CVE-2020-25230

A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3. Due to the usage of an outdated cipher mode on port 10005/tcp, an attacker could extract the encryption key from a captured communication with the device...

CVE-2020-25231

A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3, LOGO! Soft Comfort All versions V8.3. The encryption of program data for the affected devices uses a static key. An attacker could use this key to extract confidential information from protected program fil...

Design/Logic Flaw

A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3. Due to the usage of an outdated cipher mode on port 10005/tcp, an attacker could extract the encryption key from a captured communication with the device...

CVE-2020-25230

A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3. Due to the usage of an outdated cipher mode on port 10005/tcp, an attacker could extract the encryption key from a captured communication with the device...

Mount Locker Ransomware Offering Double Extortion Scheme to Other Hackers

A relatively new ransomware strain behind a series of breaches on corporate networks has developed new capabilities that allow it to broaden the scope of its targeting and evade security software—as well as with ability for its affiliates to launch double extortion attacks. The MountLocker...

Siemens LOGO! 8 BM 安全漏洞

Siemens LOGO! 8 BM is a programming software for industrial environments for the Windows platform from Siemens Germany. A security vulnerability exists in Siemens LOGO! 8 BM, which can be exploited by an attacker to obtain a private RSA key used to encrypt communications with a device, resulting ...

CVE-2020-7565

A CWE-326: Inadequate Encryption Strength vulnerability exists in Modicon M221 all references, all versions that could allow the attacker to break the encryption key when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller...

Code injection

A CWE-326: Inadequate Encryption Strength vulnerability exists in Modicon M221 all references, all versions that could allow the attacker to break the encryption key when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller...

Aviatrix Controller Encryption Key Plaintext Storage Vulnerability

Aviatrix Controller is a centralized control panel for orchestrating and managing various network and connectivity solutions. An encryption key plaintext storage vulnerability exists in Aviatrix Controller versions prior to R5.3.1151. An attacker can exploit this vulnerability to obtain plaintext...

Nextcloud Server server-side encryption key underprotection vulnerability (CNVD-2020-66860)

Nextcloud is a set of client-server software for creating file hosting services and using them. A server-side insufficient encryption key protection vulnerability exists in Nextcloud Server 19.0.1. An attacker can exploit the vulnerability to replace the public key and decrypt the encryption key...

DEBIAN-CVE-2020-28638

askpassword in Tomb 2.0 through 2.7 returns a warning when pinentry-curses is used and $DISPLAY is non-empty, causing affected users' files to be encrypted with "tomb W Detected DISPLAY, but only pinentry-curses is found." as the encryption key...

Code injection

askpassword in Tomb 2.0 through 2.7 returns a warning when pinentry-curses is used and $DISPLAY is non-empty, causing affected users' files to be encrypted with "tomb W Detected DISPLAY, but only pinentry-curses is found." as the encryption key...

UBUNTU-CVE-2020-28638

askpassword in Tomb 2.0 through 2.7 returns a warning when pinentry-curses is used and $DISPLAY is non-empty, causing affected users' files to be encrypted with "tomb W Detected DISPLAY, but only pinentry-curses is found." as the encryption key...

CVE-2020-28638

askpassword in Tomb 2.0 through 2.7 returns a warning when pinentry-curses is used and $DISPLAY is non-empty, causing affected users' files to be encrypted with "tomb W Detected DISPLAY, but only pinentry-curses is found." as the encryption key...

Bugs in Critical Infrastructure Gear Allow Sophisticated Cyberattacks

Two security vulnerabilities in Schneider Electric’s programmable logic controllers PLCs could allow attackers to compromise a PLC and move on to more sophisticated critical infrastructure attacks. PLCs are key pieces of equipment in environments such as electric utilities and factories. They...

CVE-2020-27019

Trend Micro InterScan Messaging Security Virtual Appliance IMSVA 9.1 is vulnerable to an information disclosure vulnerability which could allow an attacker to access a specific database and key...

The vulnerability in the web interface of the Cisco Data Center Network Manager system allows a hacker to escalate their privileges.

The vulnerability of the Web interface of the Cisco Data Center Network Manager DCNM system is related to the use of pre-installed credentials. Exploiting this vulnerability could allow a malicious actor to increase their privileges by using a static encryption key...

Hardcoded credentials

Unsafe storage of AD credentials in Ivanti DSM netinst 5.1 due to a static, hard-coded encryption key...

CVE-2020-13793

Unsafe storage of AD credentials in Ivanti DSM netinst 5.1 due to a static, hard-coded encryption key...

CVE-2020-13793

CVE-2020-13793 affects Ivanti DSM netinst 5.1, where AD credentials are stored insecurely due to a static, hard-coded encryption key. According to the connected records, the CVSS-3.1 base score is 9.8 (CRITICAL) with network attack vector, no privileges required, and high impact on confidentialit...