Schneider Electric InduSoft Web Studio < 7.1.3.4 Multiple Information Disclosures (SEVD-2015-054-01)

Binary data scadaindusoftwebstudioSEVD2015-054-01.nbin...

Pearson ProctorCache contains hard coded credentials

Overview The Pearson ProctorCache software uses a hard coded password for administrative tasks. Description The ProctorCache is designed to cache the testing content, as well as cache the responses and maintain a client list of active test-takers. ProctorCache is a server software package install...

CVE-2015-4136: SSH Authorisation permitted for a user with hard-coded credentials in Windows Stock Image (Windows Server 2012 R2) AMI

In Bamboo 5.8.0 and 5.8.1 the Windows Stock Image Windows Server 2012 R2 AMI contain a 'bamboo' user which is configured with a publicly known password. While the 'bamboo' user is not allowed RDP access it was permitted to login through SSH on instances using the affected AMI. In the event that a...

CVE-2015-4136: SSH Authorisation permitted for a user with hard-coded credentials in Windows Stock Image (Windows Server 2012 R2) AMI

In Bamboo 5.8.0 and 5.8.1 the Windows Stock Image Windows Server 2012 R2 AMI contain a 'bamboo' user which is configured with a publicly known password. While the 'bamboo' user is not allowed RDP access it was permitted to login through SSH on instances using the affected AMI. In the event that a...

Kankun Smart Socket Device and Mobile Application Local Security Bypass Vulnerability

Kankun Smart Socket device is a wireless smart socket. mobile application is a mobile application for wireless smart socket. The Kankun Smart Socket device and mobile application use hard-coded AES 256-bit keys, which allow remote attackers to sniff the network, obtain sensitive information or...

Toshiba Commerce Solutions Retail Software Security Vulnerabilities

Toshiba last week patched a potentially serious vulnerability in its CHEC self-checkout software prevalent in retail locations, while it is still wrangling with another security issue in its point-of-sale offering. The vulnerabilities were reported in August 2014 by David Odell of FishNet Securit...

SysAid Help Desk Hardcoded Key Vulnerability

SysAid Help Desk is a suite of Web-based IT management software. SysAid Help Desk has a built-in hard-coded vulnerability that could be exploited by a remote attacker to gain unauthorized access to the key...

SysAid Help Desk Built-in Password Vulnerability

SysAid Help Desk is a suite of Web-based IT management software. SysAid Help Desk uses a hard-coded password, username: sa, password: Password1, through which remote attackers bypass access restrictions...

Many Drug Pumps Open to Variety of Security Flaws

In April, a security researcher disclosed a litany of severe vulnerabilities in the PCA3 drug-infusion pump manufactured by a company named Hospira. He went so far as to call the pump “the least secure IP enabled device I’ve ever touched in my life.” As it turns out, those same vulnerabilities...

Toshiba CHEC contains a hard-coded cryptographic key

Overview Toshiba CHEC, versions 6.6, 6.7, and possibly earlier, contain a hard-coded cryptographic key. Description CWE-321: Use of Hard-coded Cryptographic Key - CVE-2014-4875Toshiba CHEC, versions 6.6, 6.7, and possibly earlier, contain a hard-coded cryptographic key in the...

EasyIO-30P-SF Hard-Coded Credential Vulnerability

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on August 25, 2015, and is being released to the NCCIC/ICS-CERT web site. Independent researcher Maxim Rupp has identified a hard-coded credential vulnerability in the EasyIO-30P-SF controller. EasyIO has produced a...

Unspecified Vulnerability in LIXIL Corporation My SATIS Genius Toilet Application

LIXIL Corporation My SATIS Genius Toilet application for Android is an Android-based application for controlling the SATIS series of toilets from LIXIL Japan. A security vulnerability exists in the LIXIL Corporation My SATIS Genius Toilet application for Android platform, which arises from the...

SMA Solar Technology AG Sunny WebBox Hard-Coded Account Vulnerability

OVERVIEW This updated advisory is a follow-up to the advisory titled ICSA-15-181-02 SMA Solar Technology AG Sunny WebBox Hard-Coded Account Vulnerability that was published September 3, 2015, on the NCCIC/ICS-CERT web site. Aleksandr Timorin of PT Security has identified a hard-coded account...

Hospira MedNet Hardcoded Key Vulnerability

MedNet manages drug libraries, firmware updates, and configurations for Hospira IV pumps for use in the healthcare and public health sectors. MedNet uses hard-coded keys that allow attackers to intercept encrypted communications from syringe pumps...

Schneider Electric InduSoft Web Studio and InTouch Machine Edition Information Disclosure Vulnerability (CNVD-2015-02059)

Schneider Electric InduSoft Web Studio and InTouch Machine Edition are both an embedded HMI software package from Schneider Electric France. A security vulnerability exists in Schneider Electric InduSoft Web Studio prior to version 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 prior to...

SerVision HVG Security Bypass Vulnerability

SerVision HVG Video Gateway is an intelligent video gateway product from SerVision Israel. A security vulnerability exists in SerVision HVG Video Gateway versions prior to 2.2.26a78, which stems from the program's use of a hard-coded administrator password. A remote attacker can exploit this...

SerVision HVG Video Gateway web interface contains multiple vulnerabilities

Overview SerVision HVG Video Gateway web interface contains multiple vulnerabilities affecting multiple firmware versions. Description CWE-288: Authentication Bypass Using an Alternate Path or Channel, andCWE-284: Improper Access Control - CVE-2015-0929By visiting time.htm, a user is issued a...

Fortinet FortiClient Hardcoded Encryption Keys / Broken SSL Validation

, , . '.' '. ', . , '. , .', , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' =''"''=. presents.. Fortinet FortiClient Multiple Vulnerabilities Affected Versions: Verified on FortiClient iOS v5.2.028 and FortiClient Android 5.2.3.091 PDF:...

Hard-Coded FTP Credentials Found in Schneider Electric SCADA Gateway

The parade of easily exploitable, critical vulnerabilities in ICS software shows no signs of ending anytime soon, with the latest entrant being two flaws in Schneider Electric’s ETG3000 FactoryCast HMI Gateway that allow unauthenticated remote access to the device’s FTP server and configuration...

Barracuda Load Balancer ADC Key Recovery / Password Reset Vulnerabilities

Barracuda Load Balancer ADC with firmware version 5.0.0.015 suffers from multiple security issues. There is an ability to recover the file system encryption keys via simil cold-boot attack, an off-line super user password reset via physical attack, hard-coded credential and hard-coded ssh key...