Hitachi ABB Power Grids Retail Operations and CSB Products

1. EXECUTIVE SUMMARY CVSS v3 7.7 ATTENTION: Exploitable remotely Vendor: Hitachi ABB Power Grids Equipment: Retail Operations and Counterparty Settlement Billing CSB Vulnerability: Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an...

CVE-2021-35529

Insufficiently Protected Credentials vulnerability in client environment of Hitachi ABB Power Grids Retail Operations and Counterparty Settlement Billing CSB allows an attacker or unauthorized user to access database credentials, shut down the product and access or alter. This issue affects:...

CVE-2021-35529 Password in Memory Vulnerability in Retail Operations Product and Counterparty Settlement and Billing (CSB)

Insufficiently Protected Credentials vulnerability in client environment of Hitachi ABB Power Grids Retail Operations and Counterparty Settlement Billing CSB allows an attacker or unauthorized user to access database credentials, shut down the product and access or alter. This issue affects:...

CVE-2021-35529

CVE-2021-35529 concerns an insufficiently protected credentials flaw in Hitachi ABB Power Grids Retail Operations (versions up to 5.7.2) and Counterparty Settlement Billing (CSB) (versions up to 5.7.2). The root cause is inadequate protection of credentials in the client environment, which could ...

CVE-2021-20597

Insufficiently Protected Credentials vulnerability in Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU firmware versions "26" and prior and Mitsubishi Electric MELSEC iQ-R series SIL2 Process CPU modules R08/16/32/120PSFCPU firmware versions "11" and prior allows a...

OPENSUSE-SU-2021:1088-1 Security update for curl

This update for curl fixes the following issues: - CVE-2021-22925: TELNET stack contents disclosure again. bsc1188220 - CVE-2021-22924: Bad connection reuse due to flawed path name checks. bsc1188219 - CVE-2021-22923: Insufficiently Protected Credentials. bsc1188218 - CVE-2021-22922: Wrong conten...

SUSE-SU-2021:2462-1 Security update for curl

This update for curl fixes the following issues: - CVE-2021-22925: TELNET stack contents disclosure again. bsc1188220 - CVE-2021-22924: Bad connection reuse due to flawed path name checks. bsc1188219 - CVE-2021-22923: Insufficiently Protected Credentials. bsc1188218 - CVE-2021-22922: Wrong conten...

SUSE: Security Advisory (SUSE-SU-2021:2439-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2021:2440-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2021:2440-1 Security update for curl

This update for curl fixes the following issues: - CVE-2021-22925: TELNET stack contents disclosure again. bsc1188220 - CVE-2021-22924: Bad connection reuse due to flawed path name checks. bsc1188219 - CVE-2021-22923: Insufficiently Protected Credentials. bsc1188218 - CVE-2021-22922: Wrong conten...

CVE-2021-22778

Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert all versions prior to V15.0 SP1, including all versions of Unity Pro, EcoStruxure Process Expert all versions, including all versions of EcoStruxure Hybrid DCS, and SCADAPack RemoteConnect for x70, all version...

CVE-2021-22781

Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert all versions prior to V15.0 SP1, including all versions of Unity Pro, EcoStruxure Process Expert all versions, including all versions of EcoStruxure Hybrid DCS, and SCADAPack RemoteConnect for x70, all version...

CVE-2021-22778

Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert all versions prior to V15.0 SP1, including all versions of Unity Pro, EcoStruxure Process Expert all versions, including all versions of EcoStruxure Hybrid DCS, and SCADAPack RemoteConnect for x70, all version...

Design/Logic Flaw

Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert all versions prior to V15.0 SP1, including all versions of Unity Pro, EcoStruxure Process Expert all versions, including all versions of EcoStruxure Hybrid DCS, and SCADAPack RemoteConnect for x70, all version...

CVE-2021-22781

CVE-2021-22781 affects Schneider Electric EcoStruxure Control Expert (and Unity Pro), EcoStruxure Process Expert, and SCADAPack RemoteConnect for x70. Description: an Insufficiently Protected Credentials vulnerability could allow a leak of SMTP credentials used for mailbox authentication when an ...

CVE-2021-22780

CVE-2021-22780 describes an Insufficiently Protected Credentials issue across Schneider Electric EcoStruxure product lines (EcoStruxure Control Expert/Unity Pro, EcoStruxure Process Expert, SCADAPack RemoteConnect for x70). The vulnerability allows unauthorized access to a password-protected proj...

CVE-2021-22778

The CVE-2021-22778 issue is an Insufficiently Protected Credentials vulnerability affecting Schneider Electric EcoStruxure Control Expert (all versions before v15.0 SP1, including Unity Pro), EcoStruxure Process Expert (all versions, including EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect ...

Schneider Electric Modicon Controllers and Software (Update A)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor : Schneider Electric Equipment : EcoStruxure Control Expert, EcoStruxure Process Expert, SCADAPack RemoteConnect x70, SCADAPack x70 RTUs, and Modicon M580 and M340 control products Vulnerabilities :...

Design/Logic Flaw

D-Link DIR-2640-US 1.01B04 is affected by Insufficiently Protected Credentials. D-Link AC2600DIR-2640 stores the device system account password in plain text. It does not use linux user management. In addition, the passwords of all devices are the same, and they cannot be modified by normal users...

CVE-2021-34204

CVE-2021-34204 affects the D-Link DIR-2640-US (1.01B04). The root cause is Insufficiently Protected Credentials: the device stores the system account password in plain text and does not use standard Linux user management, with identical passwords across devices and non-modifiability by normal use...