Lucene search
K

8071 matches found

CVE
CVE
added 2022/03/21 10:38 a.m.64 views

CVE-2021-45877

CVE-2021-45877 affects multiple GARO Wallbox GLB/GTB/GTC versions; root cause is a hard-coded credential in /etc/tomcat8/tomcat-user.xml that allows attackers to gain authorized access and take full control of Tomcat on port 8000 (Tomcat manager page). The connected sources corroborate the impact...

9.8CVSS9.4AI score0.01082EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/03/21 12:0 a.m.3 views

GARO Wallbox GLB/GTB/GTC 信任管理问题漏洞

The GARO Wallbox GLB/GTB/GTC is an electric vehicle charger from the Swedish company GARO. A security vulnerability exists in the GARO Wallbox GLB/GTB/GTC that originates from the presence of a hard-coded credential in /etc/tomcat8/tomcat-user.xml. An attacker can use this vulnerability to gain...

9.8CVSS8.4AI score0.01082EPSS
Exploits0References2
OSV
OSV
added 2022/03/18 6:15 p.m.4 views

CVE-2020-25193

By having access to the hard-coded cryptographic key for GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06, attackers would be able to intercept and decrypt encrypted traffic through an HTTPS connection...

5.3CVSS5.8AI score0.00825EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/03/18 6:0 p.m.21 views

CVE-2020-25193 GE Reason RT43X Clocks Use of Hard-coded Cryptographic Key

By having access to the hard-coded cryptographic key for GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06, attackers would be able to intercept and decrypt encrypted traffic through an HTTPS connection...

5.3CVSS5.3AI score0.00825EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/03/18 6:0 p.m.6 views

CVE-2020-25193 GE Reason RT43X Clocks Use of Hard-coded Cryptographic Key

By having access to the hard-coded cryptographic key for GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06, attackers would be able to intercept and decrypt encrypted traffic through an HTTPS connection...

5.3CVSS5.3AI score0.00825EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/03/18 6:0 p.m.17 views

CVE-2020-25180 Rockwell Automation ISaGRAF5 Runtime Use of Hard-coded Cryptographic Key

Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x includes the functionality of setting a password that is required to execute privileged commands. The password value passed to ISaGRAF Runtime is the result of encryption performed with a fixed key value using the tiny encryption algorithm...

5.3CVSS6.5AI score0.01122EPSS
Exploits0References4
OSV
OSV
added 2022/03/16 3:15 p.m.3 views

CVE-2022-25246

Axeda agent All versions and Axeda Desktop Server for Windows All versions uses hard-coded credentials for its UltraVNC installation. Successful exploitation of this vulnerability could allow a remote authenticated attacker to take full remote control of the host operating system...

8.8CVSS5.8AI score
Exploits0References2
NVD
NVD
added 2022/03/16 3:15 p.m.10 views

CVE-2022-25246

Axeda agent All versions and Axeda Desktop Server for Windows All versions uses hard-coded credentials for its UltraVNC installation. Successful exploitation of this vulnerability could allow a remote authenticated attacker to take full remote control of the host operating system...

9.8CVSS0.01737EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/03/16 2:3 p.m.16 views

CVE-2022-25246 PTC Axeda agent and Axeda Desktop Server Use of Hard-Coded Credentials

Axeda agent All versions and Axeda Desktop Server for Windows All versions uses hard-coded credentials for its UltraVNC installation. Successful exploitation of this vulnerability could allow a remote authenticated attacker to take full remote control of the host operating system...

9.8CVSS9.3AI score0.01737EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/03/16 2:3 p.m.6 views

CVE-2022-25246 PTC Axeda agent and Axeda Desktop Server Use of Hard-Coded Credentials

Axeda agent All versions and Axeda Desktop Server for Windows All versions uses hard-coded credentials for its UltraVNC installation. Successful exploitation of this vulnerability could allow a remote authenticated attacker to take full remote control of the host operating system...

9.8CVSS9.3AI score0.01737EPSS
Exploits0References2
CVE
CVE
added 2022/03/16 2:3 p.m.89 views

CVE-2022-25246

CVE-2022-25246 affects the PTC Axeda agent and Axeda Desktop Server for Windows (all versions). The vulnerability is due to the use of hard-coded credentials for the UltraVNC installation, which could enable a remote, authenticated attacker to take full remote control of the host OS. The related ...

9.8CVSS9.1AI score0.01737EPSS
Exploits0References2Affected Software2
ATTACKERKB
ATTACKERKB
added 2022/03/11 9:15 a.m.4 views

CVE-2022-23402

The following Yokogawa Electric products hard-code the password for CAMS server applications: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00...

9.8CVSS7.2AI score0.00958EPSS
Exploits0References2
NVD
NVD
added 2022/03/11 9:15 a.m.19 views

CVE-2022-23402

The following Yokogawa Electric products hard-code the password for CAMS server applications: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00...

9.8CVSS0.00958EPSS
Exploits0References1
Prion
Prion
added 2022/03/11 9:15 a.m.18 views

Design/Logic Flaw

The following Yokogawa Electric products hard-code the password for CAMS server applications: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00...

7.5CVSS9.5AI score0.00958EPSS
Exploits0References1Affected Software3
CNNVD
CNNVD
added 2022/03/11 12:0 a.m.3 views

FreeTAKServer 信任管理问题漏洞

FreeTAKServer is an open source lightweight server from the FreeTAKTeam team. It is used to connect to TAK clients. FreeTakServer suffers from a trust management issue vulnerability that stems from the fact that the Flask Secrets Key has three relevant locations that are hard-coded, which can be...

8.8CVSS5.7AI score0.01035EPSS
Exploits1References2
OSV
OSV
added 2022/03/10 5:47 p.m.5 views

CVE-2022-25217

Use of a hard-coded cryptographic key pair by the telnetdstartup service allows an attacker on the local area network to obtain a root shell on the device over telnet. The builds of telnetdstartup included in the version 22.5.9.163 of the K2 firmware, and version 32.1.15.93 of the K3C firmware...

7.8CVSS5.8AI score0.00324EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/03/10 5:47 p.m.5 views

CVE-2022-25217

Use of a hard-coded cryptographic key pair by the telnetdstartup service allows an attacker on the local area network to obtain a root shell on the device over telnet. The builds of telnetdstartup included in the version 22.5.9.163 of the K2 firmware, and version 32.1.15.93 of the K3C firmware...

7.8CVSS7.1AI score0.00324EPSS
Exploits1References2
NVD
NVD
added 2022/03/10 5:47 p.m.13 views

CVE-2022-25217

Use of a hard-coded cryptographic key pair by the telnetdstartup service allows an attacker on the local area network to obtain a root shell on the device over telnet. The builds of telnetdstartup included in the version 22.5.9.163 of the K2 firmware, and version 32.1.15.93 of the K3C firmware...

7.8CVSS0.00324EPSS
Exploits1References1
OSV
OSV
added 2022/03/10 5:47 p.m.2 views

CVE-2022-25213

Improper physical access control and use of hard-coded credentials in /etc/passwd permits an attacker with physical access to obtain a root shell via an unprotected UART port on the device. The same port exposes an unauthenticated Das U-Boot BIOS shell...

6.8CVSS5.8AI score0.00363EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/03/10 5:47 p.m.5 views

CVE-2022-25213

Improper physical access control and use of hard-coded credentials in /etc/passwd permits an attacker with physical access to obtain a root shell via an unprotected UART port on the device. The same port exposes an unauthenticated Das U-Boot BIOS shell...

7.2CVSS6.7AI score0.00363EPSS
Exploits1References2
Rows per page
Query Builder