These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
A missing authorization check in Krontech Single Connect's sc-assigned-credential-ui module allows unauthenticated remote attackers to modify user permissions, including deletion of permissions belonging to other users. The vulnerability affects versions prior to 2.16 and was assigned a CVSS 3.1 score of 5.3 (Medium severity). The issue was publicly disclosed on January 27, 2022, with the NVD record last [truncated]
A missing authorization check in Krontech Single Connect's sc-diagnostic-ui module allows unauthenticated remote attackers to access a device information page and obtain sensitive information. The vulnerability was disclosed in January 2022 and affects versions prior to 2.16.
A missing authorization check in Krontech Single Connect's sc-reports-ui module allows unauthenticated remote attackers to access device configuration pages and export sensitive data, including database credentials. The vulnerability was disclosed in January 2022 and affects versions prior to 2.16.
A missing authorization check in Krontech Single Connect's log-monitor module allows unauthenticated remote attackers to access the logging interface and potentially obtain sensitive information. The vulnerability affects versions prior to 2.16. The issue was disclosed in January 2022 and remains relevant for unpatched deployments.