SysAid Help Desk Built-in Password Vulnerability

SysAid Help Desk is a suite of Web-based IT management software. SysAid Help Desk uses a hard-coded password, username: sa, password: Password1, through which remote attackers bypass access restrictions...

Many Drug Pumps Open to Variety of Security Flaws

In April, a security researcher disclosed a litany of severe vulnerabilities in the PCA3 drug-infusion pump manufactured by a company named Hospira. He went so far as to call the pump “the least secure IP enabled device I’ve ever touched in my life.” As it turns out, those same vulnerabilities...

Toshiba CHEC contains a hard-coded cryptographic key

Overview Toshiba CHEC, versions 6.6, 6.7, and possibly earlier, contain a hard-coded cryptographic key. Description CWE-321: Use of Hard-coded Cryptographic Key - CVE-2014-4875Toshiba CHEC, versions 6.6, 6.7, and possibly earlier, contain a hard-coded cryptographic key in the...

EasyIO-30P-SF Hard-Coded Credential Vulnerability

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on August 25, 2015, and is being released to the NCCIC/ICS-CERT web site. Independent researcher Maxim Rupp has identified a hard-coded credential vulnerability in the EasyIO-30P-SF controller. EasyIO has produced a...

Unspecified Vulnerability in LIXIL Corporation My SATIS Genius Toilet Application

LIXIL Corporation My SATIS Genius Toilet application for Android is an Android-based application for controlling the SATIS series of toilets from LIXIL Japan. A security vulnerability exists in the LIXIL Corporation My SATIS Genius Toilet application for Android platform, which arises from the...

SMA Solar Technology AG Sunny WebBox Hard-Coded Account Vulnerability

OVERVIEW This updated advisory is a follow-up to the advisory titled ICSA-15-181-02 SMA Solar Technology AG Sunny WebBox Hard-Coded Account Vulnerability that was published September 3, 2015, on the NCCIC/ICS-CERT web site. Aleksandr Timorin of PT Security has identified a hard-coded account...

Hospira MedNet Hardcoded Key Vulnerability

MedNet manages drug libraries, firmware updates, and configurations for Hospira IV pumps for use in the healthcare and public health sectors. MedNet uses hard-coded keys that allow attackers to intercept encrypted communications from syringe pumps...

Schneider Electric InduSoft Web Studio and InTouch Machine Edition Information Disclosure Vulnerability (CNVD-2015-02059)

Schneider Electric InduSoft Web Studio and InTouch Machine Edition are both an embedded HMI software package from Schneider Electric France. A security vulnerability exists in Schneider Electric InduSoft Web Studio prior to version 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 prior to...

SerVision HVG Security Bypass Vulnerability

SerVision HVG Video Gateway is an intelligent video gateway product from SerVision Israel. A security vulnerability exists in SerVision HVG Video Gateway versions prior to 2.2.26a78, which stems from the program's use of a hard-coded administrator password. A remote attacker can exploit this...

SerVision HVG Video Gateway web interface contains multiple vulnerabilities

Overview SerVision HVG Video Gateway web interface contains multiple vulnerabilities affecting multiple firmware versions. Description CWE-288: Authentication Bypass Using an Alternate Path or Channel, andCWE-284: Improper Access Control - CVE-2015-0929By visiting time.htm, a user is issued a...

Fortinet FortiClient Hardcoded Encryption Keys / Broken SSL Validation

, , . '.' '. ', . , '. , .', , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' =''"''=. presents.. Fortinet FortiClient Multiple Vulnerabilities Affected Versions: Verified on FortiClient iOS v5.2.028 and FortiClient Android 5.2.3.091 PDF:...

Hard-Coded FTP Credentials Found in Schneider Electric SCADA Gateway

The parade of easily exploitable, critical vulnerabilities in ICS software shows no signs of ending anytime soon, with the latest entrant being two flaws in Schneider Electric’s ETG3000 FactoryCast HMI Gateway that allow unauthenticated remote access to the device’s FTP server and configuration...

Barracuda Load Balancer ADC Key Recovery / Password Reset Vulnerabilities

Barracuda Load Balancer ADC with firmware version 5.0.0.015 suffers from multiple security issues. There is an ability to recover the file system encryption keys via simil cold-boot attack, an off-line super user password reset via physical attack, hard-coded credential and hard-coded ssh key...

Ceragon FiberAir IP-10 Hardcoded Credentials Security Bypass Vulnerability

The Ceragon FiberAir IP-10 is a wireless microwave device. A security vulnerability exists in the hard-coded credentials of the Ceragon FiberAir IP-10, which could be exploited by an attacker to bypass certain authentication to access the device...

GE Ethernet Switches Have Hard-Coded SSL Key

There is a hard-coded private SSL key present in a number of hardened, managed Ethernet switches made by GE and designed for use in industrial and transportation systems. Researchers discovered that an attacker could extract the key from the firmware remotely. The vulnerability exists in a number...

OS X 10.9.x - sysmond XPC Privilege Escalation Vulnerability

Exploit for macOS platform in category local exploits / Source: https://code.google.com/p/google-security-research/issues/detail?id=121 / / tested on OS X 10.9.5 - uses some hard-coded offsets which will have to be fixed-up for other versions! this poc uses liblorgnette to resolve some private...

Hospira MedNet Vulnerabilitie

OVERVIEW Independent researcher Billy Rios has identified four vulnerabilities in Hospira’s MedNet server software. Hospira has released a new version of the MedNet software and provided mitigation recommendations that mitigate the reported vulnerabilities. Three of the four vulnerabilities could...

Netcore (Netis) Router 53413/UDP Backdoor Service Vulnerability

Netcore is a Shenzhen Lei Ke network communications producer, the main products involved in wireless routers, wireless network cards, network cards, hubs, switches, broadband routers, Layer 2, 3 and 4 switches, optical terminals. A large number of Netcore/Netis router products in the implementati...

CVE-2014-8518

The 1 Removable Media and 2 CD and DVD encryption offsite access options formerly Endpoint Encryption for Removable Media or EERM in McAfee File and Removable Media Protection FRP 4.3.0.x, and Endpoint Encryption for Files and Folders EEFF 3.2.x through 4.2.x, uses a hard-coded salt, which makes ...

CVE-2014-8518

The 1 Removable Media and 2 CD and DVD encryption offsite access options formerly Endpoint Encryption for Removable Media or EERM in McAfee File and Removable Media Protection FRP 4.3.0.x, and Endpoint Encryption for Files and Folders EEFF 3.2.x through 4.2.x, uses a hard-coded salt, which makes ...