AVEVA Wonderware System Platform

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Low skill level to exploit Vendor: AVEVA Equipment: Wonderware System Platform Vulnerability: Insufficiently Protected Credentials 2. RISK EVALUATION This vulnerability could allow unauthorized access to the credentials for the ArchestrA Network User...

Circontrol CirCarLife

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Circontrol Equipment: CirCarLife Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of these...

Crestron TSW-X60 and MC3

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Crestron Equipment: TSW-X60 and MC3 Vulnerabilities: OS Command Injections, Improper Access Control, Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of these...

Low severity vulnerability that affects sensu

The sensu rubygem prior to version 1.2.0 contains a CWE-522 Insufficiently Protected Credentials flaw that can result in sensitive configuration data e.g. passwords being logged in clear-text. Users are advised to upgrade to rubygem version 1.2.1 or later...

Design/Logic Flaw

Jenkins project Jenkins AWS CodePipeline Plugin version 0.36 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSCodePipelineSCM.java that can result in Credentials Disclosure. This attack appear to be exploitable via local file access. This vulnerability appears to ha...

CVE-2018-1000403

Jenkins project Jenkins AWS CodeDeploy Plugin version 1.19 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSCodeDeployPublisher.java that can result in Credentials Disclosure. This attack appear to be exploitable via local file access. This vulnerability appears to...

Design/Logic Flaw

Jenkins project Jenkins AWS CodeDeploy Plugin version 1.19 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSCodeDeployPublisher.java that can result in Credentials Disclosure. This attack appear to be exploitable via local file access. This vulnerability appears to...

CVE-2018-1000404

Jenkins project Jenkins AWS CodeBuild Plugin version 0.26 and earlier contains a Insufficiently Protected Credentials vulnerability in AWSClientFactory.java, CodeBuilder.java that can result in Credentials Disclosure. This attack appear to be exploitable via local file access. This vulnerability...

Yokogawa STARDOM Controllers (Update A)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Yokogawa Equipment: STARDOM Controllers --------- Begin Update A Part 1 of 5 -------- Vulnerabilities: Use of Hard-coded Credentials, Session Fixation, Insufficiently Protected Credentials,...

BeaconMedaes TotalAlert Scroll Medical Air Systems

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: BeaconMedaes Equipment: TotalAlert Scroll Medical Air Systems web application Vulnerabilities: Improper Access Control, Insufficiently Protected Credentials, Unprotected Storage of Credentials 2...

Vecna VGo Robot (Update A)

1. EXECUTIVE SUMMARY CVSS v3 8.8 --------- Begin Update A Part 1 of 6 --------- ATTENTION: Exploitable remotely/low skill level to exploit --------- End Update A Part 1 of 6 --------- Vendor: Vecna Technologies, Inc. Vecna Equipment: VGo Robot --------- Begin Update A Part 2 of 6 ---------...

CVE-2017-13998

An Insufficiently Protected Credentials issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The application does not sufficiently protect sensitive information from unauthorized access...

Siemens LOGO! (Update A)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: LOGO! Vulnerabilities: Insufficiently Protected Credentials, Man-in-the-Middle 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled...

CVE-2017-6046

An Insufficiently Protected Credentials issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Sensitive information is insufficiently protected during transmission and vulnerable to sniffing, which could lead to...

Information disclosure

An Insufficiently Protected Credentials issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Sensitive information is insufficiently protected during transmission and vulnerable to sniffing, which could lead to...

CVE-2017-6046

CVE-2017-6046 affects Sierra Wireless AirLink Raven XE (all versions before 4.0.14) and Raven XT (all versions before 4.0.11). Root cause: Insufficiently protected credentials during transmission, leading to potential information disclosure via sniffing. Impact per sources: confidentiality loss (...

CVE-2017-6028

Schneider Electric Modicon PLCs Modicon M241 (all firmware) and M251 (all firmware) are affected by CVE-2017-6028, where login credentials are transmitted over the network using Base64, enabling sniffing and potential unauthorized web access. No exploits are publicly known in the provided docs. R...

HP SiteScope Multiple Vulnerabilities

HP SiteScope is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:hp:sitescope"; ifdescription...

HPE SiteScope contains multiple vulnerabilities

Overview HPE's SiteScope is vulnerable to several cryptographic issues, insufficiently protected credentials, and missing authentication. Description HPE's SiteScope is vulnerable to several vulnerabilities. The researcher reports that version 11.31.461 is affected; other versions may also be...

Schneider Electric Modicon PLCs

CVSS v3 7.5 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Schneider Electric Equipment: Modicon PLCs Vulnerability: Predictable Value Range from Previous Values, Use of Insufficiently Random Values, Insufficiently Protected Credentials AFFECTED PRODUCTS The following version...