148 matches found
CVE-2022-24318
A CWE-326: Inadequate Encryption Strength vulnerability exists that could cause non-encrypted communication with the server when outdated versions of the ViewX client are used. Affected Product: ClearSCADA All Versions, EcoStruxure Geo SCADA Expert 2019 All Versions, EcoStruxure Geo SCADA Expert...
CVE-2022-24318
CVE-2022-24318 affects ClearSCADA (All Versions) and EcoStruxure Geo SCADA Expert 2019/2020. The root cause is CWE-326: Inadequate Encryption Strength, causing non‑encrypted communication with the server when using outdated ViewX clients. The CVSS metrics updated show an attacker‑friendly network...
CVE-2022-24318
A CWE-326: Inadequate Encryption Strength vulnerability exists that could cause non-encrypted communication with the server when outdated versions of the ViewX client are used. Affected Product: ClearSCADA All Versions, EcoStruxure Geo SCADA Expert 2019 All Versions, EcoStruxure Geo SCADA Expert...
Siemens SIPROTEC 4, SIPROTEC Compact, DIGSI 4, and EN100 Ethernet Module Inadequate Encryption Strength (CVE-2018-4839)
A vulnerability has been identified in DIGSI 4 All versions V4.92, EN100 Ethernet module DNP3 variant All versions V1.05.00, EN100 Ethernet module IEC 104 variant All versions, EN100 Ethernet module IEC 61850 variant All versions V4.30, EN100 Ethernet module Modbus TCP variant All versions, EN100...
VulnCheck KEV: CVE-2018-15811
DotNetNuke DNN contains an inadequate encryption strength vulnerability resulting from the use of a weak encryption algorithm to protect input parameters...
CVE-2021-31796
An inadequate encryption vulnerability discovered in CyberArk Credential Provider before 12.1 may lead to Information Disclosure. An attacker may realistically have enough information that the number of possible keys for a credential file is only one, and the number is usually not higher than 2^3...
MDT AutoSave
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: MDT Software Equipment: MDT AutoSave Vulnerabilities: Inadequate Encryption Strength, SQL Injection, Relative Path Traversal, Command Injection, Uncontrolled Search Path Element, Generation of Error...
CVE-2021-32496
SICK Visionary-S CX up version 5.21.2.29154R are vulnerable to an Inadequate Encryption Strength vulnerability concerning the internal SSH interface solely used by SICK for recovering returned devices. The use of weak ciphers make it easier for an attacker to break the security that protects...
Inadequate SSH configuration in SICK Visionary-S CX
SICK received a report that informed SICK about an Inadequate Encryption Strength vulnerability in the SICK product “SICK Visionary-S CX” concerning the internal SSH interface solely used by SICK for recovering returned devices. Currently SICK is not aware of any public exploits specifically...
CVE-2021-21387 Partial secret key disclosure, improper safety number calculation, & inadequate encryption strength
Wrongthink peer-to-peer, end-to-end encrypted messenger with PeerJS and Axolotl ratchet. In wrongthink from version 2.0.0 and before 2.3.0 there was a set of vulnerabilities causing inadequate encryption strength. Part of the secret identity key was disclosed by the fingerprint used for connectio...
Schneider Electric Modicon M221 Programmable Logic Controller
1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Exploitable from an adjacent network Vendor: Schneider Electric Equipment: Modicon M221 Programmable Logic Controller Vulnerabilities: Inadequate Encryption Strength, Small Space of Random Values, Missing Encryption of Sensitive Data, Exposure of...
CVE-2020-7565
CVE-2020-7565 affects Schneider Electric Modicon M221 PLCs (all versions) and is about Inadequate Encryption Strength (CWE-326). The root cause is weakness in cryptographic protection that could allow an attacker to break the encryption key when intercepting traffic between EcoStruxure Machine - ...
CVE-2020-7565
A CWE-326: Inadequate Encryption Strength vulnerability exists in Modicon M221 all references, all versions that could allow the attacker to break the encryption key when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller...
CVE-2020-8761
CVE-2020-8761 : Multiple sources confirm an issue in Intel CSME where inadequate encryption strength in CSME versions before 13.0.40 and 13.30.10 can lead to information disclosure if an attacker has physical access. The vulnerability is described in Intel’s INTEL-SA-00391 advisory and related Re...
PT-2020-6348
Name of the Vulnerable Software and Affected Versions Modicon M221 all versions Modicon M100 affected versions not specified Modicon M200 affected versions not specified Description A CWE-326: Inadequate Encryption Strength issue exists that could allow an attacker to break the encryption key whe...
Emerson OpenEnterprise
1. EXECUTIVE SUMMARY CVSS v3 3,8 ATTENTION: Low skill level to exploit Vendor: Emerson Equipment: OpenEnterprise SCADA Software Vulnerability: Inadequate Encryption Strength 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker access to credentials held by...
CVE-2020-13785
CVE-2020-13785 affects D-Link DIR-865L Ax with firmware 1.20B01 Beta. The vulnerability is described as Inadequate Encryption Strength in the device’s SharePort/Web access context, impacting confidentiality. Affected version is explicitly 1.20B01 Beta; CVSS v3.1 base score is 7.5 (HIGH). Connecte...
CVE-2020-13785
D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Strength...
VISAM Automation Base (VBASE) (Update B)
1. EXECUTIVE SUMMARY CVSS v3 9.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: VISAM Equipment: VBASE Vulnerabilities: Relative Path Traversal, Incorrect Default Permissions, Inadequate Encryption Strength, Insecure Storage of Sensitive Information, Stack-based Buffer Overflow...
Rockwellautomation 1763-l16awa Inadequate Encryption Strength
A Weak Password Requirements issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version...