7572 matches found
CVE-2022-30271
The Motorola ACE1000 RTU through 2022-05-02 ships with a hardcoded SSH private key and initialization scripts such as /etc/init.d/sshdservice only generate a new key if no private-key file exists. Thus, this hardcoded key is likely to be used by default...
CVE-2022-30271
The CVE-2022-30271 entry concerns Motorola Solutions ACE1000 RTU (through 2022-05-02) shipping with a hardcoded SSH private key. Red Hat and CISA advisories confirm the root cause: the initialization scripts (e.g., /etc/init.d/sshd_service) do not generate a new key if a private-key file exists, ...
CVE-2022-30271
The Motorola ACE1000 RTU through 2022-05-02 ships with a hardcoded SSH private key and initialization scripts such as /etc/init.d/sshdservice only generate a new key if no private-key file exists. Thus, this hardcoded key is likely to be used by default...
CVE-2022-30274
The Motorola ACE1000 RTU through 2022-05-02 uses ECB encryption unsafely. It can communicate with an XRT LAN-to-radio gateway by means of an embedded client. Credentials for accessing this gateway are stored after being encrypted with the Tiny Encryption Algorithm TEA in ECB mode using a hardcode...
CVE-2022-30274
The CVE-2022-30274 vulnerability affects the Motorola ACE1000 RTU (up to 2022-05-02). Root cause: use of TEA in ECB mode with a hardcoded key to protect credentials for the XRT LAN-to-radio gateway and for authenticating to the XNL port, enabling potential manipulation of device configuration. Do...
CVE-2022-29953
The CVE-2022-29953 entry concerns the Bently Nevada 3700 series condition monitoring equipment. A maintenance interface on port 4001/TCP uses undocumented, hardcoded credentials, allowing an attacker who can reach the interface to take over its functionality. Affected products include Bently Neva...
CVE-2022-29953
The Bently Nevada 3700 series of condition monitoring equipment through 2022-04-29 has a maintenance interface on port 4001/TCP with undocumented, hardcoded credentials. An attacker capable of connecting to this interface can thus trivially take over its functionality...
CVE-2022-29960
CVE-2022-29960 affects Emerson OpenBSI (engineering environment for ControlWave/Bristol Babcock RTUs) through 2022-04-29. The root cause is the use of DES with hardcoded cryptographic keys to protect system credentials, engineering files, and sensitive utilities. Exploitation requires local acces...
CVE-2022-29964
The Emerson DeltaV Distributed Control System DCS controllers and IO cards through 2022-04-29 misuse passwords. WIOC SSH provides access to a shell as root, DeltaV, or backup via hardcoded credentials. NOTE: this is different from CVE-2014-2350...
CVE-2022-29964
Summary of the CVE-2022-29964 family (Emerson DeltaV DCS): The vulnerabilities involve misuse of passwords in DeltaV controllers and IO cards up to 2022-04-29. Specifically, WIOC SSH provides a root/DeltaV/backup shell via hardcoded credentials, enabling local access. The issue affects S-series, ...
CVE-2022-29963
Emerson DeltaV DCS and IO cards (S-series, P-series, CIOC/EIOC) up to 2022-04-29 are affected by CVE-2022-29963 due to hardcoded passwords enabling TELNET access on port 18550, yielding a root shell on vulnerable nodes. Root cause: misuse of passwords with static credentials. Impact is local (L) ...
Hardcoded credentials
A hard-coded cryptographic key is used in FileWave before 14.6.3 and 14.7.x before 14.7.2. Exploitation could allow an unauthenticated actor to decrypt sensitive information saved in FileWave, and even send crafted requests...
Hardcoded credentials
Inappropriate implementation in full screen in Google Chrome on Android prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...
Hardcoded credentials
Inappropriate implementation in compositing in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...
Hardcoded credentials
Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 100.0.4896.60 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...
Hardcoded JWT Token in Lin CMS Spring Boot
An access control issue in Lin CMS Spring Boot v0.2.1 allows attackers to access the backend information and functions within the application...
Backdoor.Win32.Eclipse.h MVID-2022-0625 Hardcoded Credential
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/8b470931114527b4dce42034a95ebf46.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Eclipse.h Vulnerability: Weak Hardcoded Credentials Family: Eclipse Type:...
Vulnerability fixed in Confluence
A vulnerability has been fixed in Questions for Confluence, a plug-in for Confluence. An unauthenticated outside malicious person could exploit the exploit the vulnerability to see all pages of information that are visible to users within the Confluence Users user group. This is because of the us...
CVE-2022-26138
The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit...
CVE-2022-26138
The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit...