CVE-2021-32010

Inadequate Encryption Strength vulnerability in TLS stack of Secomea SiteManager, LinkManager, GateManager may facilitate man in the middle attacks. This issue affects: Secomea SiteManager All versions prior to 9.7. Secomea LinkManager versions prior to 9.7. Secomea GateManager versions prior to 9.7.

Published: May 4, 2022
Updated: Apr 14, 2023
CVE: CVE-2021-32010
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.1
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-326

OWASP TOP 10:

A3 - Sensitive Data Exposure

Affected Software
References

Software	From	Fixed in
secomea / sitemanager_1129_firmware	-	9.7.622134021
secomea / sitemanager_1139_firmware	-	9.7.622134021
secomea / sitemanager_1149_firmware	-	9.7.622134021
secomea / sitemanager_3329_firmware	-	9.7.622134021
secomea / sitemanager_3339_firmware	-	9.7.622134021
secomea / sitemanager_3349_firmware	-	9.7.622134021
secomea / sitemanager_3529_firmware	-	9.7.622134021
secomea / sitemanager_3539_firmware	-	9.7.622134021
secomea / sitemanager_3549_firmware	-	9.7.622134021
secomea / linkmanager	-	9.7.622134021
secomea / gatemanager_4250_firmware	-	9.7.622134021
secomea / gatemanager_4260_firmware	-	9.7.622134021
secomea / gatemanager_8250_firmware	-	9.7.622134021
secomea / gatemanager_9250_firmware	-	9.7.622134021

https://www.secomea.com/support/cybersecurity-advisory/

Vulnerability Database

290,020

CVE-2021-32010