Baxter ExactaMix (Update A)

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Baxter Equipment: Baxter ExactaMix EM 2400 & EM 1200 Vulnerabilities: Use of Hard-coded Password, Cleartext Transmission of Sensitive Data, Missing Encryption of Sensitive Data, Improper Access...

Baxter Sigma Spectrum Infusion Pumps (Update B)

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Baxter Equipment: Sigma Spectrum Infusion Pumps Vulnerabilities: Use of Hard-coded Password, Cleartext Transmission of Sensitive Data, Incorrect Permission Assignment for Critical Resource, Operation on...

Schneider Electric Unity Loader and OS Loader Software Trust Management Issues Vulnerability

Schneider Electric Unity Loader and OS Loader Software are both products of Schneider Electric, France.Unity Loader is a data exchange utility program.OS Loader Software is a system loading utility program. A trust management issue vulnerability exists in Schneider Electric Unity Loader and OS...

The vulnerability of the management console for the service mesh based on Kiali in Istio, related to the use of a hard-coded encryption key, allows attackers to escalate their privileges.

The vulnerability of the management console for the Istio Kiali service mesh is related to the use of a strictly encrypted encryption key. Exploiting this vulnerability allows an attacker to enhance their privileges by creating self-signed access tokens...

CVE-2020-9289

Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below, FortiAnalyzer 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of the hard-coded key...

CVE-2020-7501

A CWE-798: Use of Hard-coded Credentials vulnerability exists in Vijeo Designer Basic V1.1 HotFix 16 and prior and Vijeo Designer V6.2 SP9 and prior which could cause unauthorized read and write when downloading and uploading project or firmware into Vijeo Designer Basic and Vijeo Designer...

CVE-2020-7498

A CWE-798: Use of Hard-coded Credentials vulnerability exists in the Unity Loader and OS Loader Software all versions. The fixed credentials are used to simplify file transfer. Today the use of fixed credentials is considered a vulnerability, which could cause unauthorized access to the file...

CVE-2020-7501

A CWE-798: Use of Hard-coded Credentials vulnerability exists in Vijeo Designer Basic V1.1 HotFix 16 and prior and Vijeo Designer V6.2 SP9 and prior which could cause unauthorized read and write when downloading and uploading project or firmware into Vijeo Designer Basic and Vijeo Designer...

Hardcoded credentials

A CWE-798: Use of Hard-coded Credentials vulnerability exists in the Unity Loader and OS Loader Software all versions. The fixed credentials are used to simplify file transfer. Today the use of fixed credentials is considered a vulnerability, which could cause unauthorized access to the file...

Hardcoded credentials

A CWE-798: Use of Hard-coded Credentials vulnerability exists in Vijeo Designer Basic V1.1 HotFix 16 and prior and Vijeo Designer V6.2 SP9 and prior which could cause unauthorized read and write when downloading and uploading project or firmware into Vijeo Designer Basic and Vijeo Designer...

CVE-2020-9289

Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below, FortiAnalyzer 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of the hard-coded key...

CVE-2020-7501

CVE-2020-7501 affects Schneider Electric’s Vijeo Designer Basic (V1.1 HotFix 16 and earlier) and Vijeo Designer (V6.2 SP9 and earlier). The vulnerability is a CWE-798 hard-coded credentials issue that could enable unauthorized read and write during project or firmware download/upload operations i...

CVE-2020-7501

A CWE-798: Use of Hard-coded Credentials vulnerability exists in Vijeo Designer Basic V1.1 HotFix 16 and prior and Vijeo Designer V6.2 SP9 and prior which could cause unauthorized read and write when downloading and uploading project or firmware into Vijeo Designer Basic and Vijeo Designer...

CVE-2020-7498

A CWE-798: Use of Hard-coded Credentials vulnerability exists in the Unity Loader and OS Loader Software all versions. The fixed credentials are used to simplify file transfer. Today the use of fixed credentials is considered a vulnerability, which could cause unauthorized access to the file...

CVE-2020-7498

The CVE-2020-7498 entry concerns Schneider Electric Unity Loader and OS Loader Software (all versions) with a CWE-798 issue: the use of hard-coded credentials to simplify file transfers. This root cause means an attacker could potentially gain unauthorized access to the file transfer service used...

Security Bulletin: IBM Spectrum Protect Plus is vulnerable to authentication bypass (CVE-2020-4216)

Summary IBM Spectrum Protect Plus is vulnerable to authentication bypass due to use of hard-coded credentials. Vulnerability Details CVEID: CVE-2020-4216 DESCRIPTION: IBM Spectrum Protect Plus contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own...

CVE-2020-4216

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 175066...

CVE-2020-4216

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 175066...

Hardcoded credentials

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 175066...

CVE-2020-4216

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 175066...