CVE-2021-32010— Clients may connect to a GateManager with TLS 1.0

CVSS 5.6 · Medium EPSS 0.10% · P28 Updated Feb 25, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-32010

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Clients may connect to a GateManager with TLS 1.0

Source: NVD (National Vulnerability Database)

Vulnerability Description

Inadequate Encryption Strength vulnerability in TLS stack of Secomea SiteManager, LinkManager, GateManager may facilitate man in the middle attacks. This issue affects: Secomea SiteManager All versions prior to 9.7. Secomea LinkManager versions prior to 9.7. Secomea GateManager versions prior to 9.7.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Source: NVD (National Vulnerability Database)

Vulnerability Type

不充分的加密强度

Source: NVD (National Vulnerability Database)

Vulnerability Title

Secomea 多款产品加密问题漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Secomea GateManager和Secomea SiteManager都是丹麦Secomea公司的产品。GateManager是一款远程访问服务器产品。Secomea SiteManager是一个应用软件。提供一个工业设备远程维护功能。 Secomea SiteManager、LinkManager、GateManager 9.7 版本之前 TLS stack 存在安全漏洞，该漏洞源于加密强度不足。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE
Secomea	SiteManager	All ~ 9.7	-
Secomea	LinkManager	unspecified ~ 9.7	-
Secomea	GateManager	unspecified ~ 9.7	-

II. Public POCs for CVE-2021-32010

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2021-32010

请登录查看更多情报信息。

Same Patch Batch · Secomea · 2022-05-04 · 11 CVEs total

CVE-2022-25784	9.1 CRITICAL	User controllable HTML element attribute (potential XSS)
CVE-2022-25787	7.5 HIGH	GTA URLs issued by LMM WEB API may leak information
CVE-2022-25785	6.6 MEDIUM	Buffer overrun
CVE-2022-25782	5.4 MEDIUM	Insufficient privilege checks on object access and updates.
CVE-2022-25786	4.9 MEDIUM	GateManager debug interface is included in production builds
CVE-2022-25779	4.3 MEDIUM	Insufficient scope checks allows adding unrelated audit log entries
CVE-2022-25780	4.3 MEDIUM	Information leak via device availability query function
CVE-2022-25783	4.3 MEDIUM	Hacking attempts from logged-in users are not properly logged by GM
CVE-2022-25778	4.2 MEDIUM	Unload handlers may unintentionally defeat CSRF guards
CVE-2022-25781	4.2 MEDIUM	Reflected XSS issues in GateManager

IV. Related Vulnerabilities

Same product: SiteManager

Same vendor: Secomea

Same weakness: CWE-326

V. Comments for CVE-2021-32010

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2021-32010— Clients may connect to a GateManager with TLS 1.0

I. Basic Information for CVE-2021-32010

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2021-32010

III. Intelligence Information for CVE-2021-32010

Same Patch Batch · Secomea · 2022-05-04 · 11 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2021-32010

Leave a comment