EUVD-2017-16579

Malware in sbrugna...

Supply Chain Attack Hits Rspack, Vant npm Packages with Monero Miner

Popular npm packages, Rspack and Vant, were recently compromised with malicious code. Learn about the attack, the impact, and how to protect your projects from similar threats...

OpenSSF Warns of Fake Maintainers Targeting JavaScript Projects

By Deeba Ahmed Alarming social engineering attacks target critical open-source projects! Learn how to protect your project and the open-source community from takeovers. This is a post from HackRead.com Read the original post: OpenSSF Warns of Fake Maintainers Targeting JavaScript Projects...

Schneider Electric Modicon M221 PLCs and SoMachine Basic Use of Hard-Coded Cryptographic Key (CVE-2017-7574)

Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded- key vulnerability. The Project Protection feature is used to prevent unauthorized users from opening an XML protected project file, by prompting the user for a password. This XML...

Schneider-electric Modicon Use of Hard-coded Credentials

Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded-key vulnerability. The Project Protection feature is used to prevent unauthorized users from opening an XML protected project file, by prompting the user for a password. This XML...

How I Discovered My First Vulnerability

By David Balaban I have read a couple of books recently about different vulnerabilities in order to be able to better protect my projects/websites. Today, I want to share a story about how I managed to use this knowledge in practice. Disclaimer This material is posted for educational purposes onl...

Hardcoded credentials

Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded-key vulnerability. The Project Protection feature is used to prevent unauthorized users from opening an XML protected project file, by prompting the user for a password. This XML...

CVE-2017-7574

Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded-key vulnerability. The Project Protection feature is used to prevent unauthorized users from opening an XML protected project file, by prompting the user for a password. This XML...

CVE-2017-7574

Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded-key vulnerability. The Project Protection feature is used to prevent unauthorized users from opening an XML protected project file, by prompting the user for a password. This XML...

CVE-2017-7574

Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded-key vulnerability. The Project Protection feature is used to prevent unauthorized users from opening an XML protected project file, by prompting the user for a password. This XML...

CVE-2017-7574

Schneider Electric SoMachine Basic 1.4 SP1 and Modicon TM221CE16R 1.3.3.3 contain a hardcoded cryptographic key used to AES-CBC encrypt project files; the fixed key (SoMachineBasicSoMachineBasicSoMa) cannot be changed, allowing decrypted data to reveal the user password and enable opening/modifyi...

CVE-2017-7574

Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded-key vulnerability. The Project Protection feature is used to prevent unauthorized users from opening an XML protected project file, by prompting the user for a password. This XML...

PT-2017-17809

Name of the Vulnerable Software and Affected Versions Schneider Electric SoMachine Basic version 1.4 SP1 Schneider Electric Modicon TM221CE16R version 1.3.3.3 Description The issue concerns a hardcoded-key vulnerability in the Project Protection feature, which is used to prevent unauthorized acce...