Lucene search
K

8070 matches found

CNNVD
CNNVD
added 2022/02/11 12:0 a.m.4 views

PHPGurukul Dairy Farm Shop Management System 信任管理问题漏洞

Dairy Farm Shop Management System is a PHP and MySQL based dairy farm management system . A hard-coded vulnerability exists in the Dairy Farm Shop Management System, which stems from hard-coded credentials in the code that can be exploited by an attacker to access the control panel...

9.8CVSS5.7AI score0.02313EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2022/02/09 11:15 p.m.6 views

CVE-2022-22813

A CWE-798: Use of Hard-coded Credentials vulnerability exists. If an attacker were to obtain the TLS cryptographic key and take active control of the Courier tunneling communication network, they could potentially observe and manipulate traffic associated with product configuration...

9.8CVSS7.3AI score0.01054EPSS
Exploits0References2
Prion
Prion
added 2022/02/09 11:15 p.m.14 views

Hardcoded credentials

A CWE-798: Use of Hard-coded Credentials vulnerability exists. If an attacker were to obtain the TLS cryptographic key and take active control of the Courier tunneling communication network, they could potentially observe and manipulate traffic associated with product configuration...

7.5CVSS9.3AI score0.01054EPSS
Exploits0References1
CVE
CVE
added 2022/02/09 10:5 p.m.76 views

CVE-2022-22813

CVE-2022-22813 describes a CWE-798 hard-coded credentials issue in Schneider Electric Easergy P40 devices, where if an attacker obtains the TLS cryptographic key and takes control of the Courier tunneling/communication network, they could observe and manipulate product configuration traffic. Affe...

9.8CVSS9.3AI score0.01054EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/02/09 12:0 a.m.5 views

PT-2022-6633 · Schneider Electric · Schneider Electric Easergy P40

Name of the Vulnerable Software and Affected Versions: Schneider Electric Easergy P40 affected versions not specified Description: A Use of Hard-coded Credentials issue exists, potentially allowing an attacker to observe and manipulate traffic associated with product configuration if they obtain...

9.8CVSS9.5AI score0.01054EPSS
Exploits0References5
ICS
ICS
added 2022/02/08 12:0 a.m.48 views

Siemens SICAM TOOLBOX II (Update A)

1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SICAM TOOLBOX II Vulnerability: Use of Hard-coded Credentials 2. UPDATE INFORMATION This advisory update is a follow-up to the original advisory titled ICSA-22-041-05 SICAM TOOLBOX II...

6.5CVSS6.6AI score0.00665EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2022/02/07 12:0 a.m.13 views

Mitsubishi Electric Europe B.V. smartRTU and INEA ME-RTU Use of Hard-Coded Credentials (CVE-2019-14930)

An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Undocumented hard-coded user passwords for root, ineaadmin, mitsadmin, and maint could allow an attacker to gain unauthorised access to the RTU. Also, the accounts ineaadmin and mitsadm...

10CVSS8.4AI score0.02343EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2022/02/07 12:0 a.m.53 views

Schneider Electric Modicon M221 PLCs and SoMachine Basic Use of Hard-Coded Cryptographic Key (CVE-2017-7574)

Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded- key vulnerability. The Project Protection feature is used to prevent unauthorized users from opening an XML protected project file, by prompting the user for a password. This XML...

10CVSS7.3AI score0.01243EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2022/02/07 12:0 a.m.27 views

Mitsubishi Electric Europe B.V. smartRTU and INEA ME-RTU Use of Hard-Coded Credentials (CVE-2019-14926)

An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Hard- coded SSH keys allow an attacker to gain unauthorised access or disclose encrypted data on the RTU due to the keys not being regenerated on initial installation or with firmware...

9.8CVSS8.3AI score0.02085EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2022/02/07 12:0 a.m.24 views

Schneider Electric Quantum Ethernet Module Hard-Coded Credentials (CVE-2011-4859)

The Schneider Electric Quantum Ethernet Module, as used in the Quantum 140NOE771 and 140CPU65 modules, the Premium TSXETY and TSXP57 modules, the M340 BMXNOE01 and BMXP3420 modules, and the STB DIO STBNIC2212 and STBNIP2 modules, uses hardcoded passwords for the 1 AUTCSE, 2 AUTCSE, 3 fdrusers, 4...

