Total
1269 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-6693 | 1 Fortinet | 1 Fortios | 2024-08-04 | 6.5 Medium |
| Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup file to decipher the sensitive data, via knowledge of the hard-coded key. The aforementioned sensitive data includes users' passwords (except the administrator's password), private keys' passphrases and High Availability password (when set). | ||||
| CVE-2019-6572 | 1 Siemens | 22 Simatic Hmi Comfort Outdoor Panels, Simatic Hmi Comfort Outdoor Panels Firmware, Simatic Hmi Comfort Panels and 19 more | 2024-08-04 | 9.1 Critical |
| A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15.1 Update 1), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Professional (All versions < V15.1 Update 1), SIMATIC WinCC (TIA Portal) (All versions < V15.1 Update 1), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). The affected device offered SNMP read and write capacities with a publicly know hardcoded community string. The security vulnerability could be exploited by an attacker with network access to the affected device. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise confidentiality and integrity of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known. | ||||
| CVE-2019-6548 | 1 Ge | 1 Ge Communicator | 2024-08-04 | 9.8 Critical |
| GE Communicator, all versions prior to 4.0.517, contains two backdoor accounts with hardcoded credentials, which may allow control over the database. This service is inaccessible to attackers if Windows default firewall settings are used by the end user. | ||||
| CVE-2019-6499 | 1 Teradata | 1 Viewpoint | 2024-08-04 | N/A |
| Teradata Viewpoint before 14.0 and 16.20.00.02-b80 contains a hardcoded password of TDv1i2e3w4 for the viewpoint database account (in viewpoint-portal\conf\server.xml) that could potentially be exploited by malicious users to compromise the affected system. | ||||
| CVE-2019-5139 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2024-08-04 | 7.1 High |
| An exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities of the Moxa AWK-3131A firmware version 1.13. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts. | ||||
| CVE-2019-5137 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2024-08-04 | 7.5 High |
| The usage of hard-coded cryptographic keys within the ServiceAgent binary allows for the decryption of captured traffic across the network from or to the Moxa AWK-3131A firmware version 1.13. | ||||
| CVE-2019-5158 | 1 Wago | 1 E\!cockpit | 2024-08-04 | 7.8 High |
| An exploitable firmware downgrade vulnerability exists in the firmware update package functionality of the WAGO e!COCKPIT automation software v1.6.1.5. A specially crafted firmware update file can allow an attacker to install an older firmware version while the user thinks a newer firmware version is being installed. An attacker can create a custom firmware update package with invalid metadata in order to trigger this vulnerability. | ||||
| CVE-2019-5106 | 1 Wago | 1 E\!cockpit | 2024-08-04 | 5.5 Medium |
| A hard-coded encryption key vulnerability exists in the authentication functionality of WAGO e!Cockpit version 1.5.1.1. An attacker with access to communications between e!Cockpit and CoDeSyS Gateway can trivially recover the password of any user attempting to log in, in plain text. | ||||
| CVE-2019-4327 | 1 Hcltech | 1 Appscan | 2024-08-04 | 7.5 High |
| "HCL AppScan Enterprise uses hard-coded credentials which can be exploited by attackers to get unauthorized access to application's encrypted files." | ||||
| CVE-2019-4392 | 1 Hcltech | 1 Appscan | 2024-08-04 | 9.8 Critical |
| HCL AppScan Standard Edition 9.0.3.13 and earlier uses hard-coded credentials which can be exploited by attackers to get unauthorized access to the system. | ||||
| CVE-2019-3938 | 1 Crestron | 4 Am-100, Am-100 Firmware, Am-101 and 1 more | 2024-08-04 | 7.8 High |
| Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 stores usernames, passwords, and other configuration options in the file generated via the "export configuration" feature. The configuration file is encrypted using the awenc binary. The same binary can be used to decrypt any configuration file since all the encryption logic is hard coded. A local attacker can use this vulnerability to gain access to devices username and passwords. | ||||
| CVE-2019-3939 | 1 Crestron | 4 Am-100, Am-100 Firmware, Am-101 and 1 more | 2024-08-04 | 9.8 Critical |
| Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 use default credentials admin/admin and moderator/moderator for the web interface. An unauthenticated, remote attacker can use these credentials to gain privileged access to the device. | ||||
| CVE-2019-3983 | 1 Amazon | 2 Blink Xt2 Sync Module, Blink Xt2 Sync Module Firmware | 2024-08-04 | 6.8 Medium |
| Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary code and commands on the device due to insufficient UART protections. | ||||
| CVE-2019-3950 | 1 Arlo | 10 Vmb3010, Vmb3010 Firmware, Vmb3500 and 7 more | 2024-08-04 | N/A |
| Arlo Basestation firmware 1.12.0.1_27940 and prior contain a hardcoded username and password combination that allows root access to the device when an onboard serial interface is connected to. | ||||
| CVE-2019-3932 | 1 Crestron | 4 Am-100, Am-100 Firmware, Am-101 and 1 more | 2024-08-04 | 9.8 Critical |
| Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to authentication bypass due to a hard-coded password in return.tgi. A remote, unauthenticated attacker can use this vulnerability to control external devices via the uart_bridge. | ||||
| CVE-2019-3908 | 1 Identicard | 1 Premisys Id | 2024-08-04 | 7.5 High |
| Premisys Identicard version 3.1.190 stores backup files as encrypted zip files. The password to the zip is hard-coded and unchangeable. An attacker with access to these backups can decrypt them and obtain sensitive data. | ||||
| CVE-2019-3906 | 1 Identicard | 1 Premisys Id | 2024-08-04 | 8.8 High |
| Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and modify its contents. | ||||
| CVE-2019-3907 | 1 Identicard | 1 Premisys Id | 2024-08-04 | 7.5 High |
| Premisys Identicard version 3.1.190 stores user credentials and other sensitive information with a known weak encryption method (MD5 hash of a salt and password). | ||||
| CVE-2019-3710 | 1 Dell | 1 Emc Networking Os10 | 2024-08-04 | 8.1 High |
| Dell EMC Networking OS10 versions prior to 10.4.3 contain a cryptographic key vulnerability due to an underlying application using undocumented, pre-installed X.509v3 key/certificate pairs. An unauthenticated remote attacker with the knowledge of the default keys may potentially be able to intercept communications or operate the system with elevated privileges. | ||||
| CVE-2019-3496 | 1 Indionetworks | 2 Unibox, Unibox Firmware | 2024-08-04 | 8.8 High |
| An issue was discovered on Wifi-soft UniBox controller 3.x devices. The tools/controller/diagnostic_tools_controller Diagnostic Tools Controller is vulnerable to Remote Command Execution, allowing an attacker to execute arbitrary system commands on the server with root user privileges. Authentication for accessing this component can be bypassed by using Hard coded credentials. | ||||