EUVD-2020-28690

Malware in sbrugna...

EUVD-2022-29216

Malicious code in bioql PyPI...

Johnson Controls exacqVision client and exacqVision server

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.0 ATTENTION : Exploitable remotely Vendor : Johnson Controls Inc. Equipment : exacqVision Client, exacqVision Server key Vulnerability : Inadequate Encryption Strength 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker...

Siemens SINEC NMS

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Hitachi Energy FOXMAN-UN

1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: FOXMAN-UN Vulnerabilities: Inadequate Encryption Strength, Use of Default Cryptographic Key, Use of Hard-coded Cryptographic Key, Cleartext Transmission of Sensitive...

LS ELECTRIC PLC and XG5000 (Update A)

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor : LS ELECTRIC, LS Industrial Systems LSIS Co. Ltd Equipment: LS ELEC PLC and XG5000 Vulnerability: Inadequate Encryption Strength 2. UPDATE This updated advisory is a follow-up to the original advisory...

Mitsubishi Electric GT25-WLAN

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Equipment: Wireless LAN communication unit GT25-WLAN in GOT2000 Series GT25 or GT27 Vulnerabilities: Improper Removal of Sensitive Information Before Storage or Transfer, Inadequate Encryption Strength,...

CVE-2022-24318

CVE-2022-24318 affects ClearSCADA (All Versions) and EcoStruxure Geo SCADA Expert 2019/2020. The root cause is CWE-326: Inadequate Encryption Strength, causing non‑encrypted communication with the server when using outdated ViewX clients. The CVSS metrics updated show an attacker‑friendly network...

Oracle Database Weak NNE Integrity Key Derivation Vulnerability

NNE's integrity protection mechanism deliberately weakens the key used for computing per-packet message authentication codes MACs. Oracle Database versions 19c, 12.2.0.1, and 12.1.0.2 are affected. Product: Database Manufacturer: Oracle Affected Versions: 12.1.0.2, 12.2.0.1, 19c Tested Versions:...

CyberArk Credential File Insufficient Effective Key Space

Vulnerability Details Affected Vendor: CyberArk Affected Product: Application Access Manager/Credential Provider Affected Version: Prior to 12.1 Platform: Linux/Windows/zOS CWE Classification: CWE-326: Inadequate Encryption Strength CVE ID: CVE-2021-31796 2. Vulnerability Description CyberArk...

GitHub Security Lab: [GO]: CWE-326: Insufficient key size

This bug was reported directly to GitHub Security Lab...

GitHub Security Lab: [Java] CWE-326: Query to detect weak encryption with an insufficient key size

This bug was reported directly to GitHub Security Lab...

CVE-2020-7565

A CWE-326: Inadequate Encryption Strength vulnerability exists in Modicon M221 all references, all versions that could allow the attacker to break the encryption key when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller...

CVE-2020-7565

CVE-2020-7565 affects Schneider Electric Modicon M221 PLCs (all versions) and is about Inadequate Encryption Strength (CWE-326). The root cause is weakness in cryptographic protection that could allow an attacker to break the encryption key when intercepting traffic between EcoStruxure Machine - ...

CVE-2020-7565

A CWE-326: Inadequate Encryption Strength vulnerability exists in Modicon M221 all references, all versions that could allow the attacker to break the encryption key when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller...

Mirion Technologies Telemetry Enabled Devices

CVSS v3 5.0 Vendor: Mirion Technologies Equipment: Telemetry Enabled Devices Vulnerabilities: Use of Hard-Coded Cryptographic Key, Inadequate Encryption Strength AFFECTED PRODUCTS The following telemetry enabled devices are affected: DMC 3000 Transmitter Module, iPam Transmitter f/DMC 2000, RDS-3...

Siemens SIMATIC STEP 7 (TIA Portal) Information Disclosure Vulnerabilities

OVERVIEW Siemens has released a new version of SIMATIC STEP 7 TIA Portal to mitigate information disclosure vulnerabilities. These vulnerabilities were reported directly to Siemens by Dmitry Sklyarov and Gleb Gritsai from Positive Technologies. Siemens has produced a new version to mitigate these...