Henry Schein Dentrix G5 uses hard-coded database credentials shared across multiple installations

Overview Henry Schein Dentrix G5, a dental practice management software suite, uses hard-coded database access credentials that are shared across multiple installation sites. An attacker who is able to obtain the credentials for one site may be able to gain access to other sites using the same...

Siemens WinCC 7.2 Multiple Vulnerabilities

OVERVIEW This advisory provides mitigation details for vulnerabilities that impact the Siemens WinCC Web Navigator 7.2. Researchers Alexander Tlyapov, Sergey Gordeychik, and Timur Yunusov of Positive Technologies have identified multiple vulnerabilities in the Siemens WinCC Web Navigator 7.2...

PT-2013-43: Hard-coded credentials in Siemens WinCC and SIMATIC PCS 7

The specialists of the Positive Research center have detected a vulnerability in Siemens WinCC and SIMATIC PCS 7 related to hard-coded credentials used in the login system . Attackers with network access and knowledge of the credentials could log into the Web Navigator Web applications as an...

TURCK BL20 and BL67 Programmable Gateway Hard-Coded User Accounts

OVERVIEW Researcher Rubén Santamarta of IOActive has identified hard-coded user accounts in TURCK’s BL20 and BL67 Programmable Gateways. Exploitation of this vulnerability would allow an attacker to have remote administrative access to the device. This vulnerability affects programmable gateways...

Schneider Electric Quantum Ethernet Module Hard-Coded Credentials

OVERVIEW --------- Begin Update B Part 1 of 3 -------- This updated advisory is a follow-up to the updated advisory titled ICSA-12-018-01A Schneider Electric Quantum Ethernet Module Hard-Coded Credentials that was published on June 04, 2013, on the ICS-CERT Web site. It is also a follow-up to the...

CVE-2012-4933

The rtrlet web application in the Web Console in Novell ZENworks Asset Management ZAM 7.5 uses a hard-coded username of Ivanhoe and a hard-coded password of Scott for the 1 GetFilePassword and 2 GetConfigInfoPassword operations, which allows remote attackers to obtain sensitive information via a...

CVE-2012-4933

The rtrlet web application in the Web Console in Novell ZENworks Asset Management ZAM 7.5 uses a hard-coded username of Ivanhoe and a hard-coded password of Scott for the 1 GetFilePassword and 2 GetConfigInfoPassword operations, which allows remote attackers to obtain sensitive information via a...

BigPond 3G21WB Multiple Vulnerabilities

Exploit for hardware platform in category web applications Hard-coded credentials and command-injection vulnerabilities on BigPond 3G21WB ============================================================================== ADVISORY INFORMATION Title: Hard-coded credentials and command-injection...

BigPond 3G21WB - Multiple Vulnerabilities

BigPond 3G21WB - Multiple Vulnerabilities Hard-coded credentials and command-injection vulnerabilities on BigPond 3G21WB ============================================================================== ADVISORY INFORMATION Title: Hard-coded credentials and command-injection vulnerabilities on BigPo...

BigPond 3G21WB security vulnerabilities

Hard coded credentials, commands injection...

BigPond 3G21WB - Multiple Vulnerabilities

Hard-coded credentials and command-injection vulnerabilities on BigPond 3G21WB ============================================================================== ADVISORY INFORMATION Title: Hard-coded credentials and command-injection vulnerabilities on BigPond 3G21WB Discovery date: 17/09/2012 Relea...

SCADA Hacking : Exploit released to Hack Solar Energy Plants

ICS-CERT - Industrial Control Systems Cyber Emergency Response Team has released the Advisory titled ICS-ALERT-12-284-01 - Sinapsi eSolar Light Multiple Vulnerabilities. They Report about report multiple vulnerabilities with proof-of-concept PoC exploit code that affecting the Sinapsi eSolar Ligh...

BigPond 3G21WB Hardcoded Credentials / Command Injection

Hard-coded credentials and command-injection vulnerabilities on BigPond 3G21WB ============================================================================== ADVISORY INFORMATION Title: Hard-coded credentials and command-injection vulnerabilities on BigPond 3G21WB Discovery date: 17/09/2012 Relea...

Carlo Gavazzi EOS Box Multiple Vulnerabilities

Overview This advisory provides mitigation details for multiple vulnerabilities that impact the Carlo Gavazzi EOS-Box Photovoltaic Monitoring System. Carlo Gavazzi has identified two vulnerabilities in the Carlo Gavazzi EOS-Box Photovoltaic Monitoring System. Carlo Gavazzi has produced a firmware...

Sinapsi Devices Vulnerabilities

Overview This advisory is a follow-up to the alert titled ICS-ALERT-12-284-01—Sinapsi eSolar Light Vulnerabilities that was published October 10, 2012. Independent researchers Roberto Paleari and Ivan Speziale identified four vulnerabilities and released proof-of-concept exploit code for the...

Korenix Jetport 5600 Series Hard-coded Credentials

Overview This advisory provides mitigation details for a vulnerability that impacts the Korenix JetPort 5600. Independent researcher Reid Wightman of Digital Bond identified undocumented hard-coded root credentials in the firmware of the Korenix JetPort 5600 system application without coordinatio...

HP SAN/iQ < 9.5 Root Shell Command Injection

The version of SAN/iQ running on the remote host has a command injection vulnerability. The hydra service, used for remote management and configuration, does not properly sanitize untrusted input. A remote attacker could exploit this to execute arbitrary commands as root. Authentication is...

Backdoor In Equipment Used For Traffic Control, Railways Called "Huge Risk"

UPDATE: Security researchers are warning about the risk posed by an embarrassing security hole in industrial control software by the firm RuggedCom. A hidden administrative account could give remote attackers easy access to critical equipment that is used to manage a wide range of critical...

WAGO I/O System 758 Series Hard-Coded Credentials Vulnerability (HTTP)

WAGO I/O System 758 series devices are using a set of hard-coded credentials. Copyright C 2012 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program i...

WAGO I/O System 758 Series Hard-Coded Credentials Vulnerability (Telnet)

WAGO I/O System 758 series devices are using a set of hard-coded credentials. Copyright C 2012 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program i...