202 matches found
CVE-2020-28216
A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 firmware 2.7 and older, that would allow an attacker to read network traffic over HTTP protocol...
Schneider Electric Easergy T300
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely Vendor: Schneider Electric Equipment: Easergy T300 Vulnerability : Missing Authentication for Critical Function, Missing Authorization, Missing Encryption of Sensitive Data, Improper Restriction of Rendered UI Layers or Frames 2...
CVE-2020-7567
A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Modicon M221 all references, all versions that could allow the attacker to find the password hash when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller and broke t...
Default credentials
A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Modicon M221 all references, all versions that could allow the attacker to find the password hash when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller and broke t...
ABUS Secvest Wireless Control Device Missing Encryption Vulnerability
The wireless communication of the ABUS Secvest Wireless Control Device FUBE50001 for transmitting sensitive data like PIN codes or IDs of used proximity chip keys RFID tokens is not encrypted. Product: ABUS Secvest Wireless Control Device FUBE50001 Manufacturer: ABUS Affected Versions: N/A Tested...
Baxter ExactaMix (Update A)
1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Baxter Equipment: Baxter ExactaMix EM 2400 & EM 1200 Vulnerabilities: Use of Hard-coded Password, Cleartext Transmission of Sensitive Data, Missing Encryption of Sensitive Data, Improper Access...
DEBIAN-CVE-2019-5448
Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Data due to HTTP URLs in lockfile causing unencrypted authentication data to be sent over the network...
CVE-2019-5448
Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Data due to HTTP URLs in lockfile causing unencrypted authentication data to be sent over the network...
CVE-2019-5448
CVE-2019-5448 affects Yarn; the vulnerability arises from HTTP URLs in a Yarn lockfile that can cause unencrypted authentication data to be transmitted. The connected advisories confirm Photon OS and Nessus plugins flag Yarn as affected and advise updating the Yarn package to mitigate. The exact ...
Orpak SiteOmat
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits available Vendor: Orpak acquired by Gilbarco Veeder-Root Equipment: SiteOmat Vulnerabilities: Use of Hard-coded Credentials, Cross-site Scripting, SQL Injection, Missing Encryption of...
Missing Sensitive Data Encryption Vulnerability in ABUS Secvest FUBE50014 and ABUS Secvest FUBE50015
ABUS Secvest FUBE50014 and ABUS Secvest FUBE50015 are both wireless remote controls from ABUS Germany. A security vulnerability exists in ABUS Secvest FUBE50014 and ABUS Secvest FUBE50015, which originates from the program not encrypting sensitive data. An attacker can exploit the vulnerability t...
Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server
1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low skill level to exploit/information related to these vulnerabilities is publicly available Vendor: Hangzhou Xiongmai Technology Co., Ltd Equipment: XMeye P2P Cloud Server Vulnerabilities: Predictable From Observable State, Hidden...
Philips Alice 6 Vulnerabilities (Update B)
1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendor: Philips Equipment: Philips Alice 6 System product Vulnerabilities: Improper Authentication, Missing Encryption of Sensitive Data 2. UPDATE INFORMATION This updated...
Schneider Electric Pelco VideoXpert Missing Encryption Of Sensitive Information
Summary VideoXpert is a video management solution designed for scalability, fitting the needs surveillance operations of any size. VideoXpert Ultimate can also aggregate other VideoXpert systems, tying multiple video management systems into a single interface. Description The software transmits...
ICSMA-17-292-01_Boston Scientific ZOOM LATITUDE PRM Vulnerabilities
OVERVIEW Researchers Jonathan Butts and Billy Rios of Whitescope have identified two vulnerabilities in Boston Scientific’s ZOOM LATITUDE Programmer/Recorder/Monitor PRM – Model 3120. Boston Scientific has provided compensating controls to reduce the risk of exploitation. AFFECTED PRODUCTS The...
ICSMA-17-241-01_Abbott Laboratories ' Accent/Anthem, Accent MRI, Assurity/Allure, and Assurity MRI Pacemaker Vulnerabilities
OVERVIEW MedSec Holdings Ltd has identified vulnerabilities in Abbott Laboratories’ formerly St. Jude Medical pacemakers. Abbott has produced a firmware patch to help mitigate the identified vulnerabilities in their pacemakers that utilize radio frequency RF communications. A third-party security...
Schneider Electric Pelco VideoXpert Missing Encryption
Schneider Electric Pelco VideoXpert Missing Encryption Of Sensitive Information Vendor: Schneider Electric SE Product web page: https://www.pelco.com Affected version: 2.0.41 1.14.7 1.12.105 Summary: VideoXpert is a video management solution designed for scalability, fitting the needs surveillanc...
Lenovo ShareIT Information Disclosure / Hardcoded Password
Advisory Information Title: Lenovo ShareIT Multiple Vulnerabilities Advisory ID: CORE-2016-0002 Advisory URL: http://www.coresecurity.com/advisories/lenovo-shareit-multiple-vulnerabilities Date published: 2016-01-25 Date of last update: 2016-01-22 Vendors contacted: Lenovo Release mode:...
RSI Video Technologies Videofied security system Frontel software uses an insecure custom protocol
Overview RSI Video Technologies' Videofied security system uses a software named Frontel to monitor alarm status. Frontel uses an insecure custom protocol to communicate with its Frontel server. Description Frontel uses a custom protocol running on TCP port 888. The protocol performs an...
Dedicated Micros DVR products use plaintext protocols and require no password by default
Overview Dedicated Micros DVR products, including the DV-IP Express, SD Advanced, SD, EcoSense, and DS2, by default use plaintext protocols and require no password. Description CWE-311: Missing Encryption of Sensitive Data Dedicated Micros DVR products by default use HTTP, telnet, and FTP rather...