CVE-2024-22313 IBM Storage Defender - Resiliency Service information disclosure

IBM Storage Defender - Resiliency Service 2.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 278749...

CVE-2024-22313

Affected product: IBM Storage Defender - Resiliency Service (2.0). Root cause: hard-coded credentials used for inbound authentication, outbound communication, or internal data encryption. Impact (as stated): information disclosure with local access risk (confidentiality impact). Remediation: IBM’...

CVE-2024-22313 IBM Storage Defender - Resiliency Service information disclosure

IBM Storage Defender - Resiliency Service 2.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 278749...

PT-2024-19336 · Ibm · Ibm Storage Defender - Resiliency Service

Name of the Vulnerable Software and Affected Versions: IBM Storage Defender - Resiliency Service version 2.0 Description: The issue concerns hard-coded credentials, such as a password or cryptographic key, used by IBM Storage Defender - Resiliency Service for inbound authentication, outbound...

Security Bulletin: Kubernetes secrets in IBM Storage Defender Connection Manager on-prem environment are not encrypted by default (CVE-2023-50957, CVE-2024-22312, CVE-2024-22313)

Summary Kubernetes secrets in the IBM Storage Defender Connection Manager on-premises environment OVA are obfuscated using base64 encoding instead of being encrypted. An attacker who has gained root access to the environment can read the secrets from the Kubernetes configuration. The...

CVE-2024-21764

In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the product uses hard-coded credentials, which may allow an attacker to connect to a specific port...

CVE-2024-21764

In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the product uses hard-coded credentials, which may allow an attacker to connect to a specific port...

PT-2024-1903 · Totolink · Totolink X6000R

Name of the Vulnerable Software and Affected Versions: Totolink X6000R version 9.4.0cu.852 B20230719 Description: A vulnerability was found in the file /etc/shadow of the Totolink X6000R, which is related to the use of hard-coded credentials. The manipulation of this vulnerability can lead to...

CVE-2024-21764 Use of Hard-Coded Credentials in Rapid SCADA

In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the product uses hard-coded credentials, which may allow an attacker to connect to a specific port...

CVE-2024-21764

CVE-2024-21764 affects Rapid SCADA, specifically versions prior to 5.8.4. The issue is caused by the use of hard-coded credentials, which may allow a remote attacker to connect to a specific port and, according to the PT-2024-1449 entry, could enable full control of the system. Remediation guidan...

CVE-2024-21764 Use of Hard-Coded Credentials in Rapid SCADA

In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the product uses hard-coded credentials, which may allow an attacker to connect to a specific port...

CVE-2023-46706 MachineSense FeverWarn Use of Hard-coded Credentials

Multiple MachineSense devices have credentials unable to be changed by the user or administrator...

CVE-2023-46706 MachineSense FeverWarn Use of Hard-coded Credentials

Multiple MachineSense devices have credentials unable to be changed by the user or administrator...

CVE-2024-1039

Gessler GmbH WEB-MASTER has a restoration account that uses weak hard coded credentials and if exploited could allow an attacker control over the web management of the device...

CVE-2024-1039

Gessler GmbH WEB-MASTER has a restoration account that uses weak hard coded credentials and if exploited could allow an attacker control over the web management of the device...

Gessler GmbH WEB-MASTER Authorization Issue Vulnerability

Gessler GmbH WEB-MASTER is an emergency lighting management system from Gessler GmbH, Germany. A security vulnerability exists in Gessler GmbH WEB-MASTER version 7.9, which stems from the use of weakly hard-coded credentials to recover accounts, and which could be exploited by an attacker to take...

PT-2024-16239 · Gessler Gmbh · Web-Master

Name of the Vulnerable Software and Affected Versions: Gessler GmbH WEB-MASTER affected versions not specified Description: The issue concerns a restoration account in Gessler GmbH WEB-MASTER that utilizes weak, hard-coded credentials. If exploited, this could grant an attacker control over the...

MachineSense FeverWarn Trust Management Issues Vulnerability

MachineSense FeverWarn is a temperature detection device from MachineSense. MachineSense FeverWarn is vulnerable to a trust management issue that stems from the use of hard-coded credentials...

IBM eFilm Workstation Trust Management Issues Vulnerabilities

IBM eFilm Workstation is a software application for viewing medical images from International Business Machines IBM. A security vulnerability exists in IBM eFilm Workstation that stems from the presence of a hard-coded credentials vulnerability. An unauthenticated, remote attacker could exploit...

MachineSense FeverWarn

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION : Exploitable remotely/low attack complexity Vendor : MachineSense LLC. Equipment : MachineSense FeverWarn Vulnerabilities: Missing Authentication for Critical Function, Use of Hard-coded Credentials, Improper Access Control, OS Command...