CVE-2022-1794 Plaintext Storage of a password in CODESYS V3 OPC DA Server

The CODESYS OPC DA Server prior V3.5.18.20 stores PLC passwords as plain text in its configuration file so that it is visible to all authorized Microsoft Windows users of the system...

CVE-2022-1794

CVE-2022-1794 affects the CODESYS OPC DA Server prior to v3.5.18.20, where PLC passwords are stored in plaintext in the configuration file and are visible to all authorized Windows users on the system. The vulnerability exposes credentials via local access to the host, as indicated by the CVSS ve...

PT-2022-14118 · 3S Smart Software Solutions · Codesys Opc Da Server

Name of the Vulnerable Software and Affected Versions: CODESYS OPC DA Server versions prior to V3.5.18.20 Description: The issue concerns the storage of PLC passwords in plain text within the configuration file of the CODESYS OPC DA Server, making these passwords visible to all authorized Microso...

3S-Smart Software Solutions CODESYS 安全漏洞

CODESYS is a controller development system from 3S-Smart Software Solutions, Germany. A security vulnerability exists in 3S-Smart Software Solutions CODESYS OPC DA Server versions prior to V3.5.18.20, which stems from the PLC storing passwords as plain text in its configuration file, which is...

EulerOS 2.0 SP9 : grub2 (EulerOS-SA-2022-1997)

According to the versions of the grub2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged...

CVE-2022-1794

The CODESYS OPC DA Server prior V3.5.18.20 stores PLC passwords as plain text in its configuration file so that it is visible to all authorized Microsoft Windows users of the system...

FortiNAC - Unprotected MySQL root account

An empty password in configuration file vulnerability CWE-258 in FortiNAC may allow an authenticated attacker to access the MySQL databases via the CLI...

Jenkins OpsGenie Plugin Information Disclosure Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.An information disclosure vulnerability...

Jenkins Skype notifier Plugin信息泄露漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.An information disclosure vulnerability...

Jenkins Deployment Dashboard Plugin信息泄露漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. stored in the global configuration file of the Jenkins controller, and an...

GHSA-WPPP-XQFV-6CM7 Token stored in plain text by Jenkins Cisco Spark Plugin

Cisco Spark Plugin 1.1.1 and earlier stores bearer tokens unencrypted in its global configuration file org.jenkinsci.plugins.spark.SparkNotifier.xml on the Jenkins controller as part of its configuration. These bearer tokens can be viewed by users with access to the Jenkins controller file system...

Token stored in plain text by Jenkins Cisco Spark Plugin

Cisco Spark Plugin 1.1.1 and earlier stores bearer tokens unencrypted in its global configuration file org.jenkinsci.plugins.spark.SparkNotifier.xml on the Jenkins controller as part of its configuration. These bearer tokens can be viewed by users with access to the Jenkins controller file system...

Plaintext Storage of a Password in Jenkins Skype notifier Plugin

Skype notifier Plugin 1.1.0 and earlier stores a password unencrypted in its global configuration file hudson.plugins.skype.im.transport.SkypePublisher.xml on the Jenkins controller as part of its configuration. This password can be viewed by users with access to the Jenkins controller file syste...

GHSA-M59Q-VGQ9-75CR Password stored in plain text by Jenkins RQM Plugin

RQM Plugin 2.8 and earlier stores a password unencrypted in its global configuration file net.praqma.jenkins.rqm.RqmBuilder.xml on the Jenkins controller as part of its configuration. This password can be viewed by users with access to the Jenkins controller file system...

GHSA-36J8-F33J-VJWQ Passwords stored in plain text by Jenkins hpe-network-virtualization plugin

hpe-network-virtualization Plugin 1.0 stores passwords unencrypted in its global configuration file org.jenkinsci.plugins.nvemulation.plugin.NvEmulationBuilder.xml on the Jenkins controller as part of its configuration. These passwords can be viewed by users with access to the Jenkins controller...

Password stored in plain text by Jenkins RQM Plugin

RQM Plugin 2.8 and earlier stores a password unencrypted in its global configuration file net.praqma.jenkins.rqm.RqmBuilder.xml on the Jenkins controller as part of its configuration. This password can be viewed by users with access to the Jenkins controller file system...

GHSA-PGP9-X83G-V8X8 Plaintext Storage of a Password in Jenkins RocketChat Notifier Plugin

Jenkins RocketChat Notifier Plugin 1.5.2 and earlier stores the login password and webhook token unencrypted in its global configuration file RocketChatNotifier.xml on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...

CVE-2022-34816

Jenkins HPE Network Virtualization Plugin 1.0 stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...

CVE-2022-34807

Jenkins Elasticsearch Query Plugin 1.2 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

CVE-2022-34805

Jenkins Skype notifier Plugin 1.1.0 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...