CVE-2022-26671 TAIWAN SECOM CO., LTD., a xDoor Access Control and Personnel Attendance Management system - Hard-coded Credentials

Taiwan Secom Dr.ID Access Control system’s login page has a hard-coded credential in the source code. An unauthenticated remote attacker can use the hard-coded credential to acquire partial system information and modify system setting to cause partial disrupt of service...

The vulnerability of the centralized system for managing emergency messages and events in CAMS for HIS distributed control systems CENTUM VP and CENTUM VP Entry Class, along with the OPC-server Exaopc, allows a perpetrator to increase their privileges.

The vulnerability of the centralized system for managing emergency messages and events in CAMS for HIS distributed control systems CENTUM VP and CENTUM VP Entry Class, along with the OPC-server Exaopc, stems from the use of rigidly encoded user credentials. Exploiting this vulnerability could all...

Pepperl+Fuchs WirelessHART-Gateway

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Pepperl+Fuchs Equipment: WirelessHART-Gateway Vulnerabilities: Use of Hard-coded Credentials, Uncontrolled Resource Consumption, Reliance on Reverse DNS Resolution for a Security-critical Action, Path...

Yokogawa CENTUM and Exaopc Use of Hard-Coded Credentials (CVE-2022-21194)

The following Yokogawa Electric products do not change the passwords of the internal Windows accounts from the initial configuration: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.0, Exaopc versions from R3.72.00 to R3.79.00. This plugin only works with...

Schneider Electric ConneXium Tofino Firewall和Schneider Electric Belden Tofino Xenon Security Appliance 信任管理问题漏洞

Schneider Electric ConneXium Tofino Firewall and Schneider Electric Belden Tofino Xenon Security Appliance are both products of Schneider Electric, a French company. The Schneider Electric ConneXium Tofino Firewall is a firewall appliance and the Schneider Electric Belden Tofino Xenon Security...

GitLab Community Edition和GitLab Enterprise Edition 信任管理问题漏洞

GitLab Enterprise Edition is a content management system, and GitLab Community Edition is a community edition of GitLab from GitLab, Inc. A trust management issue vulnerability exists in GitLab Community Edition CE and Enterprise Edition EE due to the presence of hard-coded credentials in...

Yokogawa CENTUM and Exaopc Use of Hard-Coded Credentials (CVE-2022-23402)

The following Yokogawa Electric products hard-code the password for CAMS server applications: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00 This plugin only works with Tenable.ot. Please visit...

Baicells Nova436Q和Neutrino 430 信任管理问题漏洞

The Baicells Nova436Q and Baicells Neutrino 430 are both products of Baicells Incorporated, U.S.A. The Baicells Nova436Q is a state-of-the-art dual-carrier outdoor eNodeB eNB.The Baicells Neutrino 430 is a dual-carrier pico-microcell. A security vulnerability exists in the firmware of the Baicell...

Yokogawa CENTUM and Exaopc

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Yokogawa Equipment: CENTUM and Exaopc Vulnerabilities: Use of Hard-coded Credentials, Relative Path Traversal, Improper Output Neutralization for Logs, OS Command Injection, Permissions, Privileges...

CVE-2021-45877

Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by hard coded credentials. A hardcoded credential exist in /etc/tomcat8/tomcat-user.xml, which allows attackers to gain authorized access and control the tomcat completely on port 8000 in the tomcat manger page...

CVE-2021-45877

Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by hard coded credentials. A hardcoded credential exist in /etc/tomcat8/tomcat-user.xml, which allows attackers to gain authorized access and control the tomcat completely on port 8000 in the tomcat manger page...

CVE-2021-45877

CVE-2021-45877 affects multiple GARO Wallbox GLB/GTB/GTC versions; root cause is a hard-coded credential in /etc/tomcat8/tomcat-user.xml that allows attackers to gain authorized access and take full control of Tomcat on port 8000 (Tomcat manager page). The connected sources corroborate the impact...

CVE-2021-45877

Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by hard coded credentials. A hardcoded credential exist in /etc/tomcat8/tomcat-user.xml, which allows attackers to gain authorized access and control the tomcat completely on port 8000 in the tomcat manger page...

CVE-2022-25246

Axeda agent All versions and Axeda Desktop Server for Windows All versions uses hard-coded credentials for its UltraVNC installation. Successful exploitation of this vulnerability could allow a remote authenticated attacker to take full remote control of the host operating system...

CVE-2022-25246

Axeda agent All versions and Axeda Desktop Server for Windows All versions uses hard-coded credentials for its UltraVNC installation. Successful exploitation of this vulnerability could allow a remote authenticated attacker to take full remote control of the host operating system...

CVE-2022-25246 PTC Axeda agent and Axeda Desktop Server Use of Hard-Coded Credentials

Axeda agent All versions and Axeda Desktop Server for Windows All versions uses hard-coded credentials for its UltraVNC installation. Successful exploitation of this vulnerability could allow a remote authenticated attacker to take full remote control of the host operating system...

CVE-2022-25246

CVE-2022-25246 affects the PTC Axeda agent and Axeda Desktop Server for Windows (all versions). The vulnerability is due to the use of hard-coded credentials for the UltraVNC installation, which could enable a remote, authenticated attacker to take full remote control of the host OS. The related ...

CVE-2022-25246 PTC Axeda agent and Axeda Desktop Server Use of Hard-Coded Credentials

Axeda agent All versions and Axeda Desktop Server for Windows All versions uses hard-coded credentials for its UltraVNC installation. Successful exploitation of this vulnerability could allow a remote authenticated attacker to take full remote control of the host operating system...

CVE-2022-25213

Improper physical access control and use of hard-coded credentials in /etc/passwd permits an attacker with physical access to obtain a root shell via an unprotected UART port on the device. The same port exposes an unauthenticated Das U-Boot BIOS shell...

CVE-2022-25213

Improper physical access control and use of hard-coded credentials in /etc/passwd permits an attacker with physical access to obtain a root shell via an unprotected UART port on the device. The same port exposes an unauthenticated Das U-Boot BIOS shell...