4200 matches found
CVE-2020-7566
A CWE-334: Small Space of Random Values vulnerability exists in Modicon M221 all references, all versions that could allow the attacker to break the encryption keys when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller...
CVE-2020-7567
A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Modicon M221 all references, all versions that could allow the attacker to find the password hash when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller and broke t...
CVE-2020-7565
A CWE-326: Inadequate Encryption Strength vulnerability exists in Modicon M221 all references, all versions that could allow the attacker to break the encryption key when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller...
Design/Logic Flaw
A CWE-334: Small Space of Random Values vulnerability exists in Modicon M221 all references, all versions that could allow the attacker to break the encryption keys when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller...
CVE-2020-7568
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon M221 all references, all versions that could allow non sensitive information disclosure when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221...
CVE-2020-7567
CVE-2020-7567 targets Schneider Electric Modicon M221 PLCs. A missing encryption of sensitive data vulnerability could allow an attacker who captures traffic between EcoStruxure Machine-Basic software and the M221 controller to break encryption keys and obtain password hashes. Affected: Modicon M...
CVE-2020-7566
A CWE-334: Small Space of Random Values vulnerability exists in Modicon M221 all references, all versions that could allow the attacker to break the encryption keys when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller...
CVE-2020-7565
A CWE-326: Inadequate Encryption Strength vulnerability exists in Modicon M221 all references, all versions that could allow the attacker to break the encryption key when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller...
CVE-2020-7565
CVE-2020-7565 affects Schneider Electric Modicon M221 PLCs (all versions) and is about Inadequate Encryption Strength (CWE-326). The root cause is weakness in cryptographic protection that could allow an attacker to break the encryption key when intercepting traffic between EcoStruxure Machine - ...
CVE-2020-7565
A CWE-326: Inadequate Encryption Strength vulnerability exists in Modicon M221 all references, all versions that could allow the attacker to break the encryption key when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller...
Schneider Electric Modicon M221 Security Breach
The Schneider Electric Modicon M221 is a programmable logic controller from Schneider Electric, France. The Modicon M221 suffers from a security vulnerability that stems from a sensitive data vulnerability encryption gap that can be exploited by an attacker to find a password hash after capturing...
Schneider Electric Modicon M221 Information Disclosure Vulnerability
The Schneider Electric Modicon M221 is a programmable logic controller from Schneider Electric, France. The Modicon M221 suffers from an information disclosure vulnerability that originates from the presence of a sensitive information exposure to an unauthorized Actor vulnerability that can be...
Intel(R) Processors Elevation of Privilege Vulnerability
Intel Microprocessors are microprocessor CPU products from the American company Intel. Intel Processors suffers from an elevation of privilege vulnerability that stems from the fact that the use of potentially dangerous functionality in the Intel BIOS platform sample code could allow an...
Zunyi Xintengda Information Technology Co., Ltd. Bole Card Issuing System Basic Edition Arbitrary File Upload Vulnerability
Zunyi Xintengda Information Technology Co., Ltd. is a professional e-commerce operation and network marketing services company. Zunyi Xintengda Information Technology Co., Ltd. Bole hair card system basic version of arbitrary file upload vulnerability, an attacker can use the vulnerability on the...
PT-2020-6348
Name of the Vulnerable Software and Affected Versions Modicon M221 all versions Modicon M100 affected versions not specified Modicon M200 affected versions not specified Description A CWE-326: Inadequate Encryption Strength issue exists that could allow an attacker to break the encryption key whe...
gnome-software and fwupd security, bug fix, and enhancement update
appstream-data 8-20200724 - Regenerate the RHEL metadata to include the EPEL apps too - Resolves: 1844488 8-20200630 - Regenerate the RHEL metadata - Resolves: 1844488 fwupd 1.4.2-4.0.1 - Build with the updated Oracle certificate - Use oraclesecureboot301 as certdir Orabug: 29881368 - Use new...
CVE-2020-28196
MIT Kerberos 5 aka krb5 before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1encode.c support for BER indefinite lengths lacks a recursion limit...
squid: Out of bounds read in Proxy-Authorization header causes DoS
An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines how many bytes will be decoded by iterating over the input and checki...
CVE-2020-19672
Niushop B2B2C Multi-business basic version V1.11, can bypass the administrator to obtain the background upload interface, through parameter upload, bypass the getimagesize function, upload php file, getshell...
CVE-2020-19670
Technical details are not publicly available in the provided connected documents for CVE-2020-19670 (Niushop 1.11 authentication bypass). Monitor for updates; no concrete root-cause, affected components, or remediation details are present in the supplied sources.