Total
37 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-3947 | 1 Imdpen | 1 Video Conferencing With Zoom | 2024-02-05 | N/A | 5.3 MEDIUM |
| The Video Conferencing with Zoom plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'vczapi_encrypt_decrypt' function in versions up to, and including, 4.2.1. This makes it possible for unauthenticated attackers to decrypt and view the meeting id and password. | |||||
| CVE-2023-3632 | 1 Kunduz | 1 Kunduz | 2024-02-05 | N/A | 9.8 CRITICAL |
| Use of Hard-coded Cryptographic Key vulnerability in Sifir Bes Education and Informatics Kunduz - Homework Helper App allows Authentication Abuse, Authentication Bypass.This issue affects Kunduz - Homework Helper App: before 6.2.3. | |||||
| CVE-2023-3371 | 1 Wpdeveloper | 1 Embedpress | 2024-02-04 | N/A | 7.5 HIGH |
| The User Registration plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'lock_content_form_handler' and 'display_password_form' function in versions up to, and including, 3.7.3. This makes it possible for unauthenticated attackers to decrypt and view the password protected content. | |||||
| CVE-2023-22844 | 1 Milesight | 1 Milesightvpn | 2024-02-04 | N/A | 9.8 CRITICAL |
| An authentication bypass vulnerability exists in the requestHandlers.js verifyToken functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to authentication bypass. An attacker can send a network request to trigger this vulnerability. | |||||
| CVE-2023-0355 | 1 Akuvox | 2 E11, E11 Firmware | 2024-02-04 | N/A | 7.5 HIGH |
| Akuvox E11 uses a hard-coded cryptographic key, which could allow an attacker to decrypt sensitive information. | |||||
| CVE-2022-2641 | 2024-02-04 | N/A | 9.8 CRITICAL | ||
| Horner Automation’s RCC 972 with firmware version 15.40 has a static encryption key on the device. This could allow an attacker to perform unauthorized changes to the device, remotely execute arbitrary code, or cause a denial-of-service condition. | |||||
| CVE-2022-0664 | 1 Gravitl | 1 Netmaker | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| Use of Hard-coded Cryptographic Key in Go github.com/gravitl/netmaker prior to 0.8.5,0.9.4,0.10.0,0.10.1. | |||||
| CVE-2021-43552 | 1 Philips | 1 Patient Information Center Ix | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| The use of a hard-coded cryptographic key significantly increases the possibility encrypted data may be recovered from the Patient Information Center iX (PIC iX) Versions B.02, C.02, and C.03. | |||||
| CVE-2021-43587 | 1 Dell | 1 Powerpath Management Appliance | 2024-02-04 | 7.2 HIGH | 