Total
1224 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-22560 | 1 Dell | 1 Emc Powerscale Onefs | 2022-04-20 | 4.9 MEDIUM | 5.5 MEDIUM |
| Dell EMC PowerScale OneFS 8.1.x - 9.1.x contain hard coded credentials. This allows a local user with knowledge of the credentials to login as the admin user to the backend ethernet switch of a PowerScale cluster. The attacker can exploit this vulnerability to take the switch offline. | |||||
| CVE-2020-6857 | 1 Taskautomation | 1 Carbonftp | 2022-04-18 | 2.1 LOW | 5.5 MEDIUM |
| CarbonFTP v1.4 uses insecure proprietary password encryption with a hard-coded weak encryption key. The key for local FTP server passwords is hard-coded in the binary. | |||||
| CVE-2022-25569 | 1 Bettinivideo | 1 Sgsetup | 2022-04-15 | 5.0 MEDIUM | 9.8 CRITICAL |
| Bettini Srl GAMS Product Line v4.3.0 was discovered to re-use static SSH keys across installations, allowing unauthenticated attackers to login as root users via extracting a key from the software. | |||||
| CVE-2022-26671 | 1 Secom | 2 Dr.id Access Control, Dr.id Attendance System | 2022-04-14 | 7.5 HIGH | 7.3 HIGH |
| Taiwan Secom Dr.ID Access Control system’s login page has a hard-coded credential in the source code. An unauthenticated remote attacker can use the hard-coded credential to acquire partial system information and modify system setting to cause partial disrupt of service. | |||||
| CVE-2022-23440 | 1 Fortinet | 1 Fortiedr | 2022-04-14 | 4.6 MEDIUM | 7.8 HIGH |
| A use of hard-coded cryptographic key vulnerability [CWE-321] in the registration mechanism of FortiEDR collectors versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow a local attacker to disable and uninstall the collectors from the end-points within the same deployment. | |||||
| CVE-2022-23441 | 1 Fortinet | 1 Fortiedr | 2022-04-13 | 6.4 MEDIUM | 9.1 CRITICAL |
| A use of hard-coded cryptographic key vulnerability [CWE-321] in FortiEDR versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow an unauthenticated attacker on the network to disguise as and forge messages from other collectors. | |||||
| CVE-2012-4712 | 1 Moxa | 2 Edr-g903, Edr-g903 Firmware | 2022-04-12 | 5.0 MEDIUM | N/A |
| Moxa EDR-G903 series routers with firmware before 2.11 have a hardcoded account, which allows remote attackers to obtain unspecified device access via unknown vectors. | |||||
| CVE-2021-30064 | 2 Belden, Schneider-electric | 26 Eagle 20 Tofino 943 987-501-tx\/tx, Eagle 20 Tofino 943 987-501-tx\/tx Firmware, Eagle 20 Tofino 943 987-502 -tx\/mm and 23 more | 2022-04-09 | 6.8 MEDIUM | 9.8 CRITICAL |
| On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an SSH login can succeed with hardcoded default credentials (if the device is in the uncommissioned state). | |||||
| CVE-2022-24693 | 1 Baicells | 4 Neutrino 430, Neutrino 430 Firmware, Nova436q and 1 more | 2022-04-07 | 7.8 HIGH | 9.8 CRITICAL |
| Baicells Nova436Q and Neutrino 430 devices with firmware through QRTB 2.7.8 have hardcoded credentials that are easily discovered, and can be used by remote attackers to authenticate via ssh. (The credentials are stored in the firmware, encrypted by the crypt function.) | |||||
| CVE-2019-3710 | 1 Dell | 1 Emc Networking Os10 | 2022-04-05 | 6.8 MEDIUM | 8.1 HIGH |
| Dell EMC Networking OS10 versions prior to 10.4.3 contain a cryptographic key vulnerability due to an underlying application using undocumented, pre-installed X.509v3 key/certificate pairs. An unauthenticated remote attacker with the knowledge of the default keys may potentially be able to intercept communications or operate the system with elevated privileges. | |||||
| CVE-2021-46008 | 1 Totolink | 2 A3100r, A3100r Firmware | 2022-04-05 | 7.9 HIGH | 8.8 HIGH |
| In totolink a3100r V5.9c.4577, the hard-coded telnet password can be discovered from official released firmware. An attacker, who has connected to the Wi-Fi, can easily telnet into the target with root shell if the telnet is function turned on. | |||||
| CVE-2020-25180 | 3 Rockwellautomation, Schneider-electric, Xylem | 31 Aadvance Controller, Isagraf Free Runtime, Isagraf Runtime and 28 more | 2022-04-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x includes the functionality of setting a password that is required to execute privileged commands. The password value passed to ISaGRAF Runtime is the result of encryption performed with a fixed key value using the tiny encryption algorithm (TEA) on an entered or saved password. A remote, unauthenticated attacker could pass their own encrypted password to the ISaGRAF 5 Runtime, which may result in information disclosure on the device. | |||||
| CVE-2021-27430 | 1 Ge | 1 Ur Bootloader Binary | 2022-03-31 | 4.6 MEDIUM | 6.8 MEDIUM |
| GE UR bootloader binary Version 7.00, 7.01 and 7.02 included unused hardcoded credentials. Additionally, a user with physical access to the UR IED can interrupt the boot sequence by rebooting the UR. | |||||
| CVE-2022-25577 | 1 Alf-banco | 1 Alf-banco | 2022-03-31 | 6.4 MEDIUM | 9.1 CRITICAL |
| ALF-BanCO v8.2.5 and below was discovered to use a hardcoded password to encrypt the SQLite database containing the user's data. Attackers who are able to gain remote or local access to the system are able to read and modify the data. | |||||
| CVE-2019-8352 | 1 Bmc | 1 Patrol Agent | 2022-03-30 | 7.5 HIGH | 9.8 CRITICAL |
| By default, BMC PATROL Agent through 11.3.01 uses a static encryption key for encrypting/decrypting user credentials sent over the network to managed PATROL Agent services. If an attacker were able to capture this network traffic, they could decrypt these credentials and use them to execute code or escalate privileges on the network. | |||||
| CVE-2021-45877 | 1 Garo | 6 Wallbox Glb, Wallbox Glb Firmware, Wallbox Gtb and 3 more | 2022-03-28 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by hard coded credentials. A hardcoded credential exist in /etc/tomcat8/tomcat-user.xml, which allows attackers to gain authorized access and control the tomcat completely on port 8000 in the tomcat manger page. | |||||
| CVE-2022-25246 | 1 Ptc | 2 Axeda Agent, Axeda Desktop Server | 2022-03-28 | 9.0 HIGH | 8.8 HIGH |
| Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) uses hard-coded credentials for its UltraVNC installation. Successful exploitation of this vulnerability could allow a remote authenticated attacker to take full remote control of the host operating system. | |||||
| CVE-2022-26660 | 1 Robotronic | 1 Runasspc | 2022-03-28 | 5.0 MEDIUM | 7.5 HIGH |
| RunAsSpc 4.0 uses a universal and recoverable encryption key. In possession of a file encrypted by RunAsSpc, an attacker can recover the credentials that were used. | |||||
| CVE-2022-25510 | 1 Freetakserver-ui Project | 1 Freetakserver-ui | 2022-03-22 | 6.5 MEDIUM | 8.8 HIGH |
| FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or escalate privileges. | |||||
| CVE-2022-21194 | 1 Yokogawa | 5 Centum Vp, Centum Vp Entry, Centum Vp Entry Firmware and 2 more | 2022-03-18 | 6.8 MEDIUM | 9.8 CRITICAL |
| The following Yokogawa Electric products do not change the passwords of the internal Windows accounts from the initial configuration: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.0, Exaopc versions from R3.72.00 to R3.79.00. | |||||