go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::

Date:
Font-stze:

ECOA BAS controller - Insufficiently Protected Credentials-1

TVN ID TVN-202109013
CVE ID CVE-2021-41297
CVSS 8.8 (High)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products ECOA ECS Router Controller - ECS (FLASH)
ECOA RiskBuster Terminator - E6L45
ECOA RiskBuster System - RB 3.0.0
ECOA RiskBuster System - TRANE 1.0
ECOA Graphic Control Software
ECOA SmartHome II - E9246
ECOA RiskTerminator
Description ECOA BAS controller is vulnerable to weak access control mechanism allowing authenticated user to remotely escalate privileges by disclosing credentials of administrative accounts in plain-text.
Solution Contact tech support from ECOA.
Credit Gjoko Krstic(Zero Science Lab)
Public Date 2021-09-30
Top