10CVSS7.4AI score0.0404EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2022/02/07 12:0 a.m.37 views

Rockwell Automation MicroLogix Controllers and RSLogix 500 Software Use of Hard-Coded Cryptographic Key (CVE-2020-6990)

Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic key utilized to help protect the account password is hard coded into the RSLogix 500 binary file...

10CVSS7.4AI score0.04226EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/02/04 11:15 p.m.5 views

CVE-2022-22722

A CWE-798: Use of Hard-coded Credentials vulnerability exists that could result in information disclosure. If an attacker were to obtain the SSH cryptographic key for the device and take active control of the local operational network connected to the product they could potentially observe and...

7.5CVSS7.3AI score0.02371EPSS
Exploits0References2
NVD
NVD
added 2022/02/04 11:15 p.m.16 views

CVE-2022-22722

A CWE-798: Use of Hard-coded Credentials vulnerability exists that could result in information disclosure. If an attacker were to obtain the SSH cryptographic key for the device and take active control of the local operational network connected to the product they could potentially observe and...

7.5CVSS0.02371EPSS
Exploits0References1
OSV
OSV
added 2022/02/04 11:15 p.m.2 views

CVE-2022-22722

A CWE-798: Use of Hard-coded Credentials vulnerability exists that could result in information disclosure. If an attacker were to obtain the SSH cryptographic key for the device and take active control of the local operational network connected to the product they could potentially observe and...

7.5CVSS5.8AI score0.02371EPSS
Exploits0References1
CVE
CVE
added 2022/02/04 10:29 p.m.100 views

CVE-2022-22722

The CVE-2022-22722 vulnerability affects Schneider Electric Easergy P5 (and related P3 issues) with a root cause of hard-coded credentials that could enable an attacker who gains SSH access to observe and manipulate device-config traffic, potentially leading to information disclosure and control ...

7.5CVSS7.4AI score0.02371EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/02/01 12:0 a.m.5 views

Advantech 信任管理问题漏洞

Advantech, an application of Advantech China, provides intelligent electric bus management systems. A trust management issue vulnerability exists in Advantech ADAM-3600, which stems from a hard-coded private key available in the project folder, and can be exploited by an attacker to achieve Web...

9.8CVSS5.6AI score0.01211EPSS
Exploits0References4
ICS
ICS
added 2022/02/01 12:0 a.m.48 views

Advantech ADAM-3600

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Advantech Equipment: ADAM-3600 Vulnerability: Use of Hard-coded Cryptographic Key 2. RISK EVALUATION Successful exploitation of this vulnerability could allow unauthorized access to intercept traffic...

9.8CVSS9.9AI score0.01211EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/01/31 12:0 a.m.3 views

Online Course Registration 信任管理问题漏洞

Online Course Registration is a PHP and MySQL based online course registration system from the PHPGurukul Phpgurukul team. A trust management issue vulnerability exists in Online Course Registration, which stems from hard-coded certificates included in the product source code, and can be exploite...

9.8CVSS8.2AI score0.01451EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/01/31 12:0 a.m.4 views

PrinterLogic Web Stack 信任管理问题漏洞

PrinterLogic Web Stack PrinterLogic Printer Installer is a native web application from PrinterLogic, Inc. Enables It departments to manage and automate the creation/dissemination of Printer Objects and Printer Drivers across print environments from a single management console. A trust management...

9.3CVSS8.5AI score0.05702EPSS
Exploits1References8
ATTACKERKB
ATTACKERKB
added 2022/01/31 12:0 a.m.5 views

CVE-2022-22560

Dell EMC PowerScale OneFS 8.1.x - 9.1.x contain hard coded credentials. This allows a local user with knowledge of the credentials to login as the admin user to the backend ethernet switch of a PowerScale cluster. The attacker can exploit this vulnerability to take the switch offline...

7.1CVSS6AI score0.00176EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder