Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Secomea — Vulnerabilities & Security Advisories 46

Browse all 46 CVE security advisories affecting Secomea. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Secomea provides remote access and monitoring solutions for industrial automation systems, enabling secure connectivity between IT networks and operational technology environments. The platform’s architecture, which facilitates external management of critical infrastructure, has historically exposed it to significant security risks, resulting in 46 recorded Common Vulnerabilities and Exposures (CVEs). These vulnerabilities predominantly involve remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from insufficient input validation and weak authentication mechanisms in legacy versions. Notable incidents include the exploitation of unpatched endpoints that allowed attackers to gain administrative control over connected industrial devices, highlighting the critical importance of timely patch management. While newer iterations have implemented enhanced encryption and multi-factor authentication, the historical prevalence of severe flaws underscores the persistent challenges in securing specialized industrial IoT gateways against sophisticated cyber threats targeting critical infrastructure.

Top products by Secomea: GateManager SiteManager SiteManager Embedded (SM-E) SiteManager Embedded
CVE IDTitleCVSSSeverityPublished
CVE-2020-29030 Insufficient CSRF guards — GateManagerCWE-352 8.1 High2021-03-05
CVE-2020-29020 Reject Remote Management via Cellular UPLINK2 — SiteManagerCWE-284 9.1 Critical2021-03-05
CVE-2020-29028 Reflected XSS issues — GateManagerCWE-79 6.3 Medium2021-03-05
CVE-2020-29029 XSS issue due to insufficient sanitization of input field — GateManagerCWE-20 7.3 High2021-03-05
CVE-2020-29032 Add integrity check of GateManager firmware — GateManagerCWE-494 8.4 High2021-03-05
CVE-2020-29027 Reflected Cross Site Scripting — SiteManagerCWE-79 5.4 Medium2021-02-16
CVE-2020-29025 DOM-based Javascript injection — SiteManager Embedded (SM-E)CWE-79 5.4 Medium2021-02-16
CVE-2020-29023 CSV Formula Injection possible due to improper fields escaping in GateManager — GateManagerCWE-116 3.5 Low2021-02-16
CVE-2020-29022 Host Header Injection allowing web cache poisoning attacks — GateManagerCWE-159 5.3 Medium2021-02-16
CVE-2020-29024 Missing HtppOnly and Secure flags — GateManagerCWE-614 5.3 Medium2021-02-16
CVE-2020-29031 Insecure Direct Object Reference in GateManager WebUI can cause privilege escalation — GateManagerCWE-280 7.1 High2021-02-15
CVE-2020-29026 Secomea GateManager 路径遍历漏洞 — GateManagerCWE-22 9.0 Critical2021-02-15
CVE-2020-29021 Scripting tag chars < > not filtered in input fields could cause Cross-Site Scripting (XSS) — GateManagerCWE-20 3.5 Low2021-02-08
CVE-2020-14512 USE OF PASSWORD HASH WITH INSUFFICIENT COMPUTATIONAL EFFORT CWE-916 — GateManagerCWE-916 8.1 High2020-08-25
CVE-2020-14510 OFF-BY-ONE ERROR CWE-193 — GateManagerCWE-193 9.8 Critical2020-08-25
CVE-2020-14508 OFF-BY-ONE ERROR CWE-193 — GateManagerCWE-193 8.1 High2020-08-25

This page lists every published CVE security advisory associated with Secomea. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.