Total
1269 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2014-6617 | 1 Industrial.softing | 2 Fg-100 Pb Profibus, Fg-100 Pb Profibus Firmware | 2024-08-06 | N/A |
Softing FG-100 PB PROFIBUS firmware version FG-x00-PB_V2.02.0.00 contains a hardcoded password for the root account, which allows remote attackers to obtain administrative access via a TELNET session. | ||||
CVE-2014-5431 | 1 Baxter | 3 Sigma Spectrum Infusion System, Sigma Spectrum Infusion System Firmware, Wireless Battery Module | 2024-08-06 | N/A |
Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 contains a hard-coded password, which provides access to basic biomedical information, limited device settings, and network configuration of the WBM, if connected. The hard-coded password may allow an attacker with physical access to the device to access management functions to make unauthorized configuration changes to biomedical settings such as turn on and off wireless connections and the phase-complete audible alarm that indicates the end of an infusion phase. Baxter has released a new version of the SIGMA Spectrum Infusion System, version 8, which incorporates hardware and software changes. | ||||
CVE-2014-5434 | 1 Baxter | 3 Sigma Spectrum Infusion System, Sigma Spectrum Infusion System Firmware, Wireless Battery Module | 2024-08-06 | N/A |
Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 has a default account with hard-coded credentials used with the FTP protocol. Baxter asserts no files can be transferred to or from the WBM using this account. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes. | ||||
CVE-2014-3692 | 1 Redhat | 2 Cloudforms 3.1 Management Engine, Cloudforms Managementengine | 2024-08-06 | N/A |
The customization template in Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 uses a default password for the root account when a password is not specified for a new image, which allows remote attackers to gain privileges. | ||||
CVE-2014-3413 | 1 Juniper | 1 Junos Space | 2024-08-06 | N/A |
The MySQL server in Juniper Networks Junos Space before 13.3R1.8 has an unspecified account with a hardcoded password, which allows remote attackers to obtain sensitive information and consequently obtain administrative control by leveraging database access. | ||||
CVE-2014-3205 | 1 Seagate | 4 Blackarmor Nas 110, Blackarmor Nas 110 Firmware, Blackarmor Nas 220 and 1 more | 2024-08-06 | N/A |
backupmgt/pre_connect_check.php in Seagate BlackArmor NAS contains a hard-coded password of '!~@##$$%FREDESWWSED' for a backdoor user. | ||||
CVE-2014-0234 | 1 Redhat | 1 Openshift | 2024-08-06 | 9.8 Critical |
The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of "mooo" for a Mongo account, which allows remote attackers to hijack the broker by providing this password, related to the openshift.sh script in Openshift Extras before 20130920. NOTE: this may overlap CVE-2013-4253 and CVE-2013-4281. | ||||
CVE-2014-0175 | 3 Debian, Puppet, Redhat | 3 Debian Linux, Marionette Collective, Openshift | 2024-08-06 | 9.8 Critical |
mcollective has a default password set at install | ||||
CVE-2015-7276 | 1 Technicolor | 4 C2000t, C2000t Firmware, C2100t and 1 more | 2024-08-06 | 5.9 Medium |
Technicolor C2000T and C2100T uses hard-coded cryptographic keys. | ||||
CVE-2015-7246 | 2 D-link, Dlink | 2 Dvg-n5402sp Firmware, Dvg-n5402sp | 2024-08-06 | N/A |
D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 has a default password of root for the root account and tw for the tw account, which makes it easier for remote attackers to obtain administrative access. | ||||
CVE-2015-5329 | 1 Redhat | 2 Openstack, Openstack-director | 2024-08-06 | N/A |
The TripleO Heat templates (tripleo-heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 7.0, do not properly use the configured RabbitMQ credentials, which makes it easier for remote attackers to obtain access to services in deployed overclouds by leveraging knowledge of the default credentials. | ||||
CVE-2015-4667 | 1 Xceedium | 1 Xsuite | 2024-08-06 | N/A |
Multiple hardcoded credentials in Xsuite 2.x. | ||||
CVE-2015-3953 | 1 Pifzer | 6 Plum A\+3 Infusion System, Plum A\+3 Infusion System Firmware, Plum A\+ Infusion System and 3 more | 2024-08-06 | N/A |
Hard-coded accounts may be used to access Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue. | ||||
CVE-2015-2885 | 1 Lens Laboratories | 2 Peek-a-view, Peek-a-view Firmware | 2024-08-06 | N/A |
Lens Peek-a-View has a password of 2601hx for the backdoor admin account, a password of user for the backdoor user account, and a password of guest for the backdoor guest account. | ||||
CVE-2015-2881 | 1 Gynoii | 3 Gcw-1010, Gcw-1020, Gpw-1025 | 2024-08-06 | N/A |
Gynoii has a password of guest for the backdoor guest account and a password of 12345 for the backdoor admin account. | ||||
CVE-2015-2887 | 1 Ibaby | 2 M3s Baby Monitor, M3s Baby Monitor Firmware | 2024-08-06 | N/A |
iBaby M3S has a password of admin for the backdoor admin account. | ||||
CVE-2015-2882 | 1 Philips | 1 In.sight B120\\37 | 2024-08-06 | N/A |
Philips In.Sight B120/37 has a password of b120root for the backdoor root account, a password of /ADMIN/ for the backdoor admin account, a password of merlin for the backdoor mg3500 account, a password of M100-4674448 for the backdoor user account, and a password of M100-4674448 for the backdoor admin account. | ||||
CVE-2015-2867 | 1 Trane | 1 Comfortlink Ii Firmware | 2024-08-06 | N/A |
A design flaw in the Trane ComfortLink II SCC firmware version 2.0.2 service allows remote attackers to take complete control of the system. | ||||
CVE-2015-1842 | 1 Redhat | 2 Openstack, Openstack-installer | 2024-08-06 | N/A |
The puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a default password of CHANGEME for the pcsd daemon, which allows remote attackers to execute arbitrary shell commands via unspecified vectors. | ||||
CVE-2016-10928 | 1 Onelogin | 1 Onelogin Saml Sso | 2024-08-06 | N/A |
The onelogin-saml-sso plugin before 2.2.0 for WordPress has a hardcoded @@@nopass@@@ password for just-in-time provisioned users. |