Lucene search
+L

148 matches found

ATTACKERKB
ATTACKERKB
added 2022/02/09 11:15 p.m.6 views

CVE-2022-24318

A CWE-326: Inadequate Encryption Strength vulnerability exists that could cause non-encrypted communication with the server when outdated versions of the ViewX client are used. Affected Product: ClearSCADA All Versions, EcoStruxure Geo SCADA Expert 2019 All Versions, EcoStruxure Geo SCADA Expert...

7.5CVSS7.1AI score0.00391EPSS
Exploits0References2
CVE
CVE
added 2022/02/09 10:5 p.m.93 views

CVE-2022-24318

CVE-2022-24318 affects ClearSCADA (All Versions) and EcoStruxure Geo SCADA Expert 2019/2020. The root cause is CWE-326: Inadequate Encryption Strength, causing non‑encrypted communication with the server when using outdated ViewX clients. The CVSS metrics updated show an attacker‑friendly network...

7.5CVSS7.5AI score0.00391EPSS
Exploits0References1Affected Software3
Cvelist
Cvelist
added 2022/02/09 10:5 p.m.41 views

CVE-2022-24318

A CWE-326: Inadequate Encryption Strength vulnerability exists that could cause non-encrypted communication with the server when outdated versions of the ViewX client are used. Affected Product: ClearSCADA All Versions, EcoStruxure Geo SCADA Expert 2019 All Versions, EcoStruxure Geo SCADA Expert...

7.7AI score0.00391EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2022/02/07 12:0 a.m.23 views

Siemens SIPROTEC 4, SIPROTEC Compact, DIGSI 4, and EN100 Ethernet Module Inadequate Encryption Strength (CVE-2018-4839)

A vulnerability has been identified in DIGSI 4 All versions V4.92, EN100 Ethernet module DNP3 variant All versions V1.05.00, EN100 Ethernet module IEC 104 variant All versions, EN100 Ethernet module IEC 61850 variant All versions V4.30, EN100 Ethernet module Modbus TCP variant All versions, EN100...

5.3CVSS6.3AI score0.00587EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEV
added 2021/11/03 12:0 a.m.5 views

VulnCheck KEV: CVE-2018-15811

DotNetNuke DNN contains an inadequate encryption strength vulnerability resulting from the use of a weak encryption algorithm to protect input parameters...

7.5CVSS7.1AI score0.74048EPSS
Exploits4References1
OSV
OSV
added 2021/09/02 1:15 a.m.2 views

CVE-2021-31796

An inadequate encryption vulnerability discovered in CyberArk Credential Provider before 12.1 may lead to Information Disclosure. An attacker may realistically have enough information that the number of possible keys for a credential file is only one, and the number is usually not higher than 2^3...

7.5CVSS7.1AI score
Exploits0References4
ICS
ICS
added 2021/07/08 12:0 a.m.288 views

MDT AutoSave

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: MDT Software Equipment: MDT AutoSave Vulnerabilities: Inadequate Encryption Strength, SQL Injection, Relative Path Traversal, Command Injection, Uncontrolled Search Path Element, Generation of Error...

10CVSS9.1AI score0.01183EPSS
Exploits0References5
Cvelist
Cvelist
added 2021/06/28 11:2 a.m.23 views

CVE-2021-32496

SICK Visionary-S CX up version 5.21.2.29154R are vulnerable to an Inadequate Encryption Strength vulnerability concerning the internal SSH interface solely used by SICK for recovering returned devices. The use of weak ciphers make it easier for an attacker to break the security that protects...

5.4AI score0.00264EPSS
Exploits0References1
Sick AG
Sick AG
added 2021/06/25 10:0 a.m.11 views

Inadequate SSH configuration in SICK Visionary-S CX

SICK received a report that informed SICK about an Inadequate Encryption Strength vulnerability in the SICK product “SICK Visionary-S CX” concerning the internal SSH interface solely used by SICK for recovering returned devices. Currently SICK is not aware of any public exploits specifically...

