Teracue ENC-400 Command Injection / Missing Authentication

Introduction ============ Multiple vulnerabilities were identified within the Teracue ENC-400, including pre-authenticated remote code authentication. While the vendor has released updated firmware after these issues were identified, they are not all resolved with the latest version of the...

CVE-2018-15781

The Dell Wyse Password Encoder in ThinLinux2 versions prior to 2.1.0.01 contain a Hard-coded Cryptographic Key vulnerability. An unauthenticated remote attacker could reverse engineer the cryptographic system used in the Dell Wyse Password Encoder to discover the hard coded private key and decryp...

CVE-2018-15781

The Dell Wyse Password Encoder in ThinLinux2 versions prior to 2.1.0.01 contain a Hard-coded Cryptographic Key vulnerability. An unauthenticated remote attacker could reverse engineer the cryptographic system used in the Dell Wyse Password Encoder to discover the hard coded private key and decryp...

CVE-2018-18998

LCDS Laquis SCADA prior to version 4.1.0.4150 uses hard coded credentials, which may allow an attacker unauthorized access to the system with high privileges...

CVE-2018-18998

LCDS Laquis SCADA prior to version 4.1.0.4150 uses hard coded credentials, which may allow an attacker unauthorized access to the system with high privileges...

CVE-2018-18998

LCDS Laquis SCADA prior to version 4.1.0.4150 uses hard coded credentials, which may allow an attacker unauthorized access to the system with high privileges...

CVE-2018-18998

The CVE-2018-18998 vulnerability affects LCDS Laquis SCADA prior to version 4.1.0.4150, due to hard-coded credentials that may allow an attacker to gain unauthorized high-privilege access. Public documents confirm the affected product (LAquis SCADA) and the root cause (hard-coded credentials), wi...

CVE-2018-5560

A reliance on a static, hard-coded credential in the design of the cloud-based storage system of Practecol's Guardzilla All-In-One Video Security System allows an attacker to view the private data of all users of the Guardzilla device...

CVE-2018-5560 Guardzilla All-In-One Video Security System Hard-Coded Credential

A reliance on a static, hard-coded credential in the design of the cloud-based storage system of Practecol's Guardzilla All-In-One Video Security System allows an attacker to view the private data of all users of the Guardzilla device...

Security Bulletin: Backdoor Access Vulnerability in IBM System Networking Products (CVE- 2014-4752)

Summary Backdoor access discovered on IBM System Networking Switches Vulnerability Details Abstract Backdoor access discovered on IBM System Networking Switches Content Vulnerability Details: CVEID: CVE-2014-4752 Descriptoin: It has been reported that the firmware that runs on some of the IBM...

Schneider Electric EVLink Parking

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: EVLink Parking Vulnerabilities: Use of Hard-coded Credentials, Code Injection, SQL Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could...

IDenticard PremiSys (Update A)

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit/vulnerability details have been publicly disclosed Vendor: IDenticard Equipment: PremiSys Vulnerabilities: Use of Hard-coded Credentials, Use of Hard-coded Password, Inadequate Encryption Strength 2...

Security Bulletin: IBM Security Identity Manager is affected by multiple vulnerabilities (CVE-2018-1959, CVE-2018-1962, CVE-2018-1970)

Summary IBM Security Identity Manager VA ISIM VA has addressed the following vulnerabilities due to hard-coded credentials, the lack of proper session termination, and XML external entity injection. Vulnerability Details CVEID: CVE-2018-1959 DESCRIPTION: IBM Security Identity Manager Virtual...

IBM Security Identity Manager Virtual Appliance Information Disclosure Vulnerability (CNVD-2019-07175)

IBM Security Identity Manager ISIM is a suite of identity management and governance solutions from IBM in the United States. The solution automates the creation, modification, re-authentication and termination of user privileges throughout the user lifecycle and supports policy-based password...

CVE-2018-1959

IBM Security Identity Manager Virtual Appliance 7.0.1 is affected by CVE-2018-1959 due to hard-coded credentials used for inbound authentication/outbound communication or data encryption. Affected versions: 7.0.1 – 7.0.1.10. Impact per IBM: Confidentiality impact high; other impacts not reported....

CVE-2018-1959

IBM Security Identity Manager 7.0.1 Virtual Appliance contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 153633...

CVE-2018-1959

IBM Security Identity Manager 7.0.1 Virtual Appliance contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 153633...

CVE-2018-1959

IBM Security Identity Manager 7.0.1 Virtual Appliance contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 153633...

Schneider Electric IIoT Monitor Encryption Issue Vulnerability

Schneider Electric IIoT Monitor is an industrial IoT monitor from Schneider Electric France. Schneider Electric IIoT Monitor is vulnerable to an encryption issue that stems from the program's use of hard-coded keys. An attacker could exploit the vulnerability to decrypt the administrator password...

CVE-2019-3908

Premisys Identicard version 3.1.190 stores backup files as encrypted zip files. The password to the zip is hard-coded and unchangeable. An attacker with access to these backups can decrypt them and obtain sensitive data...