The vulnerability of the reset function in industrial switches SCALANCE X-200, SCALANCE X-200IRT, and SCALANCE X-300 allows a intruder to gain increased privileges.

The vulnerability of the reset function in industrial switches SCALANCE X-200, SCALANCE X-200IRT, and SCALANCE X-300 lies in the absence of a new cryptographic key generation upon resetting settings. Exploiting this vulnerability can allow an attacker operating remotely to enhance their privilege...

Helpcom Trust Management Issues Vulnerabilities

Helpcom is an application from the Korean company Helpcom. It provides remote control services. A security vulnerability exists in versions prior to Helpcom v10.0 that stems from storing hard-coded encryption keys. No detailed vulnerability details are provided at this time...

Helpcom 信任管理问题漏洞

Helpcom is an application from the Korean company Helpcom. It provides remote control services. A security vulnerability exists in versions prior to Helpcom v10.0 that stems from storing hard-coded encryption keys. No detailed vulnerability details are provided at this time...

IBM Security Verify Information Queue 安全漏洞

IBM Security Verify Information Queue is a cross-product integrator that leverages Kafka technology and a publish/subscribe model to integrate data between IBM security products. An information disclosure vulnerability exists in IBM Security Verify Information Queue. The vulnerability stems from...

Reverse Engineering Keys from Firmware. A how-to

TL;DR It is possible to reverse engineer keys from firmware with some tips: 1. Always looks for strings/constants. 2. Make guesses about the original source. 3. Find a function you can recognise and work backwards to identify other functions. 4. It helps if they use open-source code so you can cr...

The vulnerability in Oracle iPlanet’s web server, related to the read-only access to encryption keys without authentication, allows attackers to disclose protected information.

The vulnerability of Oracle iPlanet web server relates to the read-only access to encryption keys without authentication. Exploiting this vulnerability could allow a malicious actor to disclose the protected information remotely...

CVE-2020-27270

SOOIL Developments CoLtd DiabecareRS, AnyDana-i ,AnyDana-A, communication protocol of the insulin pump & AnyDana-i,AnyDana-A mobile apps doesnt use adequate measures to protect encryption keys in transit which allows unauthenticated physically proximate attacker to sniff keys via BLE...

CVE-2020-27270

SOOIL Developments CoLtd DiabecareRS, AnyDana-i ,AnyDana-A, communication protocol of the insulin pump & AnyDana-i,AnyDana-A mobile apps doesnt use adequate measures to protect encryption keys in transit which allows unauthenticated physically proximate attacker to sniff keys via BLE...

Code injection

SOOIL Developments CoLtd DiabecareRS, AnyDana-i ,AnyDana-A, communication protocol of the insulin pump & AnyDana-i,AnyDana-A mobile apps doesnt use adequate measures to protect encryption keys in transit which allows unauthenticated physically proximate attacker to sniff keys via BLE...

CVE-2020-27270

CVE-2020-27270 affects Dana Diabecare insulin pumps and the AnyDana-i/AnyDana-A mobile apps. The vulnerability arises from unprotected encryption keys in transit over Bluetooth Low Energy, enabling unauthenticated, physically proximate attackers to sniff keys. Affected products include Dana Diabe...

CVE-2020-27270

SOOIL Developments CoLtd DiabecareRS, AnyDana-i ,AnyDana-A, communication protocol of the insulin pump & AnyDana-i,AnyDana-A mobile apps doesnt use adequate measures to protect encryption keys in transit which allows unauthenticated physically proximate attacker to sniff keys via BLE...

IBM Spectrum Protect Plus Hardcoded Credentials Vulnerability

IBM Spectrum Protect Plus is a data protection and availability solution for virtualized environments that can be deployed in minutes and protect your environment in less than an hour. A hard-coded credentials vulnerability exists in IBM Spectrum Protect Plus 10.1.0 - 10.1.6. An attacker can...

CVE-2020-7566

A CWE-334: Small Space of Random Values vulnerability exists in Modicon M221 all references, all versions that could allow the attacker to break the encryption keys when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller...

CVE-2020-7567

A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Modicon M221 all references, all versions that could allow the attacker to find the password hash when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller and broke t...

Design/Logic Flaw

A CWE-334: Small Space of Random Values vulnerability exists in Modicon M221 all references, all versions that could allow the attacker to break the encryption keys when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller...

CVE-2020-7567

A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Modicon M221 all references, all versions that could allow the attacker to find the password hash when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller and broke t...

CVE-2020-7566

A CWE-334: Small Space of Random Values vulnerability exists in Modicon M221 all references, all versions that could allow the attacker to break the encryption keys when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller...

CVE-2020-7566

CVE-2020-7566 (Modicon M221) is a reported issue: a CWE-334 Small Space of Random Values vulnerability that could allow an attacker who captures traffic between EcoStruxure Machine - Basic software and the Modicon M221 controller to break encryption keys. Affected product: Schneider Electric Modi...

CVE-2020-7566

A CWE-334: Small Space of Random Values vulnerability exists in Modicon M221 all references, all versions that could allow the attacker to break the encryption keys when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller...

Aviatrix Systems Controller 安全漏洞

Aviatrix Controller is a centralized control panel for orchestrating and managing various network and connectivity solutions. An encryption key plaintext storage vulnerability exists in Aviatrix Controller versions prior to R5.3.1151. An attacker can exploit this vulnerability to obtain plaintext...