3.7CVSS7AI score0.00264EPSS
Exploits0
Cvelist
Cvelist
added 2021/03/19 3:25 p.m.26 views

CVE-2021-21387 Partial secret key disclosure, improper safety number calculation, & inadequate encryption strength

Wrongthink peer-to-peer, end-to-end encrypted messenger with PeerJS and Axolotl ratchet. In wrongthink from version 2.0.0 and before 2.3.0 there was a set of vulnerabilities causing inadequate encryption strength. Part of the secret identity key was disclosed by the fingerprint used for connectio...

8.1CVSS8.5AI score0.00396EPSS
Exploits0References1
ICS
ICS
added 2020/12/08 12:0 a.m.85 views

Schneider Electric Modicon M221 Programmable Logic Controller

1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Exploitable from an adjacent network Vendor: Schneider Electric Equipment: Modicon M221 Programmable Logic Controller Vulnerabilities: Inadequate Encryption Strength, Small Space of Random Values, Missing Encryption of Sensitive Data, Exposure of...

9.8CVSS6.5AI score0.00719EPSS
Exploits0References5
CVE
CVE
added 2020/11/19 9:10 p.m.76 views

CVE-2020-7565

CVE-2020-7565 affects Schneider Electric Modicon M221 PLCs (all versions) and is about Inadequate Encryption Strength (CWE-326). The root cause is weakness in cryptographic protection that could allow an attacker to break the encryption key when intercepting traffic between EcoStruxure Machine - ...

7.3CVSS7AI score0.0029EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2020/11/19 9:10 p.m.7 views

CVE-2020-7565

A CWE-326: Inadequate Encryption Strength vulnerability exists in Modicon M221 all references, all versions that could allow the attacker to break the encryption key when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller...

7.1AI score0.0029EPSS
Exploits0References2
CVE
CVE
added 2020/11/12 6:8 p.m.87 views

CVE-2020-8761

CVE-2020-8761 : Multiple sources confirm an issue in Intel CSME where inadequate encryption strength in CSME versions before 13.0.40 and 13.30.10 can lead to information disclosure if an attacker has physical access. The vulnerability is described in Intel’s INTEL-SA-00391 advisory and related Re...

4.6CVSS5AI score0.00153EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2020/11/10 12:0 a.m.18 views

PT-2020-6348

Name of the Vulnerable Software and Affected Versions Modicon M221 all versions Modicon M100 affected versions not specified Modicon M200 affected versions not specified Description A CWE-326: Inadequate Encryption Strength issue exists that could allow an attacker to break the encryption key whe...

7.8CVSS7.1AI score0.0029EPSS
Exploits0References11
ICS
ICS
added 2020/08/25 12:0 a.m.76 views

Emerson OpenEnterprise

1. EXECUTIVE SUMMARY CVSS v3 3,8 ATTENTION: Low skill level to exploit Vendor: Emerson Equipment: OpenEnterprise SCADA Software Vulnerability: Inadequate Encryption Strength 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker access to credentials held by...

6.5CVSS5.5AI score0.00097EPSS
Exploits0References5
CVE
CVE
added 2020/06/03 4:22 p.m.59 views

CVE-2020-13785

CVE-2020-13785 affects D-Link DIR-865L Ax with firmware 1.20B01 Beta. The vulnerability is described as Inadequate Encryption Strength in the device’s SharePort/Web access context, impacting confidentiality. Affected version is explicitly 1.20B01 Beta; CVSS v3.1 base score is 7.5 (HIGH). Connecte...

7.5CVSS7.6AI score0.00587EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2020/06/03 4:22 p.m.45 views

CVE-2020-13785

D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Strength...

7.7AI score0.00587EPSS
Exploits1References2
ICS
ICS
added 2020/03/24 12:0 a.m.118 views

VISAM Automation Base (VBASE) (Update B)

1. EXECUTIVE SUMMARY CVSS v3 9.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: VISAM Equipment: VBASE Vulnerabilities: Relative Path Traversal, Incorrect Default Permissions, Inadequate Encryption Strength, Insecure Storage of Sensitive Information, Stack-based Buffer Overflow...

9.8CVSS9.4AI score0.02515EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2019/11/08 12:0 a.m.20 views

Rockwellautomation 1763-l16awa Inadequate Encryption Strength

A Weak Password Requirements issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version...

5CVSS3.1AI score0.02736EPSS
Exploits0References3
Rows per page
Query Builder