Mitsubishi Electric MELSEC iQ-R Series/iQ-F Series Use of Hard-Coded Credentials (CVE-2023-2061)

Use of Hard-coded Password vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to obtain a hard-coded password and access to the module via...

Schneider Electric Modicon Premium, Modicon Quantum, Modicon M340, and Modicon BMXNOR0200 Use of Hard-Coded Credentials (CVE-2018-7241)

Hard coded accounts exist in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

CVE-2023-2611 Advantech R-SeeNet Use of Hard-coded Credentials

Advantech R-SeeNet versions 2.4.22 is installed with a hidden root-level user that is not available in the users list. This hidden user has a password that cannot be changed by users...

CVE-2023-2611 Advantech R-SeeNet Use of Hard-coded Credentials

Advantech R-SeeNet versions 2.4.22 is installed with a hidden root-level user that is not available in the users list. This hidden user has a password that cannot be changed by users...

PT-2023-3302 · Advantech · Advantech R-Seenet

Name of the Vulnerable Software and Affected Versions: Advantech R-SeeNet version 2.4.22 Description: The issue is related to the use of hard-coded credentials in Advantech R-SeeNet. This allows a remote attacker to exploit the vulnerability and gain elevated privileges. The software comes with a...

CVE-2023-32274

Enphase Installer Toolkit versions 3.27.0 has hard coded credentials embedded in binary code in the Android application. An attacker can exploit this and gain access to sensitive information...

CVE-2023-32274

Enphase Installer Toolkit versions 3.27.0 has hard coded credentials embedded in binary code in the Android application. An attacker can exploit this and gain access to sensitive information...

CVE-2023-32274

CVE-2023-32274 affects Enphase Installer Toolkit for Android, version 3.27.0, due to hard-coded credentials embedded in the binary. This is described as a trust/credential management issue that could allow an attacker to gain access to sensitive information. The ICS advisory ICSA-23-171-02 confir...

CVE-2023-32274 Enphase Installer Toolkit Android App Use of Hard-coded Credentials

Enphase Installer Toolkit versions 3.27.0 has hard coded credentials embedded in binary code in the Android application. An attacker can exploit this and gain access to sensitive information...

Enphase Energy Installer Toolkit 信任管理问题漏洞

Enphase Energy Installer Toolkit is an installer toolkit from Enphase Energy, USA. Enphase Energy Installer Toolkit version 3.27.0 suffers from a trust management issue vulnerability that stems from hard-coded credentials embedded in the binary code of an Android application. An attacker could...

PT-2023-23694 · Enphase · Enphase Installer Toolkit

Name of the Vulnerable Software and Affected Versions: Enphase Installer Toolkit version 3.27.0 Description: The issue concerns hard-coded credentials embedded in the binary code of the Android application. An attacker can exploit this to gain access to sensitive information. Recommendations: For...

Eaton Power Xpert Meter Use of Hard-coded Credentials (CVE-2018-16158)

Eaton Power Xpert Meter 4000, 6000, and 8000 devices before 13.4.0.10 have a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins to uid 0 via the PubkeyAuthentication...

Siemens CP-8031 信任管理问题漏洞

The SICAM A8000 RTUs Remote Terminal Units series is a modular device family for remote control and automation applications in all areas of energy supply. A hard-coded credentials vulnerability exists in the Siemens SICAM A8000 Devices CPCI85 Firmware, which can be exploited by an attacker to log...

PT-2023-4274 · Unknown · Cp-8050 Master Module +1

Name of the Vulnerable Software and Affected Versions: CP-8031 MASTER MODULE versions prior to CPCI85 V05 CP-8050 MASTER MODULE versions prior to CPCI85 V05 Description: A vulnerability has been identified that involves the use of hard-coded credentials in the firmware of the affected devices. Th...

Siemens SICAM A8000 Devices

​​As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services ...

Anevia Flamingo XL/XS 3.6.x Default / Hardcoded Credentials

Anevia Flamingo XL/XS 3.6.x Default/Hard-coded Credentials Vendor: Ateme Product web page: https://www.ateme.com Affected version: 3.6.20, 3.2.9 Hardware revision 1.1, 1.0 SoapLive 2.4.1, 2.0.3 SoapSystem 1.3.1 Summary: Flamingo XL, a new modular and high-density IPTV head-end product for...

Anevia Flamingo XL/XS 3.6.x Default / Hardcoded Credentials Vulnerability

Anevia Flamingo XL/XS versions 3.6.20 and 3.2.9 have a weak set of default and hardcoded administrative credentials that can be easily guessed in remote password attacks and gain full control of the system. Anevia Flamingo XL/XS 3.6.x Default/Hard-coded Credentials Vendor: Ateme Product web page:...

NETGEAR RAX30 Use of Hard-coded Credentials Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the system configuration. The system contains a hardcoded user account...

Mitsubishi Electric MELSEC iQ-R Series/iQ-F Series (Update C)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : Mitsubishi Electric Equipment : MELSEC iQ-R Series/iQ-F Series EtherNet/IP Modules and EtherNet/IP Configuration Tool Vulnerabilities: Weak Password Requirements, Use of Hard-coded Credentials, Missin...

Hardcoded credentials

Use of Hard-coded Password vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to obtain a hard-coded password and access to the module via F...