Total
89 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-37291 | 1 Gss | 1 Vitals Enterprise Social Platform | 2024-11-21 | N/A | 8.6 HIGH |
| Galaxy Software Services Vitals ESP is vulnerable to using a hard-coded encryption key. An unauthenticated remote attacker can generate a valid token parameter and exploit this vulnerability to access system to operate processes and access data. This issue affects Vitals ESP: from 3.0.8 through 6.2.0. | |||||
| CVE-2023-32169 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TokenUtils class. The issue results from a hard-coded cryptographic key. An attacker can leverage this vulnerability to bypass authentication on the system. . Was ZDI-CAN-19659. | |||||
| CVE-2023-22844 | 1 Milesight | 1 Milesightvpn | 2024-11-21 | N/A | 7.3 HIGH |
| An authentication bypass vulnerability exists in the requestHandlers.js verifyToken functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to authentication bypass. An attacker can send a network request to trigger this vulnerability. | |||||
| CVE-2023-21705 | 1 Microsoft | 1 Sql Server | 2024-11-21 | N/A | 8.8 HIGH |
| Microsoft SQL Server Remote Code Execution Vulnerability | |||||
| CVE-2023-20038 | 1 Cisco | 1 Industrial Network Director | 2024-11-21 | N/A | 8.8 HIGH |
| A vulnerability in the monitoring application of Cisco Industrial Network Director could allow an authenticated, local attacker to access a static secret key used to store both local data and credentials for accessing remote systems. This vulnerability is due to a static key value stored in the application used to encrypt application data and remote credentials. An attacker could exploit this vulnerability by gaining local access to the server Cisco Industrial Network Director is installed on. A successful exploit could allow the attacker to decrypt data allowing the attacker to access remote systems monitored by Cisco Industrial Network Director. | |||||
| CVE-2022-2641 | 1 Hornerautomation | 2 Rcc972, Rcc972 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Horner Automation’s RCC 972 with firmware version 15.40 has a static encryption key on the device. This could allow an attacker to perform unauthorized changes to the device, remotely execute arbitrary code, or cause a denial-of-service condition. | |||||
| CVE-2022-20868 | 1 Cisco | 4 Asyncos, Secure Email And Web Manager, Secure Email Gateway and 1 more | 2024-11-21 | N/A | 4.7 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Email Security Appliance, Cisco Secure Email and Web Manager and Cisco Secure Web Appliance could allow an authenticated, remote attacker to elevate privileges on an affected system. The attacker needs valid credentials to exploit this vulnerability. This vulnerability is due to the use of a hardcoded value to encrypt a token used for certain APIs calls . An attacker could exploit this vulnerability by authenticating to the device and sending a crafted HTTP request. A successful exploit could allow the attacker to impersonate another valid user and execute commands with the privileges of that user account. | |||||
| CVE-2022-0664 | 1 Gravitl | 1 Netmaker | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Use of Hard-coded Cryptographic Key in Go github.com/gravitl/netmaker prior to 0.8.5,0.9.4,0.10.0,0.10.1. | |||||
| CVE-2021-43587 | 1 Dell | 1 Powerpath Management Appliance | 2024-11-21 | 7.2 HIGH | 8.2 HIGH |
| Dell PowerPath Management Appliance, versions 3.2, 3.1, 3.0 P01, 3.0, and 2.6, use hard-coded cryptographic key. A local high-privileged malicious user may potentially exploit this vulnerability to gain access to secrets and elevate to gain higher privileges. | |||||
| CVE-2021-43552 | 1 Philips | 1 Patient Information Center Ix | 2024-11-21 | 2.1 LOW | 6.1 MEDIUM |
| The use of a hard-coded cryptographic key significantly increases the possibility encrypted data may be recovered from the Patient Information Center iX (PIC iX) Versions B.02, C.02, and C.03. | |||||
| CVE-2021-32520 | 1 Qsan | 1 Storage Manager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Use of hard-coded cryptographic key vulnerability in QSAN Storage Manager allows attackers to obtain users’ credentials and related permissions. Suggest contacting with QSAN and refer to recommendations in QSAN Document. | |||||
| CVE-2021-27389 | 1 Siemens | 2 Opcenter Quality, Qms Automotive | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability has been identified in Opcenter Quality (All versions < V12.2), QMS Automotive (All versions < V12.30). A private sign key is shipped with the product without adequate protection. | |||||
| CVE-2020-28395 | 1 Siemens | 16 Scalance Xr324-12m, Scalance Xr324-12m Firmware, Scalance Xr324-12m Ts and 13 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| A vulnerability has been identified in SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.0). Devices do not create a new unique private key after factory reset. An attacker could leverage this situation to a man-in-the-middle situation and decrypt previously captured traffic. | |||||
| CVE-2020-28391 | 1 Siemens | 132 Scalance X200-4pirt, Scalance X200-4pirt Firmware, Scalance X201-3pirt and 129 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-200RNA switch family (All versions < V3.2.7). Devices create a new unique key upon factory reset, except when used with C-PLUG. When used with C-PLUG the devices use the hardcoded private RSA-key shipped with the firmware-image. An attacker could leverage this situation to a man-in-the-middle situation and decrypt previously captured traffic. | |||||
| CVE-2020-25234 | 1 Siemens | 2 Logo\! 8 Bm, Logo\! 8 Bm Firmware | 2024-11-21 | 3.6 LOW | 7.7 HIGH |
| A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3), LOGO! Soft Comfort (All versions < V8.3). The LOGO! program files generated and used by the affected components offer the possibility to save user-defined functions (UDF) in a password protected way. This protection is implemented in the software that displays the information. An attacker could reverse engineer the UDFs directly from stored program files. | |||||
| CVE-2020-25233 | 1 Siemens | 2 Logo\! 8 Bm, Logo\! 8 Bm Firmware | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). The firmware update of affected devices contains the private RSA key that is used as a basis for encryption of communication with the device. | |||||
| CVE-2020-25231 | 1 Siemens | 3 Logo\! 8 Bm, Logo\! 8 Bm Firmware, Logo\! Soft Comfort | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3), LOGO! Soft Comfort (All versions < V8.3). The encryption of program data for the affected devices uses a static key. An attacker could use this key to extract confidential information from protected program files. | |||||
| CVE-2019-19754 | 2024-11-21 | N/A | 5.7 MEDIUM | ||
| HiveOS through 0.6-102@191212 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io. NOTE: as of 2019-09-26, the vendor indicated that they would consider fixing this. | |||||
| CVE-2019-19753 | 2024-11-21 | N/A | 9.1 CRITICAL | ||
| SimpleMiningOS through v1259 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io. NOTE: the vendor indicated that they have no plans to fix this, and discourage deployment using public IPv4. | |||||
| CVE-2019-19750 | 1 Minerstat | 1 Msos | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| minerstat msOS before 2019-10-23 does not have a unique SSH key for each instance of the product. | |||||