Security
Headlines
HeadlinesLatestCVEs

Tag

#hard_coded_credentials

Schneider Electric EcoStruxure Control Expert, EcoStruxure Process Expert, and Modicon M340, M580 and M580 Safety PLCs

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely Vendor: Schneider Electric Equipment: EcoStruxure Control Expert, EcoStruxure Process Expert and Modicon M340, M580 and M580 Safety PLCs Vulnerabilities: Improper Enforcement of Message Integrity During Transmission in a Communication Channel, Use of Hard-coded Credentials, Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a denial of service, a loss of confidentiality, and threaten the integrity of controllers. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Schneider Electric products are affected: Modicon M340 CPU (part numbers BMXP34*): Versions prior to sv3.60 (CVE-2023-6408) Modicon M580 CPU (part numbers BMEP* and BMEH* excluding M580 CPU Safety): Versions prior to SV4.20 (CVE-2023-6408) Modicon M580 CPU Safety: Versions prior to SV4.21 (CVE-2023-6408) EcoStruxure Control Expert: Versions prior to v16.0 EcoStruxure Process Expert:...

us-cert
#vulnerability#web#dos#git#pdf#hard_coded_credentials#auth
IBM Security Verify Access Appliance Insecure Transit / Hardcoded Passwords

IBM Security Verify Access Appliance suffers from multiple insecure transit vulnerabilities, hardcoded passwords, and uninitialized variables. ibmsecurity versions prior to 2024.4.5 are affected.

EmeraldWhale's Massive Git Breach Highlights Config Gaps

The large-scale operation took advantage of open repositories, hardcoded credentials in source code, and other cloud oversights.

NVIDIA shader out-of-bounds and eleven LevelOne router vulnerabilities

Cisco Talos' Vulnerability Research team recently discovered five Nvidia out-of-bounds access vulnerabilities in shader processing, as well as eleven LevelOne router vulnerabilities spanning a range of possible exploits. For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our

CISA Warns of Active Exploitation in SolarWinds Help Desk Software Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting SolarWinds Web Help Desk (WHD) software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2024-28987 (CVSS score: 9.1), the vulnerability relates to a case of hard-coded credentials that could be abused to gain

Intel Broker Claims Cisco Breach, Selling Stolen Data from Major Firms

Intel Broker claims a major data breach at Cisco, allegedly stealing source codes, confidential documents, and credentials from…

Critical Flaws in Tank Gauge Systems Expose Gas Stations to Remote Attacks

Critical security vulnerabilities have been disclosed in six different Automatic Tank Gauge (ATG) systems from five manufacturers that could expose them to remote attacks. "These vulnerabilities pose significant real-world risks, as they could be exploited by malicious actors to cause widespread damage, including physical damage, environmental hazards, and economic losses," Bitsight researcher

ABB Cylon Aspect 3.07.01 Hard-Coded Credentials

ABB Cylon Aspect version 3.07.01 BMS/BAS controller is operating with default and hard-coded credentials contained in install package while exposed to the Internet.

ABB Cylon Aspect 3.07.01 (config.inc.php) Hard-coded Credentials in phpMyAdmin

The ABB BMS/BAS controller is operating with default and hard-coded credentials contained in install package while exposed to the Internet.

Kastle Systems Access Control System

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Kastle Systems Equipment: Access Control System Vulnerabilities: Use of Hard-coded Credentials, Cleartext Storage of Sensitive Information 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to access sensitive information on the affected product. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Kastle Systems Access Control System are affected: Access Control System: Firmware before May 1, 2024 3.2 Vulnerability Overview 3.2.1 USE OF HARD-CODED CREDENTIALS CWE-798 Kastle Systems firmware prior to May 1, 2024, contained a hard-coded credential, which if accessed may allow an attacker to access sensitive information. CVE-2024-45861 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.6 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N). A CVSS v4 score has also been ...