CVE-2016-8361

An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application uses a hard-coded username with no password allowing an attacker into the system without authentication...

CVE-2016-8567

CVE-2016-8567 affects Siemens SICAM PAS prior to version 8.00. A factory account with hard-coded passwords could allow attackers to gain privileged access to the SICAM PAS database via port 2638/TCP. The vulnerability is rated high/critical (CVSS v3 base 9.8) with remote exploitation potential. S...

CVE-2016-5818

CVE-2016-5818 affects Schneider Electric PowerLogic PM8ECC module up to version 2.651. The vulnerability arises from undocumented hard-coded credentials that grant access to the device, enabling remote access to configuration data. Public advisories note a remote-exploit possibility; no widely kn...

BINOM3 Electric Power Quality Meter Hard-Coded Vulnerability

BINOM3 Electric Power Quality Meter is an electrical power quality monitor for SCADA systems from the Russian company BINOM3. A hard-coded vulnerability exists in BINOM3 Electric Power Quality Meter, where users do not have permission to change their passwords...

CVE-2016-8954

IBM dashDB Local uses hard-coded credentials that could allow a remote attacker to gain access to the Docker container or database...

Hardcoded credentials

IBM dashDB Local uses hard-coded credentials that could allow a remote attacker to gain access to the Docker container or database...

CVE-2016-8954

IBM dashDB Local (v1.0.0–v1.3.1) is affected by CVE-2016-8954 due to hard-coded credentials that could allow a remote attacker to access the Docker container or the database. The IBM security bulletin confirms a high-severity flaw (CVSS v3 base 9.8) with remote, unauthenticated access leading to ...

CVE-2016-8954

IBM dashDB Local uses hard-coded credentials that could allow a remote attacker to gain access to the Docker container or database...

[SECURITY] [DLA 795-1] hesiod security update

Package : hesiod Version : 3.0.2-21+deb7u1 CVE IDs : CVE-2016-10151 CVE-2016-10152 Debian Bugs : 852094, 852093 It was discovered that there were two vulnerabilities in hesiod, Project Athenas DNS-based directory service: CVE-2016-10151: A weak SUID check allowing privilege elevation...

IBM dashDB Local Hardcoding Vulnerability

IBM dashDB Local is a next-generation data warehouse storage and analytics solution from IBM USA for use in private clouds, virtual private clouds, and other container-enabled infrastructures. The solution features flexible container delivery, hybrid environment to store data, Spark in-memory bas...

D-Link DGS-1100 Switch Local Hardcoded SSL Certificate Vulnerability

The D-Link DGS-1100 is an Ethernet switch from AUO D-Link. A security vulnerability exists in D-Link DGS-1100 devices using firmware version 1.01.018, which originates from a program using a hard-coded SSL private key. An attacker can exploit the vulnerability by hijacking an HTTPS session to...

FTC: D-Link Failed to Secure Routers, IP Cameras

The Federal Trade Commission acknowledged on Thursday that it takes the security of the so-called internet of things seriously when it leveraged a complaint against one of the more popular router manufacturers. The lawsuit, filed at the U.S. District Court for the Northern District of California,...

SAP Download Manager Information Disclosure Vulnerability

SAP Download Manager is the German SAP SAP company developed a set of Java applications for downloading software packages and support comments. A security vulnerability exists in SAP Download Manager version 2.1.142 and prior versions, which arises from the program's use of a hard-coded encryptio...

PT-2016-2997 · Siemens · Sicam Pas

Name of the Vulnerable Software and Affected Versions: Siemens SICAM PAS versions prior to 8.00 Description: The issue is related to a factory account with hard-coded passwords in SICAM PAS installations. This could allow attackers to gain privileged access to the database over Port 2638/TCP. The...

Advantech SUSIAccess Server Local Elevation of Privilege Vulnerability

SUSIAccess is an easy-to-use remote device management software solution. A local elevation of privilege vulnerability exists in Advantech SUSIAccess Server. Since the admin password is stored on the system and encrypted using a hard-coded static key in the program. An attacker can exploit the...

IBM BigFix Remote Controll Local Information Disclosure Vulnerability

IBM BigFix Remote Control is a set of remote control systems from IBM in the United States. A security vulnerability exists in IBM BigFix Remote Control 9.1.2 and earlier versions. A local attacker could exploit the vulnerability to discover hard-coded credentials...

SIEMENS SICAM PAS Arbitrary File Access Vulnerability

SICAM PAS is an energy automation solution for the operation of substation equipment. It has open communication interfaces for power system control and control of industrial power supply equipment. An arbitrary file access vulnerability exists in SIEMENS SICAM PAS. Due to the use of hard-coded...

Siemens SICAM PAS Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-16-336-01 Siemens SICAM PAS Vulnerabilities that was published December 1, 2016, on the NCCIC/ICS-CERT web site. Siemens has released an advisory to inform its users on how to mitigate vulnerabilities that affect...

Crestron AM-100 1.2.1 Path Traversal / Hard-Coded Credentials

================================================================= Crestron AM-100 Multiple Vulnerabilities ================================================================= Date: 2016-08-01 Exploit Author: Zach Lanier Vendor Homepage: https://www.crestron.com/products/model/am-100 Version:...

AMX Multiple Products Credential Management Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-16-049-02 AMX Multiple Products Credential Management Vulnerabilities that was published February 18, 2016, on the NCCIC/ICS-CERT web site. --------- Begin Update A Part 1 of 2 -------- ICS-CERT has become aware of...