CVE-2021-41835

Fresenius Kabi Agilia Link + version 3.0 does not enforce transport layer encryption. Therefore, transmitted data may be sent in cleartext. Transport layer encryption is offered on Port TCP/443, but the affected service does not perform an automated redirect from the unencrypted service on Port...

The vulnerability of the KrServerBDdemoRT.exe software module of the SCADA system “KRUG-2000” arises from the failure to encrypt critical information. This vulnerability allows attackers to intercept technological data.

The vulnerability of the KrServerBDdemoRT.exe module of the SCADA system “KRUG-2000” is related to the lack of measures taken to encrypt critical information. Exploiting this vulnerability could allow a malicious actor, operating remotely, to intercept technological data...

The vulnerability of the microprogramming software of the modular controller for automation of transformer substations from Schneider Electric Easergy T300 RTU lies in the lack of encryption measures for protected data. This allows an intruder to gain unauthorized access to network traffic via the HTTP protocol.

The vulnerability of the microprogrammed control module software for Schneider Electric Easergy T300 RTU-based transformer substations automation systems is related to the lack of measures taken to encrypt protected data. Exploiting this vulnerability may allow an intruder operating remotely to...

The vulnerability of microprogrammed software in Schneider Electric’s programmable logic controllers Modicon M221, M100, and M200 stems from the lack of encryption measures for protected data. This allows attackers to obtain the encryption key.

The vulnerability of the microprogrammed logic controllers from Schneider Electric, such as Modicon M221, M100, and M200, is related to the lack of encryption measures for protected data. Exploiting this vulnerability can allow a remote attacker to obtain the encryption key...

The vulnerability of the Thunderbird email client, related to the lack of encryption measures for protected data, allows attackers to gain unauthorized access to protected information.

The vulnerability of the Thunderbird email client is related to the lack of encryption measures for protected data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

CVE-2019-18254

BIOTRONIK CardioMessenger II, The affected products do not encrypt sensitive information while at rest. An attacker with physical access to the CardioMessenger can disclose medical measurement data and the serial number from the implanted cardiac device the CardioMessenger is paired with...

ALPINE-CVE-2019-16062

NETSAS Enigma NMS 65.0.0 and prior does not encrypt sensitive data stored within the SQL database. It is possible for an attacker to expose unencrypted sensitive data...

The vulnerability in the FortiOS operating system’s web interface allows a hacker to bypass the verification of the "APSCOOKIE" cookie parameter.

The vulnerability in the FortiOS operating system’s web interface is related to the absence of the necessary encryption step. Exploiting this vulnerability allows a malicious actor to bypass the verification of the “APSCOOKIE” cookie parameter, which is used to protect information transmitted via...

CVE-2019-7229

The ABB CP635 HMI uses two different transmission methods to upgrade its firmware and its software components: "Utilization of USB/SD Card to flash the device" and "Remote provisioning process via ABB Panel Builder 600 over FTP." Neither of these transmission methods implements any form of...

The vulnerability of the Samba networking communication software lies in the lack of requirements for signing and encrypting SMB traffic when using DFS redirection. This allows a attacker to execute a “man-in-the-middle” attack.

The vulnerability of the Samba networking communication package is related to the lack of requirements for signing and encrypting SMB traffic when using DFS redirection. Exploiting this vulnerability allows a remote attacker to execute a “man-in-the-middle” attack and gain access to read and modi...

PT-2017-19227 · Sma Solar Technology · Sunny Boy Tlst-21 +3

Name of the Vulnerable Software and Affected Versions: SMA Solar Technology products, specifically Sunny Boy TLST-21, TL-21, and Sunny Tripower TL-10, TL-30 Description: The SIP implementation in SMA Solar Technology products does not properly use authentication with encryption, making it...