Total
105 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-28395 | 1 Siemens | 16 Scalance Xr324-12m, Scalance Xr324-12m Firmware, Scalance Xr324-12m Ts and 13 more | 2022-12-13 | 4.3 MEDIUM | 5.9 MEDIUM |
| A vulnerability has been identified in SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.0). Devices do not create a new unique private key after factory reset. An attacker could leverage this situation to a man-in-the-middle situation and decrypt previously captured traffic. | |||||
| CVE-2020-28391 | 1 Siemens | 132 Scalance X200-4pirt, Scalance X200-4pirt Firmware, Scalance X201-3pirt and 129 more | 2022-12-13 | 4.3 MEDIUM | 5.9 MEDIUM |
| A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-200RNA switch family (All versions < V3.2.7). Devices create a new unique key upon factory reset, except when used with C-PLUG. When used with C-PLUG the devices use the hardcoded private RSA-key shipped with the firmware-image. An attacker could leverage this situation to a man-in-the-middle situation and decrypt previously captured traffic. | |||||
| CVE-2022-2641 | 1 Hornerautomation | 2 Rcc972, Rcc972 Firmware | 2022-12-06 | N/A | 9.8 CRITICAL |
| Horner Automation’s RCC 972 with firmware version 15.40 has a static encryption key on the device. This could allow an attacker to perform unauthorized changes to the device, remotely execute arbitrary code, or cause a denial-of-service condition. | |||||
| CVE-2021-38461 | 1 Auvesy | 1 Versiondog | 2022-10-27 | 6.4 MEDIUM | 8.2 HIGH |
| The affected product uses a hard-coded blowfish key for encryption/decryption processes. The key can be easily extracted from binaries. | |||||
| CVE-2020-25193 | 1 Ge | 6 Rt430, Rt430 Firmware, Rt431 and 3 more | 2022-10-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| By having access to the hard-coded cryptographic key for GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06, attackers would be able to intercept and decrypt encrypted traffic through an HTTPS connection. | |||||
| CVE-2022-1701 | 1 Sonicwall | 10 Sma 6200, Sma 6200 Firmware, Sma 6210 and 7 more | 2022-10-14 | 5.0 MEDIUM | 7.5 HIGH |
| SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions uses a shared and hard-coded encryption key to store data. | |||||
| CVE-2022-34425 | 1 Dell | 1 Enterprise Sonic Distribution | 2022-10-13 | N/A | 7.5 HIGH |
| Dell Enterprise SONiC OS, 4.0.0, 4.0.1, contain a cryptographic key vulnerability in SSH. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to unauthorized access to communication. | |||||
| CVE-2021-0266 | 1 Juniper | 2 Csrx, Junos | 2022-09-20 | 7.5 HIGH | 9.8 CRITICAL |
| The use of multiple hard-coded cryptographic keys in cSRX Series software in Juniper Networks Junos OS allows an attacker to take control of any instance of a cSRX deployment through device management services. This issue affects: Juniper Networks Junos OS on cSRX Series: All versions prior to 20.2R3; 20.3 versions prior to 20.3R2; 20.4 versions prior to 20.4R2. | |||||
| CVE-2022-1400 | 1 Device42 | 1 Cmdb | 2022-08-18 | N/A | 9.8 CRITICAL |
| Use of Hard-coded Cryptographic Key vulnerability in the WebReportsApi.dll of Exago Web Reports, as used in the Device42 Asset Management Appliance, allows an attacker to leak session IDs and elevate privileges. This issue affects: Device42 CMDB versions prior to 18.01.00. | |||||
| CVE-2022-21199 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2022-07-01 | 4.3 MEDIUM | 5.9 MEDIUM |
| An information disclosure vulnerability exists due to the hardcoded TLS key of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted man-in-the-middle attack can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. | |||||
| CVE-2019-5137 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2022-06-13 | 5.0 MEDIUM | 7.5 HIGH |
| The usage of hard-coded cryptographic keys within the ServiceAgent binary allows for the decryption of captured traffic across the network from or to the Moxa AWK-3131A firmware version 1.13. | |||||
| CVE-2022-24860 | 1 Databasir Project | 1 Databasir | 2022-04-29 | 7.5 HIGH | 9.8 CRITICAL |
| Databasir is a team-oriented relational database model document management platform. Databasir 1.01 has Use of Hard-coded Cryptographic Key vulnerability. An attacker can use hard coding to generate login credentials of any user and log in to the service background located at different IP addresses. | |||||
| CVE-2020-25229 | 1 Siemens | 2 Logo\! 8 Bm, Logo\! 8 Bm Firmware | 2022-04-25 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). The implemented encryption for communication with affected devices is prone to replay attacks due to the usage of a static key. An attacker could change the password or change the configuration on any affected device if using prepared messages that were generated for another device. | |||||
| CVE-2021-27392 | 1 Siemens | 1 Siveillance Video Open Network Bridge | 2022-04-25 | 4.0 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in Siveillance Video Open Network Bridge (2020 R3), Siveillance Video Open Network Bridge (2020 R2), Siveillance Video Open Network Bridge (2020 R1), Siveillance Video Open Network Bridge (2019 R3), Siveillance Video Open Network Bridge (2019 R2), Siveillance Video Open Network Bridge (2019 R1), Siveillance Video Open Network Bridge (2018 R3), Siveillance Video Open Network Bridge (2018 R2). Affected Open Network Bridges store user credentials for the authentication between ONVIF clients and ONVIF server using a hard-coded key. The encrypted credentials can be retrieved via the MIP SDK. This could allow an authenticated remote attacker to retrieve and decrypt all credentials stored on the ONVIF server. | |||||
| CVE-2020-25180 | 3 Rockwellautomation, Schneider-electric, Xylem | 31 Aadvance Controller, Isagraf Free Runtime, Isagraf Runtime and 28 more | 2022-04-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x includes the functionality of setting a password that is required to execute privileged commands. The password value passed to ISaGRAF Runtime is the result of encryption performed with a fixed key value using the tiny encryption algorithm (TEA) on an entered or saved password. A remote, unauthenticated attacker could pass their own encrypted password to the ISaGRAF 5 Runtime, which may result in information disclosure on the device. | |||||
| CVE-2022-23650 | 1 Gravitl | 1 Netmaker | 2022-03-08 | 9.0 HIGH | 8.8 HIGH |
| Netmaker is a platform for creating and managing virtual overlay networks using WireGuard. Prior to versions 0.8.5, 0.9.4, and 010.0, there is a hard-coded cryptographic key in the code base which can be exploited to run admin commands on a remote server if the exploiter know the address and username of the admin. This effects the server (netmaker) component, and not clients. This has been patched in Netmaker v0.8.5, v0.9.4, and v0.10.0. There are currently no known workarounds. | |||||
| CVE-2022-0664 | 1 Gravitl | 1 Netmaker | 2022-02-26 | 10.0 HIGH | 9.8 CRITICAL |
| Use of Hard-coded Cryptographic Key in Go github.com/gravitl/netmaker prior to 0.8.5,0.9.4,0.10.0,0.10.1. | |||||
| CVE-2022-22987 | 1 Advantech | 2 Adam-3600, Adam-3600 Firmware | 2022-02-09 | 7.5 HIGH | 9.8 CRITICAL |
| The affected product has a hardcoded private key available inside the project folder, which may allow an attacker to achieve Web Server login and perform further actions. | |||||
| CVE-2021-23842 | 1 Bosch | 5 Access Management System, Access Professional Edition, Amc2 and 2 more | 2022-01-28 | 3.6 LOW | 7.1 HIGH |
| Communication to the AMC2 uses a state-of-the-art cryptographic algorithm for symmetric encryption called Blowfish. An attacker could retrieve the key from the firmware to decrypt network traffic between the AMC2 and the host system. Thus, an attacker can exploit this vulnerability to decrypt and modify network traffic, decrypt and further investigate the device\'s firmware file, and change the device configuration. The attacker needs to have access to the local network, typically even the same subnet. | |||||
| CVE-2021-43552 | 1 Philips | 1 Patient Information Center Ix | 2022-01-12 | 2.1 LOW | 5.5 MEDIUM |
| The use of a hard-coded cryptographic key significantly increases the possibility encrypted data may be recovered from the Patient Information Center iX (PIC iX) Versions B.02, C.02, and C.03. | |||||