27:38.467Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-46665 vulnerable 2026-06-03 14:53:10.308856 Improper Access Control in Sielco PolyEco1000
CRITICAL (9.8)
Sielco PolyEco1000 is vulnerable to an authentication bypass vulnerability due to an attacker modifying passwords in a POST request and gain unauthorized access to the affected device with administrative privileges.
Published: 2023-10-26T20:08:22.908Z
Updated: 2025-01-16T21:26:57.648Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-46664 vulnerable 2026-06-03 14:53:10.308191 Improper Access Control in Sielco PolyEco1000
HIGH (7.5)
Sielco PolyEco1000 is vulnerable to an improper access control vulnerability when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources behind protected pages.
Published: 2023-10-26T20:04:33.638Z
Updated: 2025-01-16T21:27:05.860Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-46663 vulnerable 2026-06-03 14:53:10.307347 Improper Access Control in Sielco PolyEco1000
HIGH (7.5)
Sielco PolyEco1000 is vulnerable to an attacker bypassing authorization and accessing resources behind protected pages. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests.
Published: 2023-10-26T20:02:24.004Z
Updated: 2025-01-16T21:27:13.130Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-46662 vulnerable 2026-06-03 14:53:10.306659 Improper Access Control in Sielco PolyEco1000
HIGH (7.5)
Sielco PolyEco1000 is vulnerable to an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this via a specially crafted request to gain access to sensitive information.
Published: 2023-10-26T20:00:05.085Z
Updated: 2025-01-16T21:27:22.856Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-46661 vulnerable 2026-06-03 14:53:10.299846 Improper Access Control in Sielco PolyEco1000
CRITICAL (9.8)
Sielco PolyEco1000 is vulnerable to an attacker escalating their privileges by modifying passwords in POST requests.
Published: 2023-10-26T19:57:12.046Z
Updated: 2025-01-16T21:27:31.395Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-0897 vulnerable 2026-06-03 14:48:53.260143 Session FIxation in Sielco PolyEco1000
HIGH (8.8)
Sielco PolyEco1000 is vulnerable to a session hijack vulnerability due to the cookie being vulnerable to a brute force attack, lack of SSL, and the session being visible in requests.
Published: 2023-10-26T19:44:01.703Z
Updated: 2025-01-16T21:27:45.701Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.