Auto-Maskin DCU 210E RP 210E and Marine Pro Observer App

Overview Auto-Maskin RP remote panels and DCU controls units are used to monitor and control ship engines. The units have several authentication and encryption vulnerabilities which can allow attackers to access the units and control connected engines. Description CWE 798: ​Use of Hard-Coded...

CVE-2018-15389

Cisco Prime Collaboration Provisioning (PCP) contains a vulnerability in its install function that allows an unauthenticated, remote attacker to reach the administrative web interface by using a default hard-coded username/password used during install. This can grant administrator-level access. M...

Security Bulletin: IBM Security Key Lifecycle Manager Uses Hard-coded Credentials (CVE-2018-1742)

Summary IBMSecurity Key Lifecycle Manager contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. Vulnerability Details CVEID: CVE-2018-1742...

Multiple vulnerabilities in Denbun

Overview Denbun provided by NEOJAPAN Inc. is a WebMail System. Denbun contains multiple vulnerabilities listed below. Hard-coded credentials for user account CWE-798 - CVE-2018-0680 Hard-coded credentials for the configuration management page CWE-798 - CVE-2018-0681 Improper session management...

JVN#00344155: Multiple vulnerabilities in Denbun

Denbun provided by NEOJAPAN Inc. is a WebMail System. Denbun contains multiple vulnerabilities listed below. Hard-coded credentials for user account CWE-798 - CVE-2018-0680 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H| Base Score: 9.8 CVSS v2|...

Collectric CMU 1.0 - lang Hard-Coded Credentials SQL injection

Collectric CMU 1.0 - lang Hard-Coded Credentials SQL injection Exploit Title: Collectric CMU 1.0 - 'lang' SQL injection Google Dork: "Inloggning Collectric CMU" Discoverer: Simon Brannstrom Date: 2018-09-15 Vendor Homepage: http://ourenergy.se/ Software Link: n/a Version: All known versions Teste...

Collectric CMU 1.0 - 'lang' Hard-Coded Credentials / SQL injection

Exploit Title: Collectric CMU 1.0 - 'lang' SQL injection Google Dork: "Inloggning Collectric CMU" Discoverer: Simon Brannstrom Date: 2018-09-15 Vendor Homepage: http://ourenergy.se/ Software Link: n/a Version: All known versions Tested on: Linux CVE: N/A About: Collectric CMU is a Swedish made...

POSIM EVO for Windows Arbitrary Code Execution Vulnerability

POSIM EVO for Windows is a point-of-sale POS and inventory management system. The system includes features such as customer information management, email marketing and inventory management. An arbitrary code execution vulnerability exists in version 15.13 of POSIM EVO for Windows-based platforms,...

PLANEX CS-QR20 Hardcoded Voucher Vulnerability

PLANEX is a Japanese networking brand company brands PCI and PLANEX. We provide products from enterprise customers to home customers e.g., network cards, routers, switches, L3 managed switches, accessories, Bluetooth products, print servers, Apple peripherals, network storage devices, etc.. PLANE...

Hard-coded credential vulnerability in multiple Philips products

Philips PageWriter TC10 Cardiograph and others are different models of electrocardiograph equipment from Philips Netherlands. A security vulnerability exists in a number of Philips products that stems from the program's use of hard-coded credentials. An attacker in close physical proximity could...

Hughes Broadband Satellite Modems Multiple Vulnerabilities

Hughes Broadband Satellite Modem is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Multiple vulnerabilities in multiple I-O DATA network camera products

Overview Multiple network camera products provided by I-O DATA DEVICE, INC. contain multiple vulnerabilities listed below. Permissions, Privileges, and Access Controls CWE-264 - CVE-2018-0661 Insufficient Verification of Data Authenticity CWE-345 - CVE-2018-0662 Use of Hard-coded Credentials...

JVN#83701666: Multiple vulnerabilities in multiple I-O DATA network camera products

Multiple network camera products provided by I-O DATA DEVICE, INC. contain multiple vulnerabilities listed below. Permissions, Privileges, and Access Controls CWE-264 - CVE-2018-0661 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L| Base Score: 6.3 CVSS v2|...

CVE-2018-10592

Yokogawa STARDOM FCJ controllers R4.02 and prior, FCN-100 controllers R4.02 and prior, FCN-RTU controllers R4.02 and prior, and FCN-500 controllers R4.02 and prior utilize hard-coded credentials that could allow an attacker to gain unauthorized administrative access to the device, which could...

CVE-2018-10592

Yokogawa STARDOM FCJ controllers R4.02 and prior, FCN-100 controllers R4.02 and prior, FCN-RTU controllers R4.02 and prior, and FCN-500 controllers R4.02 and prior utilize hard-coded credentials that could allow an attacker to gain unauthorized administrative access to the device, which could...

CVE-2018-10592

Yokogawa STARDOM FCJ controllers R4.02 and prior, FCN-100 controllers R4.02 and prior, FCN-RTU controllers R4.02 and prior, and FCN-500 controllers R4.02 and prior utilize hard-coded credentials that could allow an attacker to gain unauthorized administrative access to the device, which could...

CVE-2018-10592

CVE-2018-10592 affects Yokogawa STARDOM controllers: FCJ (R4.02 and prior), FCN-100 (R4.02 and prior), FCN-RTU (R4.02 and prior), and FCN-500 (R4.02 and prior); updates show affected families also include R4.10 and prior. Root cause is use of hard-coded credentials that could allow an attacker to...

CVE-2018-9068

The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. This information is made available for download through an SFTP server hosted on the IMM2 management network interface. In versions earlier than 4.90 for Leno...

CVE-2018-9068

The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. This information is made available for download through an SFTP server hosted on the IMM2 management network interface. In versions earlier than 4.90 for Leno...

CVE-2018-9068

The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. This information is made available for download through an SFTP server hosted on the IMM2 management network interface. In versions earlier than 4.90 for Leno...