CVE-2020-7492

A CWE-521: Weak Password Requirements vulnerability exists in the GP-Pro EX V1.00 to V4.09.100 which could cause the discovery of the password when the user is entering the password because it is not masqueraded...

EUVD-2020-28644

Malware in sbrugna...

EUVD-2020-28617

Malware in sbrugna...

EUVD-2022-35584

Malicious code in bioql PyPI...

CVE-2024-42156

In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe copies of clear-key structures on failure Wipe all sensitive data from stack for all IOCTLs, which convert a clear-key into a protected- or secure-key...

CVE-2022-32513

A CWE-521: Weak Password Requirements vulnerability exists that could allow an attacker to gain control of the device when the attacker brute forces the password. Affected Products: C-Bus Network Automation Controller - LSS5500NAC Versions prior to V1.10.0, Wiser for C-Bus Automation Controller -...

CVE-2022-32513

A CWE-521: Weak Password Requirements vulnerability exists that could allow an attacker to gain control of the device when the attacker brute forces the password. Affected Products: C-Bus Network Automation Controller - LSS5500NAC Versions prior to V1.10.0, Wiser for C-Bus Automation Controller -...

Red Lion DA50N

1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Red Lion Equipment: DA50N Vulnerabilities: Insufficient Verification of Data Authenticity, Weak Password Requirements, Use of Unmaintained Third-Party Components, Insufficiently Protected Credentials 2...

Hitachi Energy XMC20 and FOX61x

1. EXECUTIVE SUMMARY CVSS v3 9.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: XMC20 and FOX61x Vulnerabilities: Weak Password Requirements, Missing Handler 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to...

Design/Logic Flaw

A CWE-521: Weak Password Requirements vulnerability exists in Easergy Builder Version 1.4.7.2 and older which could allow an attacker to compromise a user account...

CVE-2020-7519

CVE-2020-7519 affects Schneider Electric’s Easergy Builder (versions ≤ 1.4.7.2). The vulnerability is a CWE-521 weak password requirement, which could allow a local attacker to compromise a user account. The connected documents confirm the same affected product/version and vulnerability class but...

CVE-2020-7492

GP-Pro EX (Schneider Electric) vulnerable from v1.00 through v4.09.100 (also stated for up to v4.09.120 in CNVD) due to CWE-521 weak password requirements: passwords can be discovered as user types because input isn’t masqueraded. Impact: password disclosure. Root cause: lack of masking during pa...

CVE-2020-7492

A CWE-521: Weak Password Requirements vulnerability exists in the GP-Pro EX V1.00 to V4.09.100 which could cause the discovery of the password when the user is entering the password because it is not masqueraded...

Philips iSite and IntelliSpace PACS

1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Low skill level to exploit Vendor: Philips Equipment: iSite and IntelliSpace PACS Vulnerability: Weak Password Requirements 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker with local network access to impact...

Janitza UMG Power Quality Measuring Products Vulnerabilities

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on September 22, 2015, and is being released to the NCCIC/ICS-CERT web site. Mattijs van Ommeren of Applied Risk has identified several vulnerabilities in the Janitza UMG power quality measuring products. Janitza ha...