CVE-2019-6548

GE Communicator is affected by CVE-2019-6548: all versions before 4.0.517 contain two backdoor accounts with hardcoded credentials that could allow control over the database. Impact is stated as high (C/H/I/H/A/H) with potential remote exploitation per public advisories. The remediation is to upg...

CVE-2019-6548

GE Communicator, all versions prior to 4.0.517, contains two backdoor accounts with hardcoded credentials, which may allow control over the database. This service is inaccessible to attackers if Windows default firewall settings are used by the end user...

PT-2019-18160 · Ge · Ge Communicator

Name of the Vulnerable Software and Affected Versions: GE Communicator versions prior to 4.0.517 Description: The issue concerns the presence of two backdoor accounts with hardcoded credentials in the software, potentially allowing control over the database. However, if the default Windows firewa...

GE Multilink Switches < 5.5.0 Hardcoded Credentials

Binary data 720079.prm...

Yokogawa STARDOM Controllers < R4.02 Hardcoded Credentials

Binary data 720135.prm...

Yokogawa STARDOM Controllers <= R4.10 Hardcoded Credentials

Binary data 720137.prm...

Emerson Multiple RTUs Hardcoded Credentials Storage

Binary data 720176.prm...

Schneider Electric PowerLogic PM8ECC < 2.651 Hardcoded Credentials

Binary data 720085.prm...

Schneider Electric Modicon Multiple Controllers Hardcoded Credentials

Binary data 720149.prm...

Schneider Electric ETG3000 FactoryCast HMI Gateway <= 1.60 IR 04 Hardcoded Credentials

Binary data 720157.prm...

Hardcoded credentials

A vulnerability in the Trusted Platform Module TPM functionality of software for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure ACI mode could allow an unauthenticated, local attacker with physical access to view sensitive information on an affected device. The...

CVE-2017-18373

The Billion 5200W-T TCLinux Fw $7.3.8.0 v008 130603 router distributed by TrueOnline has three user accounts with default passwords, including two hardcoded service accounts: one with the username true and password true, and another with the username user3 and and a long password consisting of a...

Hardcoded credentials

The Upgrade-Insecure-Requests UIR specification states that if UIR is enabled through Content Security Policy CSP, navigation to a same-origin URL must be upgraded to HTTPS. Firefox will incorrectly navigate to an HTTP URL rather than perform the security upgrade requested by the CSP in some...

Hardcoded credentials

SmarterTools SmarterMail 16.x before build 6985 has hardcoded secret keys. An unauthenticated attacker could access other users’ emails and file attachments. It was also possible to interact with mailing lists...

Hardcoded credentials

VVX products with software versions including and prior to, UCS 5.9.2 with Better Together over Ethernet Connector BToE application 3.9.1, use hard-coded credentials to establish connections between the host application and the device...

Hardcoded credentials

A hard-link created from log file archive of Check Point ZoneAlarm up to 15.4.062 or Check Point Endpoint Security client for Windows before E80.96 to any file on the system will get its permission changed so that all users can access that linked file. Doing this on files with limited access gain...

Hardcoded credentials

A hard-link created from the log file of Check Point ZoneAlarm up to 15.4.062 to any file on the system will get its permission changed so that all users can access that linked file. Doing this on files with limited access gains the local attacker higher privileges to the file...

Hardcoded credentials

DASAN H660RM devices with firmware 1.03-0022 use a hard-coded key for logs encryption. Data stored using this key can be decrypted by anyone able to access this key...

Hardcoded credentials

An issue was discovered on Glory RBW-100 devices with firmware ISP-K05-02 7.0.0. A hard-coded username and password were identified that allow a remote attacker to gain admin access to the Front Circle Controller web interface...

Hardcoded credentials

AxiomSL's Axiom Google Web Toolkit module 9.5.3 and earlier allows remote attackers to inject HTML into the scoping dashboard features...