EUVD-2026-32505

IBM Operations Analytics - Log Analysis and IBM SmartCloud Analytics - Log Analysis uses default passwords default passwords from the manufacturing process for use during the installation process, which could allow an attacker to bypass authentication...

PT-2026-43983

Name of the Vulnerable Software and Affected Versions IBM Operations Analytics - Log Analysis affected versions not specified IBM SmartCloud Analytics - Log Analysis affected versions not specified Description These products use default passwords from the manufacturing process during the...

Multiple Brother Devices: Multiple Vulnerabilities (FIXED)

Overview Update June 25, 2025: Update statistics to reflect an additional 6 affected models from Konica Minolta, Inc. Rapid7 conducted a zero-day research project into multifunction printers MFP from Brother Industries, Ltd. This research resulted in the discovery of 8 new vulnerabilities. Some o...

Are hardware supply chain attacks “cyber attacks?”

The recent attacks in the Middle East triggering explosions on pagers has raised new fears around physical hardware supply chain attacks. In cybersecurity, we typically consider supply chain attacks to target software, in which adversaries infect a legitimate tool with a malicious, fake update th...

Cisco IP Phones Duplicate Key (CVE-2022-20817)

A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user's phone if the Cisco Unified Communications Manager CUCM is in secure mode. This vulnerability is due to improper key generation during the manufacturing process that could resul...

Siemens SENTRON 7KM PAC3x20 Devices Improper Access Control Vulnerability

SENTRON PAC Meter products are power measurement devices for precise energy management and transparent information acquisition. An improper access control vulnerability exists in the Siemens SENTRON 7KM PAC3x20 Devices due to read protection not being properly set on the internal flash memory of...

CVE-2022-3431

A potential vulnerability in a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable...

K15511932: F5 statement about Super Micro hardware compromise

Security Advisory Description F5 is aware of the reports of the alleged Super Micro Supermicro hardware compromise. F5 does not use Super Micro boards in any of our BIG-IP, BIG-IQ, Enterprise Manager, ARX, FirePass, or VIPRION hardware. F5 designs our own boards and controls the manufacturing tes...

Design/Logic Flaw

A potential vulnerability in a driver used during manufacturing process on the Ideapad Y700-14ISK that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable...

CVE-2022-3432

A potential vulnerability in a driver used during manufacturing process on the Ideapad Y700-14ISK that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable...

CVE-2022-3432

CVE-2022-3432 concerns a Lenovo Ideapad Y700-14ISK UEFI/driver issue where a manufacturing-time driver not deactivated could let an attacker with elevated privileges modify an NVRAM variable to disable or undermine Secure Boot. The vulnerability is described across multiple sources (NVD, Red Hat,...

Design/Logic Flaw

A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user's phone if the Cisco Unified Communications Manager CUCM is in secure mode. This vulnerability is due to improper key generation during the manufacturing process that could resul...

CVE-2022-20817 Cisco IP Phone Duplicate Key Vulnerability

A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user's phone if the Cisco Unified Communications Manager CUCM is in secure mode. This vulnerability is due to improper key generation during the manufacturing process that could resul...

CVE-2022-20817 Cisco IP Phone Duplicate Key Vulnerability

A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user's phone if the Cisco Unified Communications Manager CUCM is in secure mode. This vulnerability is due to improper key generation during the manufacturing process that could resul...

Cisco IP Phone Duplicate Key Vulnerability

A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user's phone if the Cisco Unified Communications Manager CUCM is in secure mode. This vulnerability is due to improper key generation during the manufacturing process that could resul...

Cisco Unified IP Phones 安全特征问题漏洞

Cisco Unified IP Phones is a series of IP phones from Cisco, U.S.A. A security feature issue vulnerability exists in Cisco Unified IP Phones, which stems from the failure to properly generate keys during the manufacturing process resulting in the installation of duplicate manufacturing keys on...

Design/Logic Flaw

A potential vulnerability by a driver used during manufacturing process on some consumer Lenovo Notebook devices' BIOS that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable...

CVE-2021-3972

A potential vulnerability by a driver used during manufacturing process on some consumer Lenovo Notebook devices' BIOS that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable...

Gerbv RS-274X aperture macro outline primitive integer overflow vulnerability

Summary An integer overflow vulnerability exists in the RS-274X aperture macro outline primitive functionality of Gerbv 2.7.0 and dev commit b5f1eacd and the forked version of Gerbv commit 71493260. A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious fi...

Integrated circuits can be compromised using Undetectable hardware Trojans

A team of researchers from the U.S. and Europe has developed a Hardware Trojan, which is an undetectable to many techniques, raising the question on need of proper hardware qualification. They released a paper on stealthy Dopant-Level Hardware Trojans, showing how integrated circuits used in...