68 matches found
CVE-2023-41095
Silicon Labs OpenThread SDK (32-bit ARM, SecureVault High modules) is affected by CVE-2023-41095 due to missing encryption of security keys. The vulnerability could allow modification or extraction of network credentials stored in flash. Affected versions: 2.3.1 and earlier. Root cause: lack of e...
PT-2023-27782 · Silicon · Silicon Labs Ember Znet Sdk
Name of the Vulnerable Software and Affected Versions: Silicon Labs Ember ZNet SDK versions 7.3.1 and earlier Description: The issue allows potential modification or extraction of network credentials stored in flash due to missing encryption of security keys in the Silicon Labs Ember ZNet SDK on...
Silicon Labs OpenThread SDK Security Vulnerability
Silicon Labs OpenThread SDK is a software development kit from Silicon Labs, Inc. that supports the development and deployment of the Thread protocol. A security vulnerability exists in the Silicon Labs OpenThread SDK that stems from the presence of a security key missing encryption vulnerability...
Silicon Labs OpenThread SDK Security Vulnerability
Silicon Labs OpenThread SDK is a software development kit from Silicon Labs, Inc. that supports the development and deployment of the Thread protocol. A security vulnerability exists in the Silicon Labs OpenThread SDK that stems from the presence of a security key missing encryption vulnerability...
PT-2023-2710 · Microsoft · Windows Mshtml Platform +2
Name of the Vulnerable Software and Affected Versions: Windows MSHTML Platform affected versions not specified Description: The issue is related to errors in security settings, allowing a remote attacker to bypass security restrictions. This security-feature bypass vulnerability enables attackers...
CVE-2022-26390
The Baxter Spectrum Wireless Battery Module WBM stores network credentials and PHI only applicable to Spectrum IQ pumps using auto programming in unencrypted form. An attacker with physical access to a device that hasn't had all data and settings erased may be able to extract sensitive informatio...
CVE-2022-26390
The Baxter Spectrum Wireless Battery Module WBM stores network credentials and PHI only applicable to Spectrum IQ pumps using auto programming in unencrypted form. An attacker with physical access to a device that hasn't had all data and settings erased may be able to extract sensitive informatio...
Information disclosure
The Baxter Spectrum Wireless Battery Module WBM stores network credentials and PHI only applicable to Spectrum IQ pumps using auto programming in unencrypted form. An attacker with physical access to a device that hasn't had all data and settings erased may be able to extract sensitive informatio...
CVE-2022-26390
CVE-2022-26390 affects Baxter SIGMA Spectrum/Spectrum/WBM: Wireless Battery Module versions (e.g., v16, v16D38, v17, v17D19, v20D29–v20D32, v22D19–v22D28) where network credentials and PHI stored in unencrypted form on the WBM. Exploitation requires physical access to a device that hasn’t had dat...
CVE-2022-26390 Unencrypted internal storage of security credentials
The Baxter Spectrum Wireless Battery Module WBM stores network credentials and PHI only applicable to Spectrum IQ pumps using auto programming in unencrypted form. An attacker with physical access to a device that hasn't had all data and settings erased may be able to extract sensitive informatio...
PT-2022-17823 · Baxter · Baxter Spectrum Wireless Battery Module
Name of the Vulnerable Software and Affected Versions: Baxter Spectrum Wireless Battery Module WBM affected versions not specified Description: The issue concerns the storage of network credentials and Protected Health Information PHI in unencrypted form, specifically applicable to Spectrum IQ...
CVE-2022-26390
The Baxter Spectrum Wireless Battery Module WBM stores network credentials and PHI only applicable to Spectrum IQ pumps using auto programming in unencrypted form. An attacker with physical access to a device that hasn't had all data and settings erased may be able to extract sensitive informatio...
CVE-2022-36307
The AirVelocity 1500 prints SNMP credentials on its physically accessible serial port during boot. This was fixed in AirVelocity 1500 software version 15.18.00.2511 and may affect other AirVelocity and AirSpeed models...
Meross Smart Wi-Fi 2 Way Wall Switch 安全漏洞
The Meross Smart Wi-Fi 2 Way Wall Switch is a smart device from China-based Meross Technology Meross. A security vulnerability exists in the Meross Smart Wi-Fi 2 Way Wall Switch MSS550X that could allow a remote attacker to obtain the Wi-Fi SSID and user-configured password from the Meross...
Siemens SINEMA Remote Connect Server 信息泄露漏洞
Siemens SINEMA Remote Connect Server is a remote network management platform from Siemens, Germany. The platform is used to remotely access, maintain, control and diagnose the underlying network. An information disclosure vulnerability exists in versions prior to Siemens SINEMA Remote Connect...
Hackers Exploit Fortinet Flaw in Sophisticated Cring Ransomware Attacks
Threat actors are exploiting a Fortinet vulnerability flagged by the feds last week that delivers a new ransomware strain, dubbed Cring, that is targeting industrial enterprises across Europe. Researchers say the attackers are exploiting an unpatched path-reversal flaw, tracked as CVE-2018-13379,...
CVE-2019-8352
By default, BMC PATROL Agent through 11.3.01 uses a static encryption key for encrypting/decrypting user credentials sent over the network to managed PATROL Agent services. If an attacker were able to capture this network traffic, they could decrypt these credentials and use them to execute code ...
13 Critical Flaws Discovered in AMD Ryzen and EPYC Processors
Security researchers claimed to have discovered 13 critical Spectre/Meltdown-like vulnerabilities throughout AMD's Ryzen and EPYC lines of processors that could allow attackers to access sensitive data, install persistent malware inside the chip, and gain full access to the compromised systems. A...
Design/Logic Flaw
Lexmark Scan To Network SNF 3.2.9 and earlier stores network configuration credentials in plaintext and transmits them in requests, which allows remote attackers to obtain sensitive information via requests to 1 cgi-bin/direct/printer/prtappauth/apps/snfDestServlet or 2...
Lexmark Scan To Network (SNF) 3.2.9 Information Disclosure Vulnerability
Lexmark Scan to Network SNF printer application versions 3.2.9 and below suffer from a credential disclosure vulnerability. Summary ======= 1. Information exposure of network credentials in embedded printer application CVE-2017-13771 Vendor ====== "Lexmark creates innovative imaging solutions and...