PT-2023-22621 · Hopechart · Hopechart Hqt-401 Telematics Unit

Name of the Vulnerable Software and Affected Versions: HopeChart HQT-401 telematics unit version 201808021036 HopeChart HQT-401 telematics unit versions prior to the fixed version fixed version not specified Description: Insufficient authentication in the MQTT backend allows an attacker to access...

MQTT 授权问题漏洞

MQTT Message Queuing Telemetry Transport is an ISO standard ISO/IEC PRF 20922 based on the Publish/Subscribe paradigm of messaging protocols, which works on the TCP/IP family of protocols, and is designed for remote devices with low hardware performance and poor network conditions. It works on th...

Fortinet FortiClient Trust Management Issue Vulnerability (CNVD-2022-03936)

Fortinet FortiClient is a mobile endpoint security solution from Fortinet, a US-based company. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to a FortiGate firewall appliance.Fortinet FortiClient has a security...

CVE-2021-41028

A combination of a use of hard-coded cryptographic key vulnerability CWE-321 in FortiClientEMS 7.0.1 and below, 6.4.6 and below and an improper certificate validation vulnerability CWE-297 in FortiClientWindows, FortiClientLinux and FortiClientMac 7.0.1 and below, 6.4.6 and below may allow an...

CVE-2021-41028

A combination of a use of hard-coded cryptographic key vulnerability CWE-321 in FortiClientEMS 7.0.1 and below, 6.4.6 and below and an improper certificate validation vulnerability CWE-297 in FortiClientWindows, FortiClientLinux and FortiClientMac 7.0.1 and below, 6.4.6 and below may allow an...

CVE-2021-41028

CVE-2021-41028 affects Fortinet FortiClient EMS up to 7.0.1 (and 6.4.6 and below) and FortiClient components for Windows, Linux, and macOS up to 7.0.1 and 6.4.6 and below. The root causes are a hard-coded cryptographic key in FortiClientEMS and improper certificate validation in FortiClient clien...

CVE-2021-41028

A combination of a use of hard-coded cryptographic key vulnerability CWE-321 in FortiClientEMS 7.0.1 and below, 6.4.6 and below and an improper certificate validation vulnerability CWE-297 in FortiClientWindows, FortiClientLinux and FortiClientMac 7.0.1 and below, 6.4.6 and below may allow an...

Fortinet FortiClient 信任管理问题漏洞

Fortinet FortiClient is a mobile endpoint security solution from Fortinet, a US-based company. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to a FortiGate firewall appliance.Fortinet FortiClient has a security...

FortiClientEMS & FortiClient - Telemetry protocol is vulnerable to a MitM Vulnerability

A combination of a use of hard-coded cryptographic key vulnerability CWE-321 in FortiClientEMS and an improper certificate validation vulnerability CWE-297 in FortiClientWindows, FortiClientLinux and FortiClientMac may allow an unauthenticated and network adjacent attacker to perform a...

CVE-2019-6540

The CVE-2019-6540 issue is concrete: the Conexus telemetry protocol used by Medtronic MyCareLink/CareLink devices and related CRT-D/ICD hardware does not encrypt communications (Cleartext Transmission of Sensitive Information) and, per ICS-CERT, can be exploited by an attacker with adjacent, shor...

CVE-2019-6538

The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro IC...

CVE-2019-6538

The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro IC...

CVE-2019-6538

CVE-2019-6538 concerns Medtronic Conexus radio telemetry protocol lacking authentication/authorization. Connected sources (ICS advisory and coverage) specify the affected devices include MyCareLink Monitor (versions 24950/24952), CareLink Monitor (2490C), CareLink 2090 Programmer, and multiple Me...

CVE-2019-6538 Medtronic Conexus Radio Frequency Telemetry Protocol Improper Access Control

The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro IC...

Medtronic Defibrillators Have Critical Flaws, Warns DHS

The Department of Homeland Security has issued an emergency alert warning of critical flaws allowing attackers to tamper with several Medtronic medical devices, including defibrillators. The two vulnerabilities – comprised of a medium and critical-severity flaw – exist in 20 products made by the...

USN-3374-1 rabbitmq-server vulnerability

It was discovered that RabbitMQ incorrectly handled MQTT MQ Telemetry Transport authentication. A remote attacker could use this issue to authenticate successfully with an existing username by omitting the password...