Total
674 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-10624 | 1 Honeywell | 4 Controledge Plc, Controledge Plc Firmware, Controledge Rtu and 1 more | 2024-08-04 | 7.5 High |
| ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R140, R150, and R151) exposes a session token on the network. | ||||
| CVE-2020-10628 | 1 Honeywell | 4 Controledge Plc, Controledge Plc Firmware, Controledge Rtu and 1 more | 2024-08-04 | 7.5 High |
| ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R140, R150, and R151) exposes unencrypted passwords on the network. | ||||
| CVE-2020-10376 | 1 Technicolor | 2 Tc7337net, Tc7337net Firmware | 2024-08-04 | 9.8 Critical |
| Technicolor TC7337NET 08.89.17.23.03 devices allow remote attackers to discover passwords by sniffing the network for an "Authorization: Basic" HTTP header. | ||||
| CVE-2020-9550 | 1 Rubetek | 2 Smarthome, Smarthome Firmware | 2024-08-04 | 9.8 Critical |
| Rubetek SmartHome 2020 devices use unencrypted 433 MHz communication between controllers and beacons, allowing an attacker to sniff and spoof beacon requests remotely. | ||||
| CVE-2020-9526 | 1 Cs2-network | 1 P2p | 2024-08-04 | 5.9 Medium |
| CS2 Network P2P through 3.x, as used in millions of Internet of Things devices, suffers from an information exposure flaw that exposes user session data to supernodes in the network, as demonstrated by passively eavesdropping on user video/audio streams, capturing credentials, and compromising devices. | ||||
| CVE-2020-9477 | 1 Humaxdigital | 2 Hga12r-02, Hga12r-02 Firmware | 2024-08-04 | 9.8 Critical |
| An issue was discovered on HUMAX HGA12R-02 BRGCAA 1.1.53 devices. A vulnerability in the authentication functionality in the web-based interface could allow an unauthenticated remote attacker to capture packets at the time of authentication and gain access to the cleartext password. An attacker could use this access to create a new user account or control the device. | ||||
| CVE-2020-9420 | 1 Arcadyan | 2 Vrv9506jac23, Vrv9506jac23 Firmware | 2024-08-04 | 6.5 Medium |
| The login password of the web administrative dashboard in Arcadyan Wifi routers VRV9506JAC23 is sent in cleartext, allowing an attacker to sniff and intercept traffic to learn the administrative credentials to the router. | ||||
| CVE-2020-8506 | 1 Corusent | 1 Global Tv | 2024-08-04 | 5.3 Medium |
| The Global TV application 2.3.2 for Android and 4.7.5 for iOS sends Unencrypted Analytics. | ||||
| CVE-2020-8507 | 1 Rogersmedia | 1 Citytv Video | 2024-08-04 | 7.5 High |
| The Citytv Video application 4.08.0 for Android and 3.35 for iOS sends Unencrypted Analytics. | ||||
| CVE-2020-7984 | 1 Solarwinds | 1 N-central | 2024-08-04 | 7.5 High |
| SolarWinds N-central before 12.1 SP1 HF5 and 12.2 before SP1 HF2 allows remote attackers to retrieve cleartext domain admin credentials from the Agent & Probe settings, and obtain other sensitive information. The attacker can use a customer ID to self register and read any aspects of the agent/appliance configuration. | ||||
| CVE-2020-7907 | 1 Jetbrains | 1 Scala | 2024-08-04 | 7.5 High |
| In the JetBrains Scala plugin before 2019.2.1, some artefact dependencies were resolved over unencrypted connections. | ||||
| CVE-2020-7592 | 1 Siemens | 9 Simatic Hmi Basic Panels 1st Generation, Simatic Hmi Basic Panels 2nd Generation, Simatic Hmi Comfort Panels and 6 more | 2024-08-04 | 6.5 Medium |
| A vulnerability has been identified in SIMATIC HMI Basic Panels 1st Generation (incl. SIPLUS variants) (All versions), SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) (All versions), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC HMI KTP700F Mobile Arctic (All versions), SIMATIC HMI Mobile Panels 2nd Generation (All versions), SIMATIC WinCC Runtime Advanced (All versions). Unencrypted communication between the configuration software and the respective device could allow an attacker to capture potential plain text communication and have access to sensitive information. | ||||
| CVE-2020-7488 | 1 Schneider-electric | 11 Ecostruxure Machine Expert, Modicon M218, Modicon M218 Firmware and 8 more | 2024-08-04 | 7.5 High |
| A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists which could leak sensitive information transmitted between the software and the Modicon M218, M241, M251, and M258 controllers. | ||||
| CVE-2020-7483 | 2 Microsoft, Schneider-electric | 4 Windows 7, Windows Nt, Windows Xp and 1 more | 2024-08-04 | 7.5 High |
| **VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability could cause certain data to be visible on the network when the 'password' feature is enabled. This vulnerability was discovered in and remediated in versions v4.9.1 and v4.10.1 on May 30, 2013. The 'password' feature is an additional optional check performed by TS1131 that it is connected to a specific controller. This data is sent as clear text and is visible on the network. This feature is not present in TriStation 1131 versions v4.9.1 and v4.10.1 through current. Therefore, the vulnerability is not present in these versions. | ||||
| CVE-2020-7308 | 1 Mcafee | 1 Endpoint Security | 2024-08-04 | 4.8 Medium |
| Cleartext Transmission of Sensitive Information between McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update and McAfee Global Threat Intelligence (GTI) servers using DNS allows a remote attacker to view the requests from ENS and responses from GTI over DNS. By gaining control of an intermediate DNS server or altering the network DNS configuration, it is possible for an attacker to intercept requests and send their own responses. | ||||
| CVE-2020-6997 | 1 Moxa | 4 Eds-510e, Eds-510e Firmware, Eds-g516e and 1 more | 2024-08-04 | 7.5 High |
| In Moxa EDS-G516E Series firmware, Version 5.2 or lower, sensitive information is transmitted over some web applications in cleartext. | ||||
| CVE-2020-7003 | 1 Moxa | 40 Iologik 2512, Iologik 2512-hspa, Iologik 2512-hspa-t and 37 more | 2024-08-04 | 7.5 High |
| In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, sensitive information is transmitted over some web applications in clear text. | ||||
| CVE-2020-6195 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-08-04 | 9.8 Critical |
| SAP Business Objects Business Intelligence Platform (CMC), version 4.1, 4.2, shows cleartext password in the response, leading to Information Disclosure. It involves social engineering in order to gain access to system and If password is known, it would give administrative rights to the attacker to read/modify delete the data and rights within the system. | ||||
| CVE-2020-6198 | 1 Sap | 1 Solution Manager | 2024-08-04 | 9.8 Critical |
| SAP Solution Manager (Diagnostics Agent), version 720, allows unencrypted connections from unauthenticated sources. This allows an attacker to control all remote functions on the Agent due to Missing Authentication Check. | ||||
| CVE-2020-5876 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2024-08-04 | 8.1 High |
| On BIG-IP 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, a race condition exists where mcpd and other processes may make unencrypted connection attempts to a new configuration sync peer. The race condition can occur when changing the ConfigSync IP address of a peer, adding a new peer, or when the Traffic Management Microkernel (TMM) first starts up. | ||||