115 matches found
Hardcoded credentials
A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C All versions V16.20, CP-8000 MASTER MODULE WITH I/O -40/+70°C All versions V16.20, CP-8021 MASTER MODULE All versions V16.20, CP-8022 MASTER MODULE WITH GPRS All versions V16.20. An undocumented debug port uses...
CVE-2021-45033
CVE-2021-45033 affects Siemens SICAM A8000 family: CP-8000 MASTER MODULE WITH I/O -25/+70°C (all versions < V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70°C (all versions < V16.20), CP-8021 MASTER MODULE (all versions < V16.20), and CP-8022 MASTER MODULE WITH GPRS (all versions
CVE-2021-45033
A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C All versions V16.20, CP-8000 MASTER MODULE WITH I/O -40/+70°C All versions V16.20, CP-8021 MASTER MODULE All versions V16.20, CP-8022 MASTER MODULE WITH GPRS All versions V16.20. An undocumented debug port uses...
Siemens SICAM A8000 CP-8000 信任管理问题漏洞
The SICAM A8000 is used for automation applications in all areas of remote control and energy supply. A hard-coded credentials vulnerability exists in the Siemens SICAM A8000, which can be exploited by an attacker to enable the debug port using default credentials...
Siemens SICAM A8000
1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SICAM A8000 Vulnerabilities: Use of Hard-coded Credentials, Improper Access Control 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a privileged user...
Design/Logic Flaw
An exposed remote debugging port in Naver Comic Viewer prior to 1.0.15.0 allowed a remote attacker to execute arbitrary code via a crafted HTML page...
CVE-2021-28112
Draeger X-Dock Firmware before 03.00.13 has Active Debug Code on a debug port, leading to remote code execution by an authenticated attacker...
Remote code execution
Draeger X-Dock Firmware before 03.00.13 has Active Debug Code on a debug port, leading to remote code execution by an authenticated attacker...
CVE-2021-28112
Vulnerability: Draeger X-Dock Firmware prior to 03.00.13 contains Active Debug Code on a debug port, enabling remote code execution by an authenticated attacker. Affected product: Draeger X-Dock Firmware (pre-03.00.13). Root cause: presence of debug code on a reachable port. Impact: remote code e...
maobugs
maobugs 喵喵喵 1.samples-web-1.2.4.war 为 shiro =1.2.4 硬编码漏洞的war包。说实在这个war真的是难打... 2.jdwp-shellifier-master.zip 自己调试的话使用 java -Xdebug -Xrunjdwp:transport=dtsocket,server=y,suspend=n,address=5005 -jar spring-boot-h2-0.0.1-SNAPSHOT.jar 打开jdwp端口 jdwp 端口开启了的话就能被rce ,详情解压文件readme。 这里并不是无条件rce。...
CVE-2020-15483
An issue was discovered on Nescomed Multipara Monitor M1000 devices. The physical UART debug port provides a shell, without requiring a password, with complete access...
Default credentials
An issue was discovered on Nescomed Multipara Monitor M1000 devices. The physical UART debug port provides a shell, without requiring a password, with complete access...
CVE-2020-15483
CVE-2020-15483 affects Nescomed Multipara Monitor M1000 devices. The issue is a passwordless, full-access shell via the physical UART debug port, granting local/physical access with high impact on confidentiality, integrity, and availability. Public documentation in NVD/Red Hat confirms the UART ...
CVE-2020-15483
An issue was discovered on Nescomed Multipara Monitor M1000 devices. The physical UART debug port provides a shell, without requiring a password, with complete access...
PT-2020-14450 · Nescomed · Nescomed Multipara Monitor M1000
Name of the Vulnerable Software and Affected Versions: Nescomed Multipara Monitor M1000 devices affected versions not specified Description: An issue was discovered where the physical UART debug port on the devices provides a shell without requiring a password, giving complete access...
Schneider Electric Tricon TCM Model Information Disclosure Vulnerability
Schneider Electric Tricon TCM Model 4351 and others are a communication module from Schneider Electric, France. An information disclosure vulnerability exists in the Schneider Electric Tricon TCM Model that stems from an older version of the program's debug port account being visible on the...
CVE-2020-7491
VERSION NOT SUPPORTED WHEN ASSIGNED A legacy debug port account in TCMs installed in Tricon system versions 10.2.0 through 10.5.3 is visible on the network and could allow inappropriate access. This vulnerability was remediated in TCM version 10.5.4...
CVE-2020-7491
VERSION NOT SUPPORTED WHEN ASSIGNED A legacy debug port account in TCMs installed in Tricon system versions 10.2.0 through 10.5.3 is visible on the network and could allow inappropriate access. This vulnerability was remediated in TCM version 10.5.4...
Design/Logic Flaw
VERSION NOT SUPPORTED WHEN ASSIGNED A legacy debug port account in TCMs installed in Tricon system versions 10.2.0 through 10.5.3 is visible on the network and could allow inappropriate access. This vulnerability was remediated in TCM version 10.5.4...
CVE-2020-7491
CVE-2020-7491 is an improper access control flaw in Schneider Electric Triconex legacy equipment. A legacy debug port account in Tricon system TCMs (Models 4351/4352, 4351A/B, 4352A/B) installed in Tricon v10.0–10.5.3 is visible on the network, potentially allowing inappropriate access. This vuln...