Hospira MedNet Hardcoded Key Vulnerability

MedNet manages drug libraries, firmware updates, and configurations for Hospira IV pumps for use in the healthcare and public health sectors. MedNet uses hard-coded keys that allow attackers to intercept encrypted communications from syringe pumps...

Schneider Electric InduSoft Web Studio and InTouch Machine Edition Information Disclosure Vulnerability (CNVD-2015-02059)

Schneider Electric InduSoft Web Studio and InTouch Machine Edition are both an embedded HMI software package from Schneider Electric France. A security vulnerability exists in Schneider Electric InduSoft Web Studio prior to version 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 prior to...

SerVision HVG Security Bypass Vulnerability

SerVision HVG Video Gateway is an intelligent video gateway product from SerVision Israel. A security vulnerability exists in SerVision HVG Video Gateway versions prior to 2.2.26a78, which stems from the program's use of a hard-coded administrator password. A remote attacker can exploit this...

SerVision HVG Video Gateway web interface contains multiple vulnerabilities

Overview SerVision HVG Video Gateway web interface contains multiple vulnerabilities affecting multiple firmware versions. Description CWE-288: Authentication Bypass Using an Alternate Path or Channel, andCWE-284: Improper Access Control - CVE-2015-0929By visiting time.htm, a user is issued a...

Fortinet FortiClient Hardcoded Encryption Keys / Broken SSL Validation

, , . '.' '. ', . , '. , .', , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' =''"''=. presents.. Fortinet FortiClient Multiple Vulnerabilities Affected Versions: Verified on FortiClient iOS v5.2.028 and FortiClient Android 5.2.3.091 PDF:...

Hard-Coded FTP Credentials Found in Schneider Electric SCADA Gateway

The parade of easily exploitable, critical vulnerabilities in ICS software shows no signs of ending anytime soon, with the latest entrant being two flaws in Schneider Electric’s ETG3000 FactoryCast HMI Gateway that allow unauthenticated remote access to the device’s FTP server and configuration...

Barracuda Load Balancer ADC Key Recovery / Password Reset Vulnerabilities

Barracuda Load Balancer ADC with firmware version 5.0.0.015 suffers from multiple security issues. There is an ability to recover the file system encryption keys via simil cold-boot attack, an off-line super user password reset via physical attack, hard-coded credential and hard-coded ssh key...

Ceragon FiberAir IP-10 Hardcoded Credentials Security Bypass Vulnerability

The Ceragon FiberAir IP-10 is a wireless microwave device. A security vulnerability exists in the hard-coded credentials of the Ceragon FiberAir IP-10, which could be exploited by an attacker to bypass certain authentication to access the device...

GE Ethernet Switches Have Hard-Coded SSL Key

There is a hard-coded private SSL key present in a number of hardened, managed Ethernet switches made by GE and designed for use in industrial and transportation systems. Researchers discovered that an attacker could extract the key from the firmware remotely. The vulnerability exists in a number...

OS X 10.9.x - sysmond XPC Privilege Escalation Vulnerability

Exploit for macOS platform in category local exploits / Source: https://code.google.com/p/google-security-research/issues/detail?id=121 / / tested on OS X 10.9.5 - uses some hard-coded offsets which will have to be fixed-up for other versions! this poc uses liblorgnette to resolve some private...

Hospira MedNet Vulnerabilitie

OVERVIEW Independent researcher Billy Rios has identified four vulnerabilities in Hospira’s MedNet server software. Hospira has released a new version of the MedNet software and provided mitigation recommendations that mitigate the reported vulnerabilities. Three of the four vulnerabilities could...

Netcore (Netis) Router 53413/UDP Backdoor Service Vulnerability

Netcore is a Shenzhen Lei Ke network communications producer, the main products involved in wireless routers, wireless network cards, network cards, hubs, switches, broadband routers, Layer 2, 3 and 4 switches, optical terminals. A large number of Netcore/Netis router products in the implementati...

CVE-2014-8518

The 1 Removable Media and 2 CD and DVD encryption offsite access options formerly Endpoint Encryption for Removable Media or EERM in McAfee File and Removable Media Protection FRP 4.3.0.x, and Endpoint Encryption for Files and Folders EEFF 3.2.x through 4.2.x, uses a hard-coded salt, which makes ...

CVE-2014-8518

The 1 Removable Media and 2 CD and DVD encryption offsite access options formerly Endpoint Encryption for Removable Media or EERM in McAfee File and Removable Media Protection FRP 4.3.0.x, and Endpoint Encryption for Files and Folders EEFF 3.2.x through 4.2.x, uses a hard-coded salt, which makes ...

Siemens Patches Five Vulnerabilities in SIMATIC WinCC for PCS 7

Siemens has patched five vulnerabilities in its SIMATIC PCS 7 system that could result in privilege escalation and give an attacker unauthenticated access to sensitive data. The flaws technically exist in WinCC, a SCADA supervisory control and data acquisition and HMI human-machine interface syst...

HardCoded Backdoor Found in China-made Netis, Netcore Routers

Routers manufactured and sold by Chinese security vendor have a hard-coded password that leaves users with a wide-open backdoor that could easily be exploited by attackers to monitor the Internet traffic. The routers are sold under the brand name Netcore in China, and Netis in other parts of the...

TP-Link IP cameras multiple vulnerabilities detailed analysis-vulnerability warning-the black bar safety net

Vulnerability description: In the TP-LinkTL-SC3171 IP Cameras Network Camera version of the LM. 1. 6. 18P12sign5 of the firmware found on the multiple vulnerabilities, these vulnerabilities allow an attacker to do the following things: 1: The CVE-2 0 1 3-2 5 7 8 file /cgi-bin/admin/servetest...

Cobham Aviator satellite terminals contain multiple vulnerabilities

Overview Cobham Aviator 700D and 700E satellite terminals contain multiple vulnerabilities. Description Cobham Aviator 700D and 700E satellite communication terminals contain the following vulnerabilities:CWE-327:Use of a Broken or Risky Cryptographic Algorithm - CVE-2014-2942 Please note that th...

[Onapsis Security Advisory 2014-024] Hard-coded Username in SAP FI Manager Self-Service

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2014-024: Hard-coded Username in SAP FI Manager Self-Service This advisory can be downloaded in PDF format from http://www.onapsis.com/. By downloading this advisory from the Onapsis Resource Center, you will gain access to...

CVE-2014-5176

SAP FI Manager Self-Service has a hard-coded user name, which makes it easier for remote attackers to obtain access via unspecified vectors...