Total
1383 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-12549 | 1 Wago | 6 852-1305, 852-1305 Firmware, 852-1505 and 3 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW03 devices contain hardcoded private keys for the SSH daemon. The fingerprint of the SSH host key from the corresponding SSH daemon matches the embedded private key. | |||||
| CVE-2019-12376 | 1 Ivanti | 1 Landesk Management Suite | 2024-11-21 | 2.7 LOW | 4.5 MEDIUM |
| Use of a hard-coded encryption key in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to full managed endpoint compromise by an authenticated user with read privileges. | |||||
| CVE-2019-12327 | 1 Akuvox | 2 Sp-r50p, Sp-r50p Firmware | 2024-11-21 | 10.0 HIGH | 7.2 HIGH |
| Hardcoded credentials in the Akuvox R50P VoIP phone 50.0.6.156 allow an attacker to get access to the device via telnet. The telnet service is running on port 2323; it cannot be turned off and the credentials cannot be changed. | |||||
| CVE-2019-11947 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | |||||
| CVE-2019-11946 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
| A remote credential disclosure vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | |||||
| CVE-2019-11898 | 1 Bosch | 1 Access | 2024-11-21 | 6.5 MEDIUM | 9.9 CRITICAL |
| Unauthorized APE administration privileges can be achieved by reverse engineering one of the APE service tools. The service tool is discontinued with Bosch Access Professional Edition (APE) 3.8. | |||||
| CVE-2019-11030 | 1 Mirasys | 1 Mirasys Vms | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the Mirasys.Common.Utils.Security.DataCrypt method in Common.dll in AuditTrailService in SMServer.exe. This method triggers insecure deserialization within the .NET garbage collector, in which a gadget (contained in a serialized object) may be executed with SYSTEM privileges. The attacker must properly encrypt the object; however, the hardcoded keys are available. | |||||
| CVE-2019-10995 | 1 Abb | 16 Cp651, Cp651-web, Cp651-web Firmware and 13 more | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| ABB CP651 HMI products revision BSP UN30 v1.76 and prior implement hidden administrative accounts that are used during the provisioning phase of the HMI interface. | |||||
| CVE-2019-10990 | 1 Redlion | 1 Crimson | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, uses a hard-coded password to encrypt protected files in transit and at rest, which may allow an attacker to access configuration files. | |||||
| CVE-2019-10979 | 1 Sick | 2 Msc800, Msc800 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SICK MSC800 all versions prior to Version 4.0, the affected firmware versions contain a hard-coded customer account password. | |||||
| CVE-2019-10881 | 1 Xerox | 20 Altalink B8045, Altalink B8045 Firmware, Altalink B8055 and 17 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Xerox AltaLink B8045/B8055/B8065/B8075/B8090, AltaLink C8030/C8035/C8045/C8055/C8070 with software releases before 103.xxx.030.32000 includes two accounts with weak hard-coded passwords which can be exploited and allow unauthorized access which cannot be disabled. | |||||
| CVE-2019-10851 | 1 Computrols | 1 Computrols Building Automation Software | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Computrols CBAS 18.0.0 has hard-coded encryption keys. | |||||
| CVE-2019-10850 | 1 Computrols | 1 Computrols Building Automation Software | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Computrols CBAS 18.0.0 has Default Credentials. | |||||
| CVE-2019-10712 | 1 Wago | 32 750-330, 750-330 Firmware, 750-352 and 29 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Web-GUI on WAGO Series 750-88x (750-330, 750-352, 750-829, 750-831, 750-852, 750-880, 750-881, 750-882, 750-884, 750-885, 750-889) and Series 750-87x (750-830, 750-849, 750-871, 750-872, 750-873) devices has undocumented service access. | |||||
| CVE-2019-10694 | 1 Puppet | 1 Puppet Enterprise | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The express install, which is the suggested way to install Puppet Enterprise, gives the user a URL at the end of the install to set the admin password. If they do not use that URL, there is an overlooked default password for the admin user. This was resolved in Puppet Enterprise 2019.0.3 and 2018.1.9. | |||||
| CVE-2019-10688 | 1 Polycom | 2 Better Together Over Ethernet Connector, Unified Communications Software | 2024-11-21 | 4.6 MEDIUM | 6.8 MEDIUM |
| VVX products with software versions including and prior to, UCS 5.9.2 with Better Together over Ethernet Connector (BToE) application 3.9.1, use hard-coded credentials to establish connections between the host application and the device. | |||||
| CVE-2019-10479 | 1 Glory-global | 2 Rbw-100, Rbw-100 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Glory RBW-100 devices with firmware ISP-K05-02 7.0.0. A hard-coded username and password were identified that allow a remote attacker to gain admin access to the Front Circle Controller web interface. | |||||
| CVE-2019-10011 | 1 Jenzabar | 1 Internet Campus Solution | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| ICS/StaticPages/AddTestUsers.aspx in Jenzabar JICS (aka Internet Campus Solution) before 2019-02-06 allows remote attackers to create an arbitrary number of accounts with a password of 1234. | |||||
| CVE-2019-0022 | 1 Juniper | 3 Advanced Threat Prevention, Atp400, Atp700 | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
| Juniper ATP ships with hard coded credentials in the Cyphort Core instance which gives an attacker the ability to take full control of any installation of the software. Affected releases are Juniper Networks Juniper ATP: 5.0 versions prior to 5.0.3. | |||||
| CVE-2019-0020 | 1 Juniper | 3 Advanced Threat Prevention, Atp400, Atp700 | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
| Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full control of any installation of the software. Affected releases are Juniper Networks Juniper ATP: 5.0 versions prior to 5.0.3. | |||||