8071 matches found
CVE-2021-45877
CVE-2021-45877 affects multiple GARO Wallbox GLB/GTB/GTC versions; root cause is a hard-coded credential in /etc/tomcat8/tomcat-user.xml that allows attackers to gain authorized access and take full control of Tomcat on port 8000 (Tomcat manager page). The connected sources corroborate the impact...
GARO Wallbox GLB/GTB/GTC 信任管理问题漏洞
The GARO Wallbox GLB/GTB/GTC is an electric vehicle charger from the Swedish company GARO. A security vulnerability exists in the GARO Wallbox GLB/GTB/GTC that originates from the presence of a hard-coded credential in /etc/tomcat8/tomcat-user.xml. An attacker can use this vulnerability to gain...
CVE-2020-25193
By having access to the hard-coded cryptographic key for GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06, attackers would be able to intercept and decrypt encrypted traffic through an HTTPS connection...
CVE-2020-25193 GE Reason RT43X Clocks Use of Hard-coded Cryptographic Key
By having access to the hard-coded cryptographic key for GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06, attackers would be able to intercept and decrypt encrypted traffic through an HTTPS connection...
CVE-2020-25193 GE Reason RT43X Clocks Use of Hard-coded Cryptographic Key
By having access to the hard-coded cryptographic key for GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06, attackers would be able to intercept and decrypt encrypted traffic through an HTTPS connection...
CVE-2020-25180 Rockwell Automation ISaGRAF5 Runtime Use of Hard-coded Cryptographic Key
Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x includes the functionality of setting a password that is required to execute privileged commands. The password value passed to ISaGRAF Runtime is the result of encryption performed with a fixed key value using the tiny encryption algorithm...
CVE-2022-25246
Axeda agent All versions and Axeda Desktop Server for Windows All versions uses hard-coded credentials for its UltraVNC installation. Successful exploitation of this vulnerability could allow a remote authenticated attacker to take full remote control of the host operating system...
CVE-2022-25246
Axeda agent All versions and Axeda Desktop Server for Windows All versions uses hard-coded credentials for its UltraVNC installation. Successful exploitation of this vulnerability could allow a remote authenticated attacker to take full remote control of the host operating system...
CVE-2022-25246 PTC Axeda agent and Axeda Desktop Server Use of Hard-Coded Credentials
Axeda agent All versions and Axeda Desktop Server for Windows All versions uses hard-coded credentials for its UltraVNC installation. Successful exploitation of this vulnerability could allow a remote authenticated attacker to take full remote control of the host operating system...
CVE-2022-25246 PTC Axeda agent and Axeda Desktop Server Use of Hard-Coded Credentials
Axeda agent All versions and Axeda Desktop Server for Windows All versions uses hard-coded credentials for its UltraVNC installation. Successful exploitation of this vulnerability could allow a remote authenticated attacker to take full remote control of the host operating system...
CVE-2022-25246
CVE-2022-25246 affects the PTC Axeda agent and Axeda Desktop Server for Windows (all versions). The vulnerability is due to the use of hard-coded credentials for the UltraVNC installation, which could enable a remote, authenticated attacker to take full remote control of the host OS. The related ...
CVE-2022-23402
The following Yokogawa Electric products hard-code the password for CAMS server applications: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00...
CVE-2022-23402
The following Yokogawa Electric products hard-code the password for CAMS server applications: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00...
Design/Logic Flaw
The following Yokogawa Electric products hard-code the password for CAMS server applications: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00...
FreeTAKServer 信任管理问题漏洞
FreeTAKServer is an open source lightweight server from the FreeTAKTeam team. It is used to connect to TAK clients. FreeTakServer suffers from a trust management issue vulnerability that stems from the fact that the Flask Secrets Key has three relevant locations that are hard-coded, which can be...
CVE-2022-25217
Use of a hard-coded cryptographic key pair by the telnetdstartup service allows an attacker on the local area network to obtain a root shell on the device over telnet. The builds of telnetdstartup included in the version 22.5.9.163 of the K2 firmware, and version 32.1.15.93 of the K3C firmware...
CVE-2022-25217
Use of a hard-coded cryptographic key pair by the telnetdstartup service allows an attacker on the local area network to obtain a root shell on the device over telnet. The builds of telnetdstartup included in the version 22.5.9.163 of the K2 firmware, and version 32.1.15.93 of the K3C firmware...
CVE-2022-25217
Use of a hard-coded cryptographic key pair by the telnetdstartup service allows an attacker on the local area network to obtain a root shell on the device over telnet. The builds of telnetdstartup included in the version 22.5.9.163 of the K2 firmware, and version 32.1.15.93 of the K3C firmware...
CVE-2022-25213
Improper physical access control and use of hard-coded credentials in /etc/passwd permits an attacker with physical access to obtain a root shell via an unprotected UART port on the device. The same port exposes an unauthenticated Das U-Boot BIOS shell...
CVE-2022-25213
Improper physical access control and use of hard-coded credentials in /etc/passwd permits an attacker with physical access to obtain a root shell via an unprotected UART port on the device. The same port exposes an unauthenticated Das U-Boot BIOS shell...