MSC800 affected by hard-coded credentials vulnerability

The ICS-CERT reported a security vulnerability that affects MSC800 versions before 4.0. The MSC800 uses hard-coded credentials, which potentially allow low-skilled remote attackers to reconfigure settings and /or disrupt the functionality of the device. Currently SICK is not aware of any public...

Shenzhen Cylan Technology Clever Dog Smart Camera DOG-2W and DOG-2W-V4 Trust Management Issue Vulnerability

Shenzhen Cylan Technology Clever Dog Smart Camera DOG-2W and Shenzhen Cylan Technology Clever Dog Smart Camera DOG-2W-V4 are both a smart camera from China's Cylan Technology Shenzhen Cylan. Technology are both smart cameras from Shenzhen Cylan Technology. A security vulnerability exists in the...

CVE-2019-11479

Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kerne...

Hardcoded credentials

Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kerne...

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2019-4689)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4689 advisory. - tcp: enforce tcpminsndmss in tcpmtuprobing Eric Dumazet Orabug: 29886601 CVE-2019-11477 - tcp: add tcpminsndmss sysctl Eric Dumazet Orabug:...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4686)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4686 advisory. - tcp: enforce tcpminsndmss in tcpmtuprobing Eric Dumazet Orabug: 29886600 CVE-2019-11477 - tcp: add tcpminsndmss sysctl Eric Dumazet Orabug:...

TCP SACK Panic - Linux Kernel Vulnerability

Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kerne...

Polycom RealPresence Debut Information Disclosure Vulnerability

Polycom RealPresence Debut is an enterprise-grade small video conferencing solution from Polycom, Inc. A vulnerability with trust management issues exists in versions prior to Polycom RealPresence Debut 1.3.0-66872. The vulnerability stems from the lack of an effective trust management mechanism ...

WAGO Industrial Managed Switches 852-303, 852-1305 and 852-1505 Trust Management Issue Vulnerability (CNVD-2020-36950)

WAGO Industrial Managed Switches 852-303 and so on are a kind of industrial managed switches from Germany WAGO company. A trust management issue vulnerability exists in the WAGO Industrial Managed Switches 852-303 prior to version 1.2.2.S0, 852-1305 prior to version 1.1.6.S0, and 852-1505 prior t...

WAGO Industrial Managed Switches 852-303, 852-1305 and 852-1505 Trust Management Issue Vulnerability

WAGO Industrial Managed Switches 852-303 and so on are a kind of industrial managed switches from Germany WAGO company. A trust management issue exists in the WAGO Industrial Managed Switches 852-303 before 1.2.2.S0, 852-1305 before 1.1.6.S0, and 852-1505 before 1.1.5.S0, which can be exploited t...

WAGO Industrial Managed Switches 852-303, 852-1305, and 852-1505

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low skill level to exploit Vendor : WAGO Equipment : Industrial Managed Switches 852-303, 852-1305, and 852-1505 Vulnerabilities : Use of Hard-coded Credentials, Use of Hard-coded Cryptographic Key, Using Components with Known...

SAP Solution Manager Trust Management Issue Vulnerability

SAP Solution Manager is a set of system monitoring, SAP support desktop, self-service, ASAP implementation and other functions of the German SAP company as one of the system management platform. The platform can help customers establish SAP solution lifecycle management, and provide system...

CloudBees Jenkins JX Resources Plugin Trust Management Issue Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . JX Resources Plugin is used in one of the...

CloudBees Jenkins ElectricFlow Plugin Trust Management Issue Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . ElectricFlow Plugin is used in one of the...

Optergy Proton/Enterprise Trust Management Issue Vulnerability

Optergy Proton/Enterprise is an enterprise building management system from Optergy USA. A vulnerability with trust management issues exists in Optergy Proton/Enterprise 2.3.0a and prior versions. The vulnerability stems from the lack of an effective trust management mechanism in a networked syste...

Moxa AWK-3121 Trust Management Issues Vulnerability

Moxa AWK-3121 is an industrial-grade wireless access point from Moxa Taiwan, China. A trust management issue vulnerability exists in the Moxa AWK-3121 version 1.14, which can be exploited by an attacker to attack the affected component with a default password or hard-coded passwords and hard-code...

CVE-2019-12776

An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044update05032019-482. They include a hard-coded SSH backdoor for remote SSH and SCP access as the root user. A command in the relocate and relocaterevB scripts copies the hardcoded key to...

Hardcoded credentials

IBM InfoSphere Information Server 11.7.1.0 stores a common hard coded encryption key that could be used to decrypt sensitive information. IBM X-Force ID: 159229...

CVE-2019-4220

IBM InfoSphere Information Server 11.7.1.0 stores a common hard coded encryption key that could be used to decrypt sensitive information. IBM X-Force ID: 159229...

Optergy Proton Enterprise Building Management System

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Optergy Equipment: Proton/Enterprise Building Management System Vulnerabilities: Information Exposure, Cross-site Request Forgery, Unrestricted Upload of File with Dangerous Type, Open Redirect,...