77 matches found
CVE-2024-7755
CVE-2024-7755 affects HMS HMS EWON FLEXY 202 gateway (Firmware Version 14.2s0). The root cause is transmission of credentials using a weak encoding (base64), allowing an attacker on the network to sniff and decode credentials. Impact is credential exposure with potential lateral movement or unsup...
PT-2024-38563 · Unknown · Ewon Flexy 202
Name of the Vulnerable Software and Affected Versions: EWON FLEXY 202 affected versions not specified Description: The issue concerns the transmission of credentials using a weak encoding method, specifically base64. An attacker present in the network can intercept the traffic and decode the...
HMS EWON FLEXY 202 安全漏洞
HMS EWON FLEXY 202 is a multi-purpose IIoT data gateway from HMS Sweden. Allows machine builders and users to monitor and collect important KPIs for analysis and predictive maintenance. A security vulnerability exists in HMS EWON FLEXY 202 version 14.2s0 that stems from the use of the weak encodi...
CVE-2024-34542 Advantech ADAM-5630 Weak Encoding for Password
Advantech ADAM-5630 shares user credentials plain text between the device and the user source device during the login process...
Advantech ADAM 5630
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION : Low attack complexity Vendor : Advantech Equipment : ADAM-5630 Vulnerabilities : Use of Persistent Cookies Containing Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to hijack a...
Advantech ADAM-5550
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Low attack complexity Vendor : Advantech Equipment : ADAM-5550 Vulnerabilities : Weak Encoding for Password, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a remote attacker to intercept...
CVE-2024-42378
Due to weak encoding of user-controlled inputs, eProcurement on SAP S/4HANA allows malicious scripts to be executed in the application, potentially leading to a Reflected Cross-Site Scripting XSS vulnerability. This has no impact on the availability of the application, but it can have some minor...
CVE-2024-42378 Cross-Site Scripting (XSS) in eProcurement on S/4HANA
Due to weak encoding of user-controlled inputs, eProcurement on SAP S/4HANA allows malicious scripts to be executed in the application, potentially leading to a Reflected Cross-Site Scripting XSS vulnerability. This has no impact on the availability of the application, but it can have some minor...
CVE-2024-42378 Cross-Site Scripting (XSS) in eProcurement on S/4HANA
Due to weak encoding of user-controlled inputs, eProcurement on SAP S/4HANA allows malicious scripts to be executed in the application, potentially leading to a Reflected Cross-Site Scripting XSS vulnerability. This has no impact on the availability of the application, but it can have some minor...
CVE-2024-42378
CVE-2024-42378 affects SAP S/4HANA eProcurement. Root cause: weak encoding of user-controlled inputs enabling Reflected XSS. Impact is described as minor on confidentiality and integrity; no availability impact. Affected component is the eProcurement module within SAP S/4HANA; exploit details are...
CVE-2024-34685
Due to weak encoding of user-controlled input in SAP NetWeaver Knowledge Management XMLEditor which allows malicious scripts can be executed in the application, potentially leading to a Cross-Site Scripting XSS vulnerability. This has no impact on the availability of the application but it has a...
CVE-2024-34685 [CVE-2024-34685] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Knowledge Management XMLEditor
Due to weak encoding of user-controlled input in SAP NetWeaver Knowledge Management XMLEditor which allows malicious scripts can be executed in the application, potentially leading to a Cross-Site Scripting XSS vulnerability. This has no impact on the availability of the application but it has a...
CVE-2024-5434 Weak Encoding for Password vulnerability in Campbell Scientific CSI Web Server and RTMC
The Campbell Scientific CSI Web Server stores web authentication credentials in a file with a specific file name. Passwords within that file are stored in a weakly encoded format. There is no known way to remotely access the file unless it has been manually renamed. However, if an attacker were t...
CVE-2024-5434 Weak Encoding for Password vulnerability in Campbell Scientific CSI Web Server and RTMC
The Campbell Scientific CSI Web Server stores web authentication credentials in a file with a specific file name. Passwords within that file are stored in a weakly encoded format. There is no known way to remotely access the file unless it has been manually renamed. However, if an attacker were t...
Campbell Scientific CSI Web Server
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION : Exploitable remotely/low attack complexity Vendor : Campbell Scientific Equipment : CSI Web Server Vulnerabilities : Path Traversal, Weak Encoding for Password 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an...
PT-2024-36224 · Campbell Scientific · Campbell Scientific Csi Web Server
Name of the Vulnerable Software and Affected Versions: Campbell Scientific CSI Web Server affected versions not specified Description: The issue concerns the storage of web authentication credentials in a file with a specific name. The passwords in this file are stored in a weakly encoded format,...
Campbell Scientific CSI Web Server 安全漏洞
Campbell Scientific CSI Web Server is a web server from Campbell Scientific. A security vulnerability exists in Campbell Scientific CSI Web Server version 1.6 and prior versions, which originates when the password for a file is stored in a weakly encoded format, which allows an attacker to decode...
CVE-2024-23492
A weak encoding is used to transmit credentials for WS203VICM...
Code injection
A weak encoding is used to transmit credentials for WS203VICM...
CVE-2024-23492 Commend WS203VICM Weak Encoding for Password
A weak encoding is used to transmit credentials for WS203VICM...