Total
1266 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-29831 | 1 Mitsubishielectric | 1 Gx Works3 | 2023-06-29 | N/A | 7.5 HIGH |
| Use of Hard-coded Password vulnerability in Mitsubishi Electric Corporation GX Works3 versions from 1.015R to 1.095Z allows a remote unauthenticated attacker to obtain information about the project file for MELSEC safety CPU modules. | |||||
| CVE-2023-2611 | 1 Advantech | 1 R-seenet | 2023-06-28 | N/A | 9.8 CRITICAL |
| Advantech R-SeeNet versions 2.4.22 is installed with a hidden root-level user that is not available in the users list. This hidden user has a password that cannot be changed by users. | |||||
| CVE-2023-32274 | 1 Enphase | 1 Installer Toolkit | 2023-06-28 | N/A | 7.5 HIGH |
| Enphase Installer Toolkit versions 3.27.0 has hard coded credentials embedded in binary code in the Android application. An attacker can exploit this and gain access to sensitive information. | |||||
| CVE-2022-43978 | 1 Pandorafms | 1 Pandora Fms | 2023-06-27 | N/A | 3.7 LOW |
| There is an improper authentication vulnerability in Pandora FMS v764. The application verifies that the user has a valid session when he is not trying to do a login. Since the secret is static in generatePublicHash function, an attacker with knowledge of a valid session can abuse this in order to pass the authentication check. | |||||
| CVE-2022-23724 | 1 Pingidentity | 1 Pingid Integration For Windows Login | 2023-06-27 | 5.5 MEDIUM | 8.1 HIGH |
| Use of static encryption key material allows forging an authentication token to other users within a tenant organization. MFA may be bypassed by redirecting an authentication flow to a target user. To exploit the vulnerability, must have compromised user credentials. | |||||
| CVE-2023-2637 | 1 Rockwellautomation | 2 Factorytalk Policy Manager, Factorytalk System Services | 2023-06-26 | N/A | 8.2 HIGH |
| Rockwell Automation's FactoryTalk System Services uses a hard-coded cryptographic key to generate administrator cookies. Hard-coded cryptographic key may lead to privilege escalation. This vulnerability may allow a local, authenticated non-admin user to generate an invalid administrator cookie giving them administrative privileges to the FactoryTalk Policy Manger database. This may allow the threat actor to make malicious changes to the database that will be deployed when a legitimate FactoryTalk Policy Manager user deploys a security policy model. User interaction is required for this vulnerability to be successfully exploited. | |||||
| CVE-2023-2061 | 1 Mitsubishielectric | 8 Fx5-enet\/ip, Fx5-enet\/ip Firmware, Rj71eip91 and 5 more | 2023-06-16 | N/A | 7.5 HIGH |
| Use of Hard-coded Password vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to obtain a hard-coded password and access to the module via FTP. | |||||
| CVE-2022-47617 | 1 Hitrontech | 2 Coda-5310, Coda-5310 Firmware | 2023-06-09 | N/A | 7.2 HIGH |
| Hitron CODA-5310 has hard-coded encryption/decryption keys in the program code. A remote attacker authenticated as an administrator can decrypt system files using the hard-coded keys for file access, modification, and cause service disruption. | |||||
| CVE-2022-4333 | 1 Sprecher-automation | 18 Sprecon-e-c, Sprecon-e-c Firmware, Sprecon-e-p Dl6-1 and 15 more | 2023-06-09 | N/A | 9.8 CRITICAL |
| Hardcoded Credentials in multiple SPRECON-E CPU variants of Sprecher Automation allows an remote attacker to take over the device. These accounts should be deactivated according to Sprecher's hardening guidelines. | |||||
| CVE-2023-31184 | 1 Rozcom | 1 Rozcom Client | 2023-06-06 | N/A | 7.8 HIGH |
| ROZCOM client CWE-798: Use of Hard-coded Credentials | |||||
| CVE-2023-1944 | 1 Kubernetes | 1 Minikube | 2023-06-01 | N/A | 7.8 HIGH |
| This vulnerability enables ssh access to minikube container using a default password. | |||||
| CVE-2023-2504 | 1 Birddog | 8 4k Quad, 4k Quad Firmware, A300 and 5 more | 2023-05-31 | N/A | 9.8 CRITICAL |
| Files present on firmware images could allow an attacker to gain unauthorized access as a root user using hard-coded credentials. | |||||
| CVE-2022-29825 | 1 Mitsubishielectric | 1 Gx Works3 | 2023-05-31 | N/A | 7.5 HIGH |
| Use of Hard-coded Password vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.090U and GT Designer3 Version1 (GOT2000) versions from 1.122C to 1.290C allows an unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users may view programs and project files or execute programs illegally. | |||||
| CVE-2022-29829 | 1 Mitsubishielectric | 1 Gx Works3 | 2023-05-31 | N/A | 7.5 HIGH |
| Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.090U, GT Designer3 Version1 (GOT2000) versions from 1.122C to 1.290C and Motion Control Setting(GX Works3 related software) versions from 1.035M to 1.042U allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users may view programs and project files or execute programs illegally. | |||||
| CVE-2023-33236 | 1 Moxa | 1 Mxsecurity | 2023-05-30 | N/A | 9.8 CRITICAL |
| MXsecurity version 1.0 is vulnearble to hardcoded credential vulnerability. This vulnerability has been reported that can be exploited to craft arbitrary JWT tokens and subsequently bypass authentication for web-based APIs. | |||||
| CVE-2023-27512 | 1 Contec | 4 Sv-cpt-mc310, Sv-cpt-mc310 Firmware, Sv-cpt-mc310f and 1 more | 2023-05-30 | N/A | 7.2 HIGH |
| Use of hard-coded credentials exists in SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10, and SV-CPT-MC310F versions prior to Ver.8.10, which may allow a remote authenticated attacker to login the affected product with an administrative privilege and perform an unintended operation. | |||||
| CVE-2022-22512 | 1 Varta | 16 Element Backup, Element Backup Firmware, Element S1 and 13 more | 2023-05-23 | N/A | 9.8 CRITICAL |
| Hard-coded credentials in Web-UI of multiple VARTA Storage products in multiple versions allows an unauthorized attacker to gain administrative access to the Web-UI via network. | |||||
| CVE-2018-0150 | 1 Cisco | 3 4431 Integrated Services Router, 4451 Integrated Services Router, Ios Xe | 2023-05-22 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in Cisco IOS XE Software could allow an unauthenticated, remote attacker to log in to a device running an affected release of Cisco IOS XE Software with the default username and password that are used at initial boot, aka a Static Credential Vulnerability. The vulnerability is due to an undocumented user account with privilege level 15 that has a default username and password. An attacker could exploit this vulnerability by using this account to remotely connect to an affected device. A successful exploit could allow the attacker to log in to the device with privilege level 15 access. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software Release 16.x. This vulnerability does not affect Cisco IOS XE Software releases prior to Release 16.x. Cisco Bug IDs: CSCve89880. | |||||
| CVE-2019-7225 | 1 Abb | 32 Cp620, Cp620-web, Cp620-web Firmware and 29 more | 2023-05-16 | 5.8 MEDIUM | 8.8 HIGH |
| The ABB HMI components implement hidden administrative accounts that are used during the provisioning phase of the HMI interface. These credentials allow the provisioning tool "Panel Builder 600" to flash a new interface and Tags (MODBUS coils) mapping to the HMI. These credentials are the idal123 password for the IdalMaster account, and the exor password for the exor account. These credentials are used over both HTTP(S) and FTP. There is no option to disable or change these undocumented credentials. An attacker can use these credentials to login to ABB HMI to read/write HMI configuration files and also to reset the device. This affects ABB CP635 HMI, CP600 HMIClient, Panel Builder 600, IDAL FTP server, IDAL HTTP server, and multiple other HMI components. | |||||
| CVE-2020-16170 | 1 Robotemi | 1 Temi | 2023-05-15 | 5.0 MEDIUM | 7.5 HIGH |
| Use of Hard-coded Credentials in temi Robox OS prior to 120, temi Android app up to 1.3.7931 allows remote attackers to listen in on any ongoing calls between temi robots and their users if they can brute-force/guess a six-digit value via unspecified vectors. | |||||