CVE-2020-7514

Schneider Electric Easergy Builder (versions ≤ 1.4.7.2) contains a CWE-327 vulnerability due to use of a broken or risky cryptographic algorithm. This could allow an attacker to access the device’s authorization credentials and gain full access. The affected component is Easergy Builder; root cau...

Design/Logic Flaw

A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy T300 Firmware version 1.5.2 and older which could allow an attacker to acquire a password by brute force...

Code injection

In engineSetMode of BaseBlockCipher.java, there is a possible incorrect cryptographic algorithm chosen due to an incomplete comparison. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

CVE-2020-0187

CVE-2020-0187 affects Android 10 where in engineSetMode of BaseBlockCipher.java a comparison error could permit information disclosure without extra privileges. Documents confirm the vulnerability type as information disclosure with local access required, and no user interaction. Public reference...

Beckhoff Twincat Use of a Broken or Risky Cryptographic Algorithm

Beckhoff TwinCAT 3 supports communication over ADS. ADS is a protocol for industrial automation in protected environments. This protocol uses user configured routes, that can be edited remotely via ADS. This special command supports encrypted authentication with username/password. The encryption...

Rockwellautomation Micrologix Use of a Broken or Risky Cryptographic Algorithm

Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic function utilized to protect the password in MicroLogix is discoverable. File data ot500367.nasl...

Security Bulletin: IBM Spectrum Scale GUI is affected by weak cryptographic algorithm (CVE-2020-4350)

Summary A security vulnerability has been identified in all levels of IBM Spectrum Scale GUI. A fix for this vulnerability is available. Vulnerability Details CVEID: CVE-2020-4350 DESCRIPTION: IBM Spectrum Scale uses weaker than expected cryptographic algorithms that could allow an attacker to...

CVE-2020-7001

In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected products use a weak cryptographic algorithm, which may allow confidential information to be disclosed...

Information disclosure

In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected products use a weak cryptographic algorithm, which may allow confidential information to be disclosed...

CVE-2020-7001

CVE-2020-7001 affects Moxa EDS-G516E and EDS-510E Ethernet Switches with firmware 5.2 or lower, where the implementation uses a weak cryptographic algorithm that may disclose confidential information. This is confirmed by multiple sources (NVD entry and Red Hat advisory) describing the weakness a...

CVE-2020-6987

In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the affected products use a weak cryptographic algorithm, which may allow confidential information to be disclosed...

Information disclosure

In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the affected products use a weak cryptographic algorithm, which may allow confidential information to be disclosed...

CVE-2020-6987

CVE-2020-6987 affects Moxa PT-7528 (firmware ≤4.0) and PT-7828 (firmware ≤3.9) Ethernet switches. The vulnerability is a weak cryptographic algorithm that may disclose confidential information. The issue is documented with CVSSv3.1 base score 7.5 (Network attack, no privileges, high confidentiali...

CVE-2020-6987

In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the affected products use a weak cryptographic algorithm, which may allow confidential information to be disclosed...

Security Bulletin: IBM API Connect is impacted by weak cryptographic algorithms (CVE-2019-4553)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-4553 DESCRIPTION: IBM API Connect uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. CVSS Base score: 5.9 CVSS Temporal...

Moxa PT-7528 and PT-7828 Series Weak Cryptographic Algorithm Vulnerability

Moxa PT-7528 and PT-7828 Series are both Ethernet switches manufactured by Moxa. A weak cryptographic algorithm vulnerability exists in the Moxa PT-7528 and PT-7828 Series, which can be exploited by attackers to obtain sensitive information...

Moxa MB3xxx Series Protocol Gateways

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Moxa Equipment: MB3170 series, MB3180 series, MB3270 series, MB3280 series, MB3480 series, and MB3660 series Vulnerabilities: Stack-based Buffer Overflow, Integer Overflow to Buffer Overflow,...

Moxa EDS-G516E and EDS-510E Series Ethernet Switches

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Moxa Equipment: EDS-G516E series, and EDS-510E series Vulnerabilities: Stack-based Buffer Overflow, Use of a Broken or Risky Cryptographic Algorithm, Use of Hard-coded Cryptographic Key, Use of...

Moxa PT-7528 and PT-7828 Series Ethernet Switches

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Moxa Equipment: PT-7528 Series and PT-7828 Series Vulnerabilities: Stack-based Buffer Overflow, Use of a Broken or Risky Cryptographic Algorithm, Use of Hard-coded Cryptographic Key, Use of...

Security Bulletin: Weak Cryptographic Algorithm Vulnerability Affects IBM Sterling B2B Integrator (CVE-2018-1720)

Summary IBM Sterling B2B Integrator Standard Edition has addressed the weak cryptographic algorithm vulnerability. Vulnerability Details CVEID: CVE-2018-1720 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition uses weaker than expected cryptographic algorithms that could allow an attacker t...