CVE-2025-6074

Use of Hard-coded Cryptographic Key vulnerability in ABB RMC-100, ABB RMC-100 LITE. When the REST interface is enabled by the user, and an attacker gains access to source code and control network, the attacker can bypass the REST interface authentication and gain access to MQTT configuration data...

CVE-2025-6071

Use of Hard-coded Cryptographic Key vulnerability in ABB RMC-100, ABB RMC-100 LITE. An attacker can gain access to salted information to decrypt MQTT information. This issue affects RMC-100: from 2105457-043 through 2105457-045; RMC-100 LITE: from 2106229-015 through 2106229-016...

CVE-2025-6071 Hard Coded Key used for AES encryption

Use of Hard-coded Cryptographic Key vulnerability in ABB RMC-100, ABB RMC-100 LITE. An attacker can gain access to salted information to decrypt MQTT information. This issue affects RMC-100: from 2105457-043 through 2105457-045; RMC-100 LITE: from 2106229-015 through 2106229-016...

CVE-2025-6071 Hard Coded Key used for AES encryption

Use of Hard-coded Cryptographic Key vulnerability in ABB RMC-100, ABB RMC-100 LITE. An attacker can gain access to salted information to decrypt MQTT information. This issue affects RMC-100: from 2105457-043 through 2105457-045; RMC-100 LITE: from 2106229-015 through 2106229-016...

CVE-2025-6071

CVE-2025-6071 affects ABB RMC-100 (2105457-043..045) and RMC-100 LITE (2106229-015..016). Root cause: use of a hard-coded cryptographic key, enabling an attacker with access to salted data to decrypt MQTT information. Impact per sources: unauthorized access to MQTT configuration data and potentia...

CVE-2025-6074 Authentication Bypass to the MQTT configuration Web Interface

Use of Hard-coded Cryptographic Key vulnerability in ABB RMC-100, ABB RMC-100 LITE. When the REST interface is enabled by the user, and an attacker gains access to source code and control network, the attacker can bypass the REST interface authentication and gain access to MQTT configuration data...

CVE-2025-6074

CVE-2025-6074 concerns ABB RMC-100 and ABB RMC-100 LITE. The issue is a use of a hard-coded cryptographic key that enables bypassing REST interface authentication, allowing an attacker who has access to the source code and control network to gain access to MQTT configuration data when the REST in...

PT-2025-27818 · Abb · Abb Rmc-100 +1

Name of the Vulnerable Software and Affected Versions: ABB RMC-100 versions 2105457-043 through 2105457-045 ABB RMC-100 LITE versions 2106229-015 through 2106229-016 Description: The issue is related to the use of a hard-coded cryptographic key. When the REST interface is enabled and an attacker...

CVE-2025-6669

A vulnerability was found in gooaclok819 sublinkX up to 1.8. It has been declared as problematic. This vulnerability affects unknown code of the file middlewares/jwt.go. The manipulation with the input sublink leads to use of hard-coded cryptographic key . The attack can be initiated remotely. Th...

CVE-2025-6669

A vulnerability was found in gooaclok819 sublinkX up to 1.8. It has been declared as problematic. This vulnerability affects unknown code of the file middlewares/jwt.go. The manipulation with the input sublink leads to use of hard-coded cryptographic key . The attack can be initiated remotely. Th...

CVE-2025-6669 gooaclok819 sublinkX jwt.go hard-coded key

A vulnerability was found in gooaclok819 sublinkX up to 1.8. It has been declared as problematic. This vulnerability affects unknown code of the file middlewares/jwt.go. The manipulation with the input sublink leads to use of hard-coded cryptographic key . The attack can be initiated remotely. Th...

CVE-2025-6669 gooaclok819 sublinkX jwt.go hard-coded key

A vulnerability was found in gooaclok819 sublinkX up to 1.8. It has been declared as problematic. This vulnerability affects unknown code of the file middlewares/jwt.go. The manipulation with the input sublink leads to use of hard-coded cryptographic key . The attack can be initiated remotely. Th...

CVE-2025-6669

The CVE-2025-6669 entry concerns gooaclok819 sublinkX (versions up to 1.8). The root cause is in the code path middlewares/jwt.go where the input (sublink) manipulation leads to using a hard-coded cryptographic key, enabling remote exploitation. Public-admitted exploit maturity is noted (PoC). Re...

PT-2025-26909 · Sublinkx · Sublinkx

Name of the Vulnerable Software and Affected Versions: gooaclok819 sublinkX versions up to 1.8 Description: A vulnerability was found in the unknown code of the file middlewares/jwt.go. The manipulation with the input sublink leads to the use of a hard-coded cryptographic key. The attack can be...

VulnCheck KEV: CVE-2023-22463

KubePi is a k8s panel. The jwt authentication function of KubePi through version 1.6.2 uses hard-coded Jwtsigkeys, resulting in the same Jwtsigkeys for all online projects. This means that an attacker can forge any jwt token to take over the administrator account of any online project. Furthermor...

Unspecified Vulnerability in Ivanti Workspace Control

Ivanti Workspace Control is a desktop management solution from Ivanti. A security vulnerability exists in Ivanti Workspace Control, which is rooted in a hard-coded key that can be exploited by an attacker to decrypt stored environment variable credentials and obtain sensitive information...

CVE-2025-35940 Hard-coded ArchiverSpaApi JWT Signing Key

The ArchiverSpaApi ASP.NET application uses a hard-coded JWT signing key. An unauthenticated remote attacker can generate and use a verifiable JWT token to access protected ArchiverSpaApi URL endpoints...

Ivanti Workspace Control 安全漏洞

Ivanti Workspace Control is a suite of workspace control software from Ivanti USA. The software includes features such as user management, application management and report management. A security vulnerability exists in Ivanti Workspace Control prior to version 10.19.0.0, which stems from a...

Ivanti Workspace Control 安全漏洞

Ivanti Workspace Control is a suite of workspace control software from Ivanti USA. The software includes features such as user management, application management and report management. A security vulnerability exists in Ivanti Workspace Control versions prior to 10.19.10.0, which stems from a...

Unicom Focal Point 安全漏洞

Unicom Focal Point is a portfolio management and decision analysis tool from Unicom, Inc. for use by corporate and government agency product organizations. A security vulnerability exists in Unicom Focal Point version 7.6.1, which stems from the database being encrypted using a hard-coded key,...