EUVD-2024-35880

Malicious code in bioql PyPI...

EUVD-2024-35879

Malicious code in bioql PyPI...

Westermo EDW-100 Insufficiently Protected Credentials (CVE-2024-36081)

Westermo EDW-100 allows an unauthenticated GET request that can download the configuration-file that contains the configuration, username, and passwords in clear-text. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

Westermo EDW-100 Use of Hard-Coded Password (CVE-2024-36080)

Westermo EDW-100 has a hidden administrator account with a hardcoded password. In the firmware package, in 'image.bin', the username root and the password for this account are both hard-coded and exposed as strings that can trivially be extracted. Currently there is no way to change this password...

CVE-2024-36080

Westermo EDW-100 devices through 2024-05-03 have a hidden root user account with a hardcoded password that cannot be changed. NOTE: this is a serial-to-Ethernet converter that should not be placed at the edge of the network...

CVE-2024-36081

Westermo EDW-100 devices through 2024-05-03 allow an unauthenticated user to download a configuration file containing a cleartext password. NOTE: this is a serial-to-Ethernet converter that should not be placed at the edge of the network...

The vulnerability of microprogrammed software in serial interface industrial converters of the Ethernet Westermo EDW-100, related to the storage of passwords as plain text, allows a hacker to disclose information about the user’s name and password for any user account.

The vulnerability of the microprogrammed industrial converter’s serial interface Ethernet implementation, the Westermo EDW-100, lies in the storage of passwords as plain-text files in the configuration file. Exploiting this vulnerability allows a malicious actor to obtain information about the...

The vulnerability of the image.bin file in the microprogramming software of the Ethernet serial interface converter Industrial Transformer Westermo EDW-100 allows a hacker to disclose user name and password information for the root account.

The vulnerability of the image.bin file in the microprogramming software of the Ethernet serial interface converter Westermo EDW-100 is related to the use of rigidly encrypted login credentials. Exploiting this vulnerability can allow a malicious actor to obtain information such as the username a...

Westermo EDW-100

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Westermo Equipment : EDW-100 Vulnerabilities : Use of Hard-coded Password, Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could...

CVE-2024-36081

Westermo EDW-100 devices through 2024-05-03 allow an unauthenticated user to download a configuration file containing a cleartext password. NOTE: this is a serial-to-Ethernet converter that should not be placed at the edge of the network...

CVE-2024-36080

Westermo EDW-100 devices through 2024-05-03 have a hidden root user account with a hardcoded password that cannot be changed. NOTE: this is a serial-to-Ethernet converter that should not be placed at the edge of the network...

CVE-2024-36080

Westermo EDW-100 devices through 2024-05-03 have a hidden root user account with a hardcoded password that cannot be changed. NOTE: this is a serial-to-Ethernet converter that should not be placed at the edge of the network...

CVE-2024-36080

Westermo EDW-100 devices through 2024-05-03 have a hidden root user account with a hardcoded password that cannot be changed. NOTE: this is a serial-to-Ethernet converter that should not be placed at the edge of the network...

CVE-2024-36081

Westermo EDW-100 devices through 2024-05-03 allow an unauthenticated user to download a configuration file containing a cleartext password. NOTE: this is a serial-to-Ethernet converter that should not be placed at the edge of the network...

Westermo EDW-100 安全漏洞

The Westermo EDW-100 is a serial Ethernet converter from Westermo Sweden. A security vulnerability exists in the Westermo EDW-100 version 2024-05-03 and earlier, which stems from the presence of a hard-coded password...

Westermo EDW-100 安全漏洞

The Westermo EDW-100 is a serial Ethernet converter from Westermo Sweden. A security vulnerability exists in the Westermo EDW-100 version 2024-05-03 and earlier, which originates from allowing an unauthenticated user to download a configuration file containing a password in clear text...

PT-2024-4479 · Westermo · Westermo Edw-100

Name of the Vulnerable Software and Affected Versions: Westermo EDW-100 devices through 2024-05-03 Description: The issue is related to the storage of a password in cleartext in a configuration file. An unauthenticated user can download this configuration file, potentially revealing the username...