Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Secomea — Vulnerabilities & Security Advisories 46

Browse all 46 CVE security advisories affecting Secomea. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Secomea provides remote access and monitoring solutions for industrial automation systems, enabling secure connectivity between IT networks and operational technology environments. The platform’s architecture, which facilitates external management of critical infrastructure, has historically exposed it to significant security risks, resulting in 46 recorded Common Vulnerabilities and Exposures (CVEs). These vulnerabilities predominantly involve remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from insufficient input validation and weak authentication mechanisms in legacy versions. Notable incidents include the exploitation of unpatched endpoints that allowed attackers to gain administrative control over connected industrial devices, highlighting the critical importance of timely patch management. While newer iterations have implemented enhanced encryption and multi-factor authentication, the historical prevalence of severe flaws underscores the persistent challenges in securing specialized industrial IoT gateways against sophisticated cyber threats targeting critical infrastructure.

Top products by Secomea: GateManager SiteManager SiteManager Embedded (SM-E) SiteManager Embedded
CVE IDTitleCVSSSeverityPublished
CVE-2025-14716 Unauthorized access to information — GateManagerCWE-287 6.5 Medium2026-03-19
CVE-2021-32007 Missing security header: Referrer-Policy URL — GateManagerCWE-200 3.5 Low2024-12-13
CVE-2024-1969 Heap buffer overflow — GateManagerCWE-120 8.2 High2024-04-29
CVE-2024-1579 Insufficient seeding of random number generator — GateManagerCWE-335 8.1 High2024-04-29
CVE-2023-3675 Insufficient input validation when downloading certain file types. — GateManagerCWE-22 6.5 Medium2024-04-18
CVE-2023-2912 SiteManager Embedded service disruption — SiteManager EmbeddedCWE-416 5.9 Medium2023-07-17
CVE-2022-38125 FTP Agent forwards traffic on inactive ports to LinkManager — SiteManagerCWE-923 2.9 Low2023-04-19
CVE-2023-0317 GateManager debug interface is included in non-debug builds — GateManagerCWE-420 4.9 Medium2023-04-19
CVE-2022-4308 Clear-text passwords in configuration files — GateManagerCWE-256 6.1 Medium2023-04-19
CVE-2022-38124 Unwanted debug tool — SiteManagerCWE-267 5.7 Medium2022-12-13
CVE-2022-2752 Potential vulnerabilities in GM login process — GateManagerCWE-287 5.5 Medium2022-12-09
CVE-2022-38123 Insufficient validation of plugin files — GateManagerCWE-20 8.7 High2022-12-06
CVE-2022-25786 GateManager debug interface is included in production builds — GateManagerCWE-420 4.9 Medium2022-05-04
CVE-2022-25787 GTA URLs issued by LMM WEB API may leak information — GateManagerCWE-598 7.5 High2022-05-04
CVE-2022-25785 Buffer overrun — SiteManagerCWE-121 6.6 Medium2022-05-04
CVE-2022-25784 User controllable HTML element attribute (potential XSS) — SiteManagerCWE-79 9.1 Critical2022-05-04
CVE-2022-25783 Hacking attempts from logged-in users are not properly logged by GM — GateManagerCWE-778 4.3 Medium2022-05-04
CVE-2022-25782 Insufficient privilege checks on object access and updates. — GateManagerCWE-274 5.4 Medium2022-05-04
CVE-2022-25781 Reflected XSS issues in GateManager — GateManagerCWE-79 4.2 Medium2022-05-04
CVE-2022-25780 Information leak via device availability query function — GateManagerCWE-200 4.3 Medium2022-05-04
CVE-2022-25779 Insufficient scope checks allows adding unrelated audit log entries — GateManagerCWE-779 4.3 Medium2022-05-04
CVE-2022-25778 Unload handlers may unintentionally defeat CSRF guards — GateManagerCWE-352 4.2 Medium2022-05-04
CVE-2021-32010 Clients may connect to a GateManager with TLS 1.0 — SiteManagerCWE-326 5.6 Medium2022-05-04
CVE-2021-32009 Missing XSS guards on firmware page — GateManagerCWE-79 5.0 Medium2022-03-11
CVE-2021-32005 SiteManager Log View XSS Issue — SiteManagerCWE-79 6.5 Medium2022-03-07
CVE-2021-32006 GateManager information leak for LinkManager Users — GateManagerCWE-275 5.0 Medium2022-03-07
CVE-2021-32008 Logged-in Administrator may get unrestricted file system access — GateManagerCWE-552 9.9 Critical2022-03-04
CVE-2021-32004 GateManager does not enforce strict hostname matching for WEB server — GateManagerCWE-923 3.7 Low2021-11-22
CVE-2021-32003 Configuration service port remains open 10 minutes after reboot even when already provisioned — SiteManagerCWE-523 8.0 High2021-08-05
CVE-2021-32002 SiteManager troubleshooter allows access without authentication from local network — SiteManagerCWE-284 4.3 Medium2021-08-05

This page lists every published CVE security advisory associated with Secomea. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.