18 matches found
EUVD-2023-12505
Malicious code in bioql PyPI...
EUVD-2023-12506
Malicious code in bioql PyPI...
CVE-2023-0451
Econolite EOS versions prior to 3.2.23 lack a password requirement for gaining “READONLY” access to log files and certain database and configuration files. One such file contains tables with MD5 hashes and usernames for all defined users in the control software, including administrators and...
CVE-2023-0452
Econolite EOS versions prior to 3.2.23 use a weak hash algorithm for encrypting privileged user credentials. A configuration file that is accessible without authentication uses MD5 hashes for encrypting credentials, including those of administrators and technicians...
CISA Releases Four Industrial Control Systems Advisories
CISA released four Industrial Control Systems ICS advisories on June 22, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-173-02 Advantech R-SeeNet ICSA-23-173-03 SpiderControl SCADAWebServer ICSA-23-026-02...
CVE-2023-0452
Econolite EOS versions prior to 3.2.23 use a weak hash algorithm for encrypting privileged user credentials. A configuration file that is accessible without authentication uses MD5 hashes for encrypting credentials, including those of administrators and technicians...
CVE-2023-0451
Econolite EOS versions prior to 3.2.23 lack a password requirement for gaining “READONLY” access to log files and certain database and configuration files. One such file contains tables with MD5 hashes and usernames for all defined users in the control software, including administrators and...
Command injection
Econolite EOS versions prior to 3.2.23 use a weak hash algorithm for encrypting privileged user credentials. A configuration file that is accessible without authentication uses MD5 hashes for encrypting credentials, including those of administrators and technicians...
Design/Logic Flaw
Econolite EOS versions prior to 3.2.23 lack a password requirement for gaining “READONLY” access to log files and certain database and configuration files. One such file contains tables with MD5 hashes and usernames for all defined users in the control software, including administrators and...
CVE-2023-0452
Econolite EOS versions prior to 3.2.23 use a weak hash algorithm for encrypting privileged user credentials. A configuration file that is accessible without authentication uses MD5 hashes for encrypting credentials, including those of administrators and technicians...
CVE-2023-0452
Econolite EOS versions prior to 3.2.23 use a weak hash algorithm for encrypting privileged user credentials. A configuration file that is accessible without authentication uses MD5 hashes for encrypting credentials, including those of administrators and technicians...
CVE-2023-0452
Summary of CVE-2023-0452 : Econolite EOS before 3.2.23 uses a weak hash (MD5) to encrypt privileged credentials in a configuration file that is accessible without authentication. This can expose administrator/technician credentials and related data. The issue is documented in multiple connected s...
CVE-2023-0451
Econolite EOS versions prior to 3.2.23 lack a password requirement for gaining “READONLY” access to log files and certain database and configuration files. One such file contains tables with MD5 hashes and usernames for all defined users in the control software, including administrators and...
CVE-2023-0451
CVE-2023-0451 affects Econolite EOS; EOS versions prior to 3.2.23 lack a password requirement for READONLY access to log files and certain databases/configuration files. Affected files reportedly contain MD5-hashed credentials and usernames for all defined users (including admins/techs), reflecti...
CVE-2023-0451
Econolite EOS versions prior to 3.2.23 lack a password requirement for gaining “READONLY” access to log files and certain database and configuration files. One such file contains tables with MD5 hashes and usernames for all defined users in the control software, including administrators and...
Econolite EOS (Update A)
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Econolite Equipment: EOS Vulnerability: Improper Access Control, Use of Weak Hash 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-23-026-02 Econolite EOS...
Econolite EOS traffic control software 加密问题漏洞
Econolite EOS traffic control software is Econolite's traffic control software that controls all Econolite traffic hardware. A vulnerability in encryption issues exists in Econolite EOS traffic control software prior to version 3.2.23, which stems from its use of a weak hash algorithm to encrypt...
Econolite EOS traffic control software 访问控制错误漏洞
Econolite EOS traffic control software is Econolite's traffic control software that controls all Econolite traffic hardware. An access control error vulnerability exists in Econolite EOS traffic control software prior to version 3.2.23, which stems from improper access control and a lack of a...