Lucene search
K

7572 matches found

Vulnrichment
Vulnrichment
added 2022/07/26 10:11 p.m.24 views

CVE-2022-30271

The Motorola ACE1000 RTU through 2022-05-02 ships with a hardcoded SSH private key and initialization scripts such as /etc/init.d/sshdservice only generate a new key if no private-key file exists. Thus, this hardcoded key is likely to be used by default...

6.8AI score0.00835EPSS
Exploits0References2
CVE
CVE
added 2022/07/26 10:11 p.m.91 views

CVE-2022-30271

The CVE-2022-30271 entry concerns Motorola Solutions ACE1000 RTU (through 2022-05-02) shipping with a hardcoded SSH private key. Red Hat and CISA advisories confirm the root cause: the initialization scripts (e.g., /etc/init.d/sshd_service) do not generate a new key if a private-key file exists, ...

9.8CVSS9.3AI score0.00835EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/07/26 10:11 p.m.28 views

CVE-2022-30271

The Motorola ACE1000 RTU through 2022-05-02 ships with a hardcoded SSH private key and initialization scripts such as /etc/init.d/sshdservice only generate a new key if no private-key file exists. Thus, this hardcoded key is likely to be used by default...

9.6AI score0.00835EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/07/26 10:6 p.m.20 views

CVE-2022-30274

The Motorola ACE1000 RTU through 2022-05-02 uses ECB encryption unsafely. It can communicate with an XRT LAN-to-radio gateway by means of an embedded client. Credentials for accessing this gateway are stored after being encrypted with the Tiny Encryption Algorithm TEA in ECB mode using a hardcode...

9.7AI score0.00519EPSS
Exploits0References2
CVE
CVE
added 2022/07/26 10:6 p.m.85 views

CVE-2022-30274

The CVE-2022-30274 vulnerability affects the Motorola ACE1000 RTU (up to 2022-05-02). Root cause: use of TEA in ECB mode with a hardcoded key to protect credentials for the XRT LAN-to-radio gateway and for authenticating to the XNL port, enabling potential manipulation of device configuration. Do...

9.8CVSS9.4AI score0.00519EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/07/26 9:42 p.m.68 views

CVE-2022-29953

The CVE-2022-29953 entry concerns the Bently Nevada 3700 series condition monitoring equipment. A maintenance interface on port 4001/TCP uses undocumented, hardcoded credentials, allowing an attacker who can reach the interface to take over its functionality. Affected products include Bently Neva...

9.8CVSS9.2AI score0.00811EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/07/26 9:42 p.m.32 views

CVE-2022-29953

The Bently Nevada 3700 series of condition monitoring equipment through 2022-04-29 has a maintenance interface on port 4001/TCP with undocumented, hardcoded credentials. An attacker capable of connecting to this interface can thus trivially take over its functionality...

9.6AI score0.00811EPSS
Exploits0References2
CVE
CVE
added 2022/07/26 9:14 p.m.84 views

CVE-2022-29960

CVE-2022-29960 affects Emerson OpenBSI (engineering environment for ControlWave/Bristol Babcock RTUs) through 2022-04-29. The root cause is the use of DES with hardcoded cryptographic keys to protect system credentials, engineering files, and sensitive utilities. Exploitation requires local acces...

5.5CVSS5.5AI score0.00425EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2022/07/26 9:14 p.m.33 views

CVE-2022-29964

The Emerson DeltaV Distributed Control System DCS controllers and IO cards through 2022-04-29 misuse passwords. WIOC SSH provides access to a shell as root, DeltaV, or backup via hardcoded credentials. NOTE: this is different from CVE-2014-2350...

5.6AI score0.00226EPSS
Exploits0References2
CVE
CVE
added 2022/07/26 9:14 p.m.193 views

CVE-2022-29964

Summary of the CVE-2022-29964 family (Emerson DeltaV DCS): The vulnerabilities involve misuse of passwords in DeltaV controllers and IO cards up to 2022-04-29. Specifically, WIOC SSH provides a root/DeltaV/backup shell via hardcoded credentials, enabling local access. The issue affects S-series, ...

5.5CVSS5.2AI score0.00226EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/07/26 9:14 p.m.107 views

CVE-2022-29963

Emerson DeltaV DCS and IO cards (S-series, P-series, CIOC/EIOC) up to 2022-04-29 are affected by CVE-2022-29963 due to hardcoded passwords enabling TELNET access on port 18550, yielding a root shell on vulnerable nodes. Root cause: misuse of passwords with static credentials. Impact is local (L) ...

5.5CVSS5.2AI score0.00226EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/07/25 9:15 p.m.13 views

Hardcoded credentials

A hard-coded cryptographic key is used in FileWave before 14.6.3 and 14.7.x before 14.7.2. Exploitation could allow an unauthenticated actor to decrypt sensitive information saved in FileWave, and even send crafted requests...

5CVSS7.4AI score0.1053EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2022/07/25 2:15 p.m.18 views

Hardcoded credentials

Inappropriate implementation in full screen in Google Chrome on Android prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...

4.3CVSS4.8AI score0.00611EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2022/07/25 2:15 p.m.26 views

Hardcoded credentials

Inappropriate implementation in compositing in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...

4.3CVSS4.8AI score0.00611EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2022/07/23 12:15 a.m.20 views

Hardcoded credentials

Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 100.0.4896.60 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...

4.3CVSS6AI score0.00688EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/07/22 12:0 a.m.25 views

Hardcoded JWT Token in Lin CMS Spring Boot

An access control issue in Lin CMS Spring Boot v0.2.1 allows attackers to access the backend information and functions within the application...

7.5CVSS6.7AI score0.03634EPSS
Exploits1References4Affected Software1
Packet Storm
Packet Storm
added 2022/07/22 12:0 a.m.294 views

Backdoor.Win32.Eclipse.h MVID-2022-0625 Hardcoded Credential

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/8b470931114527b4dce42034a95ebf46.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Eclipse.h Vulnerability: Weak Hardcoded Credentials Family: Eclipse Type:...

7.4AI score
Exploits0
NCSC
NCSC
added 2022/07/21 12:0 a.m.2 views

Vulnerability fixed in Confluence

A vulnerability has been fixed in Questions for Confluence, a plug-in for Confluence. An unauthenticated outside malicious person could exploit the exploit the vulnerability to see all pages of information that are visible to users within the Confluence Users user group. This is because of the us...

9.8CVSS6.7AI score0.9817EPSS
Exploits1
OSV
OSV
added 2022/07/20 6:15 p.m.3 views

CVE-2022-26138

The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit...

9.8CVSS7.5AI score0.9817EPSS
Exploits1References3
NVD
NVD
added 2022/07/20 6:15 p.m.27 views

CVE-2022-26138

The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit...

9.8CVSS0.9817EPSS
Exploits1References3
Rows per page
Query Builder