31 matches found
CVE-2020-7567
A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Modicon M221 all references, all versions that could allow the attacker to find the password hash when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller and broke t...
EUVD-2020-28692
Malware in sbrugna...
EUVD-2020-20700
Malware in sbrugna...
EUVD-2020-20701
Malware in sbrugna...
EUVD-2022-35443
Malicious code in bioql PyPI...
Rockwell Automation Pavilion8
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : Pavilion8 Vulnerability : Missing Encryption of Sensitive Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...
BD Alaris System with Guardrails Suite MX
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION : Low attack complexity Vendor : Becton, Dickinson and Company BD Equipment : Alaris PCU, Guardrails Editor, Systems Manager, Calculation Services, CQI Reporter Vulnerabilities : Insufficient Verification of Data Authenticity, Missing...
Schneider Electric Wiser Smart Missing Encryption of Sensitive Data (CVE-2022-30237)
A CWE-311: Missing Encryption of Sensitive Data vulnerability exists that could allow authentication credentials to be recovered when an attacker breaks the encoding. Affected Products: Wiser Smart, EER21000 & EER21001 V4.5 and prior This plugin only works with Tenable.ot. Please visit...
Netgear Orbi Router RBR750 Remote Management cleartext transmission vulnerability
Talos Vulnerability Report TALOS-2022-1598 Netgear Orbi Router RBR750 Remote Management cleartext transmission vulnerability March 21, 2023 CVE Number CVE-2022-38458 SUMMARY A cleartext transmission vulnerability exists in the Remote Management functionality of Netgear Orbi Router RBR750 4.6.8.5....
Schneider Electric Modicon M221 Programmable Logic Controller Missing Encryption of Sensitive Data (CVE-2020-7567)
A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Modicon M221 all references, all versions that could allow the attacker to find the password hash when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller and broke t...
Baxter Sigma Spectrum Infusion Pump (Update A)
1. EXECUTIVE SUMMARY --------- Begin Update A part 1 of 3 --------- CVSS v3 7.5 --------- End Update A part 1 of 3 --------- ATTENTION: Exploitable remotely Vendor: Baxter Equipment: Sigma and Baxter Spectrum Infusion Pumps Vulnerabilities: Missing Encryption of Sensitive Data, Use of Externally...
CVE-2022-30237
A CWE-311: Missing Encryption of Sensitive Data vulnerability exists that could allow authentication credentials to be recovered when an attacker breaks the encoding. Affected Products: Wiser Smart, EER21000 & EER21001 V4.5 and prior...
CVE-2022-30237
A CWE-311: Missing Encryption of Sensitive Data vulnerability exists that could allow authentication credentials to be recovered when an attacker breaks the encoding. Affected Products: Wiser Smart, EER21000 & EER21001 V4.5 and prior...
CVE-2022-30237
The CVE-2022-30237 vulnerability concerns Schneider Electric Wiser Smart and related EER21000/EER21001 versions (V4.5 and prior) with a CWE-311 Missing Encryption of Sensitive Data issue. The root cause is lack of encryption allowing authentication credentials to be recovered if an attacker break...
JVN#19826500: PASSWORD MANAGER "MIRUPASS" PW10 / PW20 missing encryption
PASSWORD MANAGER "MIRUPASS" PW10 / PW20 provided by KING JIM CO.,LTD. contain a missing encryption vulnerability CWE-311. Impact A user who can physically access the products may obtain the stored passwords. Solution Stop using the products The developer states that the products are no longer...
FortiClientEMS - Sensitive information leak
A missing encryption of sensitive data vulnerability CWE-311 in FortiClientEMS may allow an authenticated attacker to view sensitive information in clear text via any browser development tools...
Siemens Climatix POL909 (Update A)
1. EXECUTIVE SUMMARY CVSS v3 6.4 ATTENTION: Exploitable remotely Vendor: Siemens --------- Begin Update A Part 1 of 3 --------- Equipment: Climatix POL909 AWM and AWB modules --------- End Update A Part 1 of 3 --------- Vulnerability: Missing Encryption of Sensitive Data 2. RISK EVALUATION...
CVE-2020-28217
A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 firmware 2.7 and older, that would allow an attacker to read network traffic over HTTP protocol...
CVE-2020-28216
A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 firmware 2.7 and older, that would allow an attacker to read network traffic over HTTP protocol...
Code injection
A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 firmware 2.7 and older, that would allow an attacker to read network traffic over HTTP protocol...