CVE-2017-7574

Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded-key vulnerability. The Project Protection feature is used to prevent unauthorized users from opening an XML protected project file, by prompting the user for a password. This XML...

Hardcoded credentials

Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded-key vulnerability. The Project Protection feature is used to prevent unauthorized users from opening an XML protected project file, by prompting the user for a password. This XML...

CVE-2017-7574

Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded-key vulnerability. The Project Protection feature is used to prevent unauthorized users from opening an XML protected project file, by prompting the user for a password. This XML...

CVE-2017-7574

Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded-key vulnerability. The Project Protection feature is used to prevent unauthorized users from opening an XML protected project file, by prompting the user for a password. This XML...

CVE-2017-7574

Schneider Electric SoMachine Basic 1.4 SP1 and Modicon TM221CE16R 1.3.3.3 contain a hardcoded cryptographic key used to AES-CBC encrypt project files; the fixed key (SoMachineBasicSoMachineBasicSoMa) cannot be changed, allowing decrypted data to reveal the user password and enable opening/modifyi...

PT-2017-17809

Name of the Vulnerable Software and Affected Versions Schneider Electric SoMachine Basic version 1.4 SP1 Schneider Electric Modicon TM221CE16R version 1.3.3.3 Description The issue concerns a hardcoded-key vulnerability in the Project Protection feature, which is used to prevent unauthorized acce...

Schneider Hardcoded Password

OpenSource Security Ralf Spenneberg Am Bahnhof 3-5 48565 Steinfurt [email protected] OS-S Security Advisory 2017-02 Date: April 4th, 2017 Authors: Simon Heming, Maik BrA1/4ggemann, Hendrik Schwartke, Ralf Spenneberg CVE: not yet assigned CVSS: 10 Affected Device: Schneider SoMachine Basic 1.4 SP1,...

CVE-2016-8754

Huawei OceanStor 5600 V3 V300R003C00 has a hardcoded SSH key vulnerability; the hardcoded keys are used to encrypt communication data and authenticate different nodes of the devices. An attacker may obtain the hardcoded keys and log in to such a device through SSH...

CVE-2016-8754

Huawei OceanStor 5600 V3 V300R003C00 has a hardcoded SSH key vulnerability; the hardcoded keys are used to encrypt communication data and authenticate different nodes of the devices. An attacker may obtain the hardcoded keys and log in to such a device through SSH...

Hardcoded credentials

Huawei OceanStor 5600 V3 V300R003C00 has a hardcoded SSH key vulnerability; the hardcoded keys are used to encrypt communication data and authenticate different nodes of the devices. An attacker may obtain the hardcoded keys and log in to such a device through SSH...

Hardcoded credentials

Huawei PC client software HiSuite 4.0.5.300OVE uses insecure HTTP for upgrade software package download and does not check the integrity of the software package before installing; an attacker can launch an MITM attack to interrupt or replace the downloaded software package and further compromise...

CVE-2016-8754

CVE-2016-8754 affects Huawei OceanStor 5600 V3 V300R003C00. The issue is a hardcoded SSH key vulnerability where public/private keys are stored in the system to encrypt inter-node communication and authenticate devices. An attacker who obtains these hardcoded keys could log in via SSH to the devi...

CVE-2016-8754

Huawei OceanStor 5600 V3 V300R003C00 has a hardcoded SSH key vulnerability; the hardcoded keys are used to encrypt communication data and authenticate different nodes of the devices. An attacker may obtain the hardcoded keys and log in to such a device through SSH...

Hardcoded credentials

An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves nghttp2 before 1.17.0 in the "HTTPProtocol" component. It allows remote HTTP/2 servers to have an...

SICUNET Access Controller Multiple Vulnerabilities

SICUNET Access Controller is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

BEST Mumbai Bus Ticket & Pass - Customized SSL, Exported ContentProvider, Hardcoded secrets vulnerabilities

HackApp vulnerability scanner discovered that application BEST Mumbai Bus Ticket & Pass published at the 'play' market has multiple vulnerabilities...

Empire: Four Kingdoms - Dangerous filesystem permissions, Exported ContentProvider, Hardcoded secrets vulnerabilities

HackApp vulnerability scanner discovered that application Empire: Four Kingdoms published at the 'play' market has multiple vulnerabilities...

SICUNET Access Controller 0.32-05z Code Execution / File Disclosure

SICUNET Physical Access Controller - Multiple Vulnerabilities ------------------------------------------------------------- Introduction ============ Multiple vulnerabilities were identified in the SICUNET Access Controller Products. The vulnerabilities were discovered during a black box security...

SICUNET Access Controller 0.32-05z Code Execution / File Disclosure Vulnerabilities

Exploit for php platform in category web applications SICUNET Physical Access Controller - Multiple Vulnerabilities ------------------------------------------------------------- Introduction ============ Multiple vulnerabilities were identified in the SICUNET Access Controller Products. The...

Hardcoded credentials

The WePresent WiPG-1500 device with firmware 1.0.3.7 has a manufacturer account that has a hardcoded username / password. Once the device is set to DEBUG mode, an attacker can connect to the device using the telnet protocol and log into the device with the 'abarco' hardcoded manufacturer account...