PCD Hardcoded Password Vulnerability in Multiple Saia Burgess Controls Products

Saia Burgess Controls PCD Controller is a family of programmable controllers for measurement, regulation and control tasks from Saia Burgess Controls, Switzerland. A security vulnerability exists in a number of Saia Burgess Controls products and stems from the program's use of hard-coded...

RSI Video Technologies Videofied security system Frontel software uses an insecure custom protocol

Overview RSI Video Technologies' Videofied security system uses a software named Frontel to monitor alarm status. Frontel uses an insecure custom protocol to communicate with its Frontel server. Description Frontel uses a custom protocol running on TCP port 888. The protocol performs an...

Millions of IoT Devices Using Same Hard-Coded CRYPTO Keys

Millions of embedded devices, including home routers, modems, IP cameras, VoIP phones, are shareing the same hard-coded SSH Secure Shell cryptographic keys or HTTPS HTTP Secure server certificates that expose them to various types of malicious attacks. A new analysis by IT security consultancy SE...

Trust Management Vulnerability in Multiple Arris Devices

The Arris DG860A, TG862A and TG862G are modem products from the Arris Group of Companies. A security vulnerability exists in a number of Arris devices that stems from a program using hard-coded passwords based on serial numbers. The vulnerability can be exploited by a remote attacker to gain acce...

Cisco MSE <= 8.0.120.7 Multiple Vulnerabilities

According to its self-reported version number, the Cisco MSE version installed on the remote host is prior to 8.0.120.7. It is, therefore, affected by multiple vulnerabilities : - A local privilege escalation vulnerability exists due to the program using insecure permissions for binary files duri...

Janitza Hard-Coded FTP Password

The remote Janitza FTP server can be accessed with hard-coded credentials. A remote attacker can leverage the credentials to upload and download arbitrary files. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid86905; scriptversion"1.7"; scriptcvsdate"Date: 2018/11/15...

SSH Key Vulnerability in Multiple Advantech Products

The Advantech EKI-122x-BE, EKI-132x, and EKI-136x are serial device networking servers from Advantech, China, that provide a variety of redundancy configurations and multiple access configurations for remotely monitoring serial devices via Ethernet communication protocols. A security vulnerabilit...

Advantech Clears Hard-Coded SSH Keys from EKI Switches

Update Critical industrial switches used worldwide for automation contained hard-coded SSH keys that put devices and networks at risk. Advantech, a Taiwanese distributor, has developed new firmware for its EKI-122x series of products that disables HTTPS and SSH. SSH keys are a means by which...

HP ArcSight SmartConnector CWSAPI SOAP Service Using Hardcoded Passwords Vulnerability

HP ArcSight SmartConnector is a log collector product from Hewlett-Packard HP, USA. A security vulnerability exists in the HP ArcSight SmartConnector's CWSAPI SOAP service that stems from the program's use of hard-coded passwords. An attacker could exploit the vulnerability to obtain administrato...

ZTE ZXHN H108N R1A routers contain multiple vulnerabilities

Overview ZTE ZXHN H108N R1A router, version ZTE.bhs.ZXHNH108NR1A.hPE, and ZXV10 W300 router, version W300V1.0.0fER1PE, contain multiple vulnerabilities. Description CWE-200: Information Exposure - CVE-2015-7248 Multiple information exposure vulnerabilities enable an attacker to obtain credentials...

HP ArcSight SmartConnector fails to properly validate SSL and contains a hard-coded password

Overview The HP ArcSight SmartConnector fails to properly validate SSL certificates, and also contains a hard-coded password. Description CWE-295: Improper Certificate Validation - CVE-2015-2902The ArcSight SmartConnector fails to validate the certificate of the upstream Logger device it is...

GE Multilink Switch Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-15-013-04 GE MultiLink Switch Vulnerabilities that was published January 13, 2015, on the NCCIC/ICS-CERT web site. --------- Begin Update A Part 1 of 3 -------- Eireann Leverett of IOActive has identified three...

EMC SourceOne Email Supervisor Hard-Coded Password Vulnerability

EMC SourceOne Email Supervisor is an email and IM content monitoring and management solution. EMC SourceOne Email Supervisor suffers from a reverse engineering vulnerability in its implementation. An attacker could exploit this vulnerability to take control of an affected system via a hard-coded...

Moxa OnCell Central Manager Server RequestController Remote Code Execution Vulnerability

Moxa OnCell Central Manager provides Web access to private IP network devices. A security vulnerability exists in the RequestController class of Moxa OnCell Central Manager in the login function that contains hard-coded credentials, which can be exploited by an attacker to compromise the affected...

ZOHO ManageEngine OpManager Hardcoded Credentials Vulnerability

ZOHO ManageEngine OpManager is network performance management software. A hard-coded credentials vulnerability exists in ZOHO ManageEngine OpManager. A remote attacker could exploit this vulnerability to gain administrator access...

EasyIO EasyIO-30P-SF Controller Hardcoding Vulnerability

The EasyIO EasyIO-30P-SF is a 32-bit controller for DDC Direct Digital Control systems. The EasyIO EasyIO-30P-SF controller uses hard-coded passwords that allow remote attackers to exploit vulnerabilities for unauthorized access...

(0Day) Moxa OnCell Central Manager Server RequestController Static Credentials Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Moxa OnCell Central Manager Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RequestController class. The specific flaw exists within the...

GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise Remote Code Execution Vulnerability

GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise are both products of General Electric Company GE, U.S.A. GE Digital Energy MDS PulseNET is a suite of software applications for monitoring and controlling industrial communication network devices. Enterprise is an enterprise version of MD...

Adcon Telemetry A840 Vulnerabilities

OVERVIEW Independent researcher Aditya K. Sood has identified vulnerabilities in Adcon Telemetry’s A840 Telemetry Gateway Base Station. Adcon Telemetry has stated that the A840 is an obsolete product and is no longer supported. No patches or updates will be created for this product. Adcon Telemet...

TP-Link NC200/NC220 无线网络云摄像头硬编码漏洞

TP-Link NC200/NC220 Cloud Camera 300Mbps Wi-Fi Hard-Coded Credentials Vendor: TP-LINK Technologies Co., Ltd. Product web page: http://www.tp-link.us Affected version: NC220 V1 1.0.28 Build 150629 Rel.22346 NC200 V1 2.0.15 Build 150701 Rel.20962 Summary: Designed with simplicity in mind, TP-LINK's...