PT-2022-8946 · Unknown · Dairy Farm Shop Management System

Name of the Vulnerable Software and Affected Versions: Dairy Farm Shop Management System version 1.0 Description: The issue concerns hardcoded credentials in the source code, allowing attackers to access the control panel if compromised. Recommendations: For Dairy Farm Shop Management System...

PT-2022-5106 · Moxa · Moxa Mxview

Name of the Vulnerable Software and Affected Versions: Moxa MXView version 3.2.4 Description: The issue is related to the use of hardcoded credentials in the web interface of Moxa MXView, allowing a remote attacker to gain full access to the device by sending a specially crafted HTTP request. Thi...

in gravitl/netmaker

Description Netmaker is an applicaton that enable easly deployment of a mesh vpn based on Wiregaurd. To authenticate and manage users throughout the application, it is used JWT tokens. The secret key used to sign these tokens is hard-coded in the code, which means they can be faked. So, an attack...

Hardcoded credentials

Due to improper HTML encoding in input control summary, an authorized attacker can execute XSS vulnerability in SAP Business Objects Web Intelligence BI Launchpad - version 420...

CVE-2021-42833

A Use of Hardcoded Credentials vulnerability exists in AquaView versions 1.60, 7.x, and 8.x that could allow an authenticated local attacker to manipulate users and system settings...

CVE-2021-42833

A Use of Hardcoded Credentials vulnerability exists in AquaView versions 1.60, 7.x, and 8.x that could allow an authenticated local attacker to manipulate users and system settings...

CVE-2021-42833

The CVE-2021-42833 vulnerability affects Xylem AquaView SCADA, specifically AquaView versions 1.60, 7.x, and 8.x. The root cause is hard-coded credentials, enabling an authenticated local attacker to manipulate users and system settings. Public disclosures from CISA/ICS indicate the vulnerability...

CVE-2021-42833 Use of hardcoded credentials impacting AquaView versions 1.60, 7.x, 8.x

A Use of Hardcoded Credentials vulnerability exists in AquaView versions 1.60, 7.x, and 8.x that could allow an authenticated local attacker to manipulate users and system settings...

Emerson DeltaV Credentials Management Errors (CVE-2014-2350)

Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 uses hardcoded credentials for diagnostic services, which allows remote attackers to bypass intended access restrictions via a TCP session, as demonstrated by a session that uses the telnet program. This plugin only works with Tenable.ot. Please visit...

Emerson OSE Credentials Management Errors (CVE-2013-0694)

The Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier have hardcoded credentials in a ROM, which makes it easier for remote attackers to obtain shell access to the underlying OS by...

Saia PCDx Credentials Management Errors (CVE-2015-7911)

Saia Burgess PCD1.M0xx0, PCD1.M2xx0, PCD2.M5xx0, PCD3.Mxx60, PCD3.Mxxx0, PCD7.D4xxD, PCD7.D4xxV, PCD7.D4xxWTPF, and PCD7.D4xxxT5F devices before 1.24.50 and PCD3.T665 and PCD3.T666 devices before 1.24.41 have hardcoded credentials, which allows remote attackers to obtain administrative access via...

CVE-2022-22987

The affected product has a hardcoded private key available inside the project folder, which may allow an attacker to achieve Web Server login and perform further actions...

CVE-2022-22987

The affected product has a hardcoded private key available inside the project folder, which may allow an attacker to achieve Web Server login and perform further actions...

Hardcoded credentials

A CWE-798: Use of Hard-coded Credentials vulnerability exists that could result in information disclosure. If an attacker were to obtain the SSH cryptographic key for the device and take active control of the local operational network connected to the product they could potentially observe and...

Hardcoded credentials

The affected product has a hardcoded private key available inside the project folder, which may allow an attacker to achieve Web Server login and perform further actions...

CVE-2022-22987 Advantech ADAM-3600

The affected product has a hardcoded private key available inside the project folder, which may allow an attacker to achieve Web Server login and perform further actions...

CVE-2022-22987 Advantech ADAM-3600

The affected product has a hardcoded private key available inside the project folder, which may allow an attacker to achieve Web Server login and perform further actions...

CVE-2022-22987

CVE-2022-22987 affects Advantech ADAM-3600 (e.g., up to version 2.6.2) where a hard-coded private key in the project folder enables Web Server login and further actions. Technical detail: use of a hard-coded cryptographic key (CWE-321). Impact as described: attacker could gain unauthorized access...

Hardcoded credentials

This affects the package putil-merge before 3.8.0. The merge function does not check the values passed into the argument. An attacker can supply a malicious value by adjusting the value to include the constructor property. Note: This vulnerability derives from an incomplete fix in...

Backdoor.Win32.Wollf.m Weak Hardcoded Password

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/f375f6569e146e432e23589b8f112165.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Wollf.m Vulnerability: Weak Hardcoded Password Description: The malware runs with...