CVE-2020-6985

In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, these devices use a hard-coded service code for access to the console...

CVE-2020-6985

In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, these devices use a hard-coded service code for access to the console...

CVE-2020-6983

In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the affected products use a hard-coded cryptographic key, which increases the possibility that confidential data can be recovered...

CVE-2020-6985

In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, these devices use a hard-coded service code for access to the console...

CVE-2020-6985

CVE-2020-6985 affects Moxa PT-7528 and PT-7828 Ethernet switches: firmware versions PT-7528 ≤ 4.0 and PT-7828 ≤ 3.9 expose a hard-coded service code for console access. The Red Hat and NVD entries, plus the ICS advisory, confirm a remote-exploitation risk with high-impact vectors (remote, no user...

CVE-2020-6983

In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the affected products use a hard-coded cryptographic key, which increases the possibility that confidential data can be recovered...

CVE-2020-8868

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest Foglight Evolve 9.0.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the service user account. The product contains a hard-coded password for thi...

Hackers Actively Exploit 0-Day in CCTV Camera Hardware

Multiple zero-day vulnerabilities were actively being exploited in CCTV security cameras manufactured by Taiwan-based LILIN, researchers found. The company, an IP video solution provider, was being targeted by hackers hijacking the company’s DVR hardware. Once commandeered, hackers then planted...

CVE-2020-8868

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest Foglight Evolve 9.0.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the service user account. The product contains a hard-coded password for thi...

Multiple DDoS Botnets Exploited 0-Day Flaws in LILIN DVR Surveillance Systems

Multiple zero-day vulnerabilities in digital video recorders DVRs for surveillance systems manufactured by Taiwan-based LILIN have been exploited by botnet operators to infect and co-opt vulnerable devices into a family of denial-of-service bots. The findings come from Chinese security firm Qihoo...

Containous Traefik Trust Management Issues Vulnerability

Containous Traefik is a reverse proxy and load balancer from Containous USA. A trust management issue vulnerability exists in Containous Traefik version 2.x prior to 2.1.4 and TraefikEE version 2.0.0. The vulnerability stems from the lack of an effective trust management mechanism in a networked...

RICOH SP C250DN Trust Management Issues Vulnerability

The RICOH SP C250DN is a printer from the Japanese company Ricoh RICOH. A security vulnerability exists in the Ricoh SP C250DN version 1.05, which originates from the presence of hard-coded FTP service credentials in the printer firmware. The vulnerability can be exploited by an attacker to acces...

Citrix Systems SD-WAN Trust Management Issue Vulnerability

Citrix Systems SD-WAN is a suite of software-defined WAN solutions from Citrix Systems USA. A vulnerability with trust management issues exists in Citrix Systems SD-WAN versions 10.2.x prior to 10.2.6 and 11.0.x prior to 11.0.3. The vulnerability stems from the lack of an effective trust manageme...

CVE-2020-6990

Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic key utilized to help protect the account password is hard coded into the RSLogix 500 binary file...

Quest Foglight Evolve CommandLineService Use of Hard-coded Credentials Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest Foglight Evolve. Authentication is not required to exploit this vulnerability. The specific flaw exists within the service user account. The product contains a hard-coded password for this...

CVE-2019-5106

A hard-coded encryption key vulnerability exists in the authentication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to communications between e!Cockpit and CoDeSyS Gateway can trivially recover the password of any user attempting to log in, in plain text...

Multiple Rockwell Automation Products Trust Management Issue Vulnerabilities

Rockwell Automation MicroLogix 1400 Controllers Series A and so on are the products of Rockwell Automation, Inc.Rockwell Automation MicroLogix 1400 Controllers Series A is a programmable logic controller.MicroLogix 1100 Controllers is a programmable logic controller.RSLogix 500 Software is a set ...

CVE-2019-5106

A hard-coded encryption key vulnerability exists in the authentication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to communications between e!Cockpit and CoDeSyS Gateway can trivially recover the password of any user attempting to log in, in plain text...

Rockwell Automation MicroLogix Controllers and RSLogix 500 Software

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: MicroLogix 1400 Controllers, MicroLogix 1100 Controllers, and RSLogix 500 Software Vulnerabilities: Use of Hard-coded Cryptographic Key, Use of a Broken or Risky...

Unspecified Vulnerability in IBM Security Information Queue

IBM Security Information Queue is a data integration product from IBM USA. The product utilizes Kafka technology and a publish-subscribe model to integrate data between IBM security products. A security vulnerability exists in IBM Security Information Queue ISIQ that stems from the program's use ...