CVE-2022-29833

Insufficiently Protected Credentials vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users could access to MELSEC safety CPU modules illgally...

CVE-2022-29833

CVE-2022-29833 affects Mitsubishi Electric GX Works3, versions 1.015R and later. The issue is labeled Insufficiently Protected Credentials, enabling a remote unauthenticated attacker to disclose sensitive information, potentially allowing access to MELSEC safety CPU modules. Connected advisories ...

CVE-2022-38121 POWERCOM CO., LTD. UPSMON PRO - Insufficiently Protected Credentials

UPSMON PRO configuration file stores user password in plaintext under public user directory. A remote attacker with general user privilege can access all users‘ and administrators' account names and passwords via this unprotected configuration file...

Siemens SINUMERIK ONE and SINUMERIK MC

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

CVE-2022-28291

Insufficiently Protected Credentials: An authenticated user with debug privileges can retrieve stored Nessus policy credentials from the “nessusd” process in cleartext via process dumping. The affected products are all versions of Nessus Essentials and Professional. The vulnerability allows an...

CVE-2022-28291

Insufficiently Protected Credentials: An authenticated user with debug privileges can retrieve stored Nessus policy credentials from the “nessusd” process in cleartext via process dumping. The affected products are all versions of Nessus Essentials and Professional. The vulnerability allows an...

Siemens SIMATIC S7-1200 and S7-1500 CPU Families

1. EXECUTIVE SUMMARY CVSS v3 9.3 ATTENTION: Low attack complexity Vendor: Siemens Equipment: SIMATIC S7-1200 and S7-1500 CPU families Vulnerability: Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could expose confidential configuration data...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2022-2454)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP8 : curl (EulerOS-SA-2022-2454)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2022-2377)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.9.0 : curl (EulerOS-SA-2022-2377)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated...

EulerOS Virtualization 2.9.1 : curl (EulerOS-SA-2022-2341)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated...

CVE-2022-39816

In NOKIA 1350 OMS R14.2, Insufficiently Protected Credentials cleartext administrator password occur in the edit configuration page. Exploitation requires an authenticated attacker...

Default credentials

In NOKIA 1350 OMS R14.2, Insufficiently Protected Credentials cleartext administrator password occur in the edit configuration page. Exploitation requires an authenticated attacker...

CVE-2022-39816

In NOKIA 1350 OMS R14.2, Insufficiently Protected Credentials cleartext administrator password occur in the edit configuration page. Exploitation requires an authenticated attacker...

CVE-2022-39816

NOKIA 1350 OMS R14.2 is affected by CVE-2022-39816: the edit configuration page exposes cleartext administrator credentials, exploitable by an authenticated attacker. The vulnerable component is the edit configuration flow, with the specific endpoint implicated as /cgi-bin/R14.2/cgi-bin/R14.2/hos...

CVE-2021-36783

A Insufficiently Protected Credentials vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners and Project Members to read credentials, passwords and API tokens that have been stored in cleartext and exposed via API endpoints. This issue affects: SUSE...

CVE-2021-36783

CVE-2021-36783 (Rancher info-disclosure) affects SUSE Rancher where credentials, passwords and API tokens stored in cleartext are exposed via API endpoints to authenticated users (Cluster Owners/Members, Project Owners/Members). Affected: Rancher versions before 2.6.4 (and 2.5.x before 2.5.13). R...

Amazon Linux 2022 : curl, curl-minimal, libcurl (ALAS2022-2022-055)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-055 advisory. A vulnerability was found in curl. This security flaw allows reusing OAUTH2-authenticated connections without properly ensuring that the connection was authenticated with the same credentials s...

Amazon Linux 2022 : curl, curl-minimal, libcurl (ALAS2022-2022-065)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-065 advisory. A vulnerability was found in curl. This security flaw allows reusing OAUTH2-authenticated connections without properly ensuring that the connection was authenticated with the same credentials s...