CVE-2025-41722

The wsc server uses a hard-coded certificate to check the authenticity of SOAP messages. An unauthenticated remote attacker can extract private keys from the Software of the affected devices...

CVE-2025-41722

CVE-2025-41722 : The set of connected sources confirms a vulnerability in the wsc server where a hard-coded certificate is used to verify SOAP messages. This configuration enables an unauthenticated remote attacker to extract private keys from the affected devices. The issue is tied to multiple a...

CVE-2025-41722 Sauter: Hard-coded Authentication Credentials

The wsc server uses a hard-coded certificate to check the authenticity of SOAP messages. An unauthenticated remote attacker can extract private keys from the Software of the affected devices...

EUVD-2025-35352

The wsc server uses a hard-coded certificate to check the authenticity of SOAP messages. An unauthenticated remote attacker can extract private keys from the Software of the affected devices...

go-witness is Vulnerable to Improper Verification of AWS EC2 Identity Documents

Impact This vulnerability only affects users of the AWS attestor. Users of the AWS attestor could have unknowingly received a forged identity document. While this may seem unlikely, AWS recently issued a security bulletin about IMDS Instance Metadata Service impersonation.^1 There are multiple...

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation via improper verification of AWS EC2 identity documents in the aws-iid process. An attacker can cause the system to accept forged identity documents by providing documents with missing or invalid...

EUVD-2025-15998

Malicious code in bioql PyPI...

CVE-2025-48417

The certificate and private key used for providing transport layer security for connections to the web interface TCP port 443 is hard-coded in the firmware and are shipped with the update files. An attacker can use the private key to perform man-in-the-middle attacks against users of the admin...

CVE-2025-48417 Hard-Coded Certificate and Private Key for HTTPS Web Interface in eCharge Hardy Barth cPH2 / cPP2 charging stations

The certificate and private key used for providing transport layer security for connections to the web interface TCP port 443 is hard-coded in the firmware and are shipped with the update files. An attacker can use the private key to perform man-in-the-middle attacks against users of the admin...

CVE-2025-48417 Hard-Coded Certificate and Private Key for HTTPS Web Interface in eCharge Hardy Barth cPH2 / cPP2 charging stations

The certificate and private key used for providing transport layer security for connections to the web interface TCP port 443 is hard-coded in the firmware and are shipped with the update files. An attacker can use the private key to perform man-in-the-middle attacks against users of the admin...

CVE-2023-39465

Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Cryptograhic Key Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to explo...

CVE-2023-39465

Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Cryptograhic Key Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to explo...

CVE-2023-39465 Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Cryptograhic Key Information Disclosure Vulnerability

Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Cryptograhic Key Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to explo...

PT-2023-4358 · Triangle Microworks · Scada Data Gateway

Name of the Vulnerable Software and Affected Versions: Triangle MicroWorks SCADA Data Gateway affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations. The specific flaw exists within the TmwCrypto class, resulting...

CVE-2023-34338

AMI SPx BMC contains a hard-coded cryptographic key used by a hard-coded certificate in the BMC, enabling an attacker to affect confidentiality, integrity, and availability. The CVE-2023-34338 entry cites a HIGH/CRITICAL impact with CVSSv3.1 metrics (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and notes...

PT-2023-5840 · Triangle Microworks · Triangle Microworks Scada Data Gateway

Name of the Vulnerable Software and Affected Versions: Triangle MicroWorks SCADA Data Gateway affected versions not specified Description: This issue allows network-adjacent attackers to bypass authentication on affected installations of Triangle MicroWorks SCADA Data Gateway. The specific flaw...

CVE-2021-4228

Use of hard-coded TLS certificate by default allows an attacker to perform Man-in-the-Middle MitM attacks even in the presence of the HTTPS connection. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.00.0...

PT-2022-11583 · Lanner · Iac-Ast2500A

Name of the Vulnerable Software and Affected Versions: Lanner Inc IAC-AST2500A standard firmware version 1.00.0 Description: The issue allows an attacker to perform Man-in-the-Middle MitM attacks, even when an HTTPS connection is present, due to the use of a hard-coded TLS certificate by default...

AKUVOX NETWORKS R50P VoIP phone Trust Management Issue Vulnerability

AKUVOX NETWORKS R50P VoIP phone is an IP phone from AKUVOX NETWORKS, China. A trust management issue vulnerability exists in AKUVOX NETWORKS R50P VoIP phone version 50.0.6.156, which arises from the lack of an effective trust management mechanism in a networked system or product, and can be...

WAGO Industrial Managed Switches 852-303, 852-1305 and 852-1505 Trust Management Issue Vulnerability

WAGO Industrial Managed Switches 852-303 and so on are a kind of industrial managed switches from Germany WAGO company. A trust management issue exists in the WAGO Industrial Managed Switches 852-303 before 1.2.2.S0, 852-1305 before 1.1.6.S0, and 852-1505 before 1.1.5.S0, which can be exploited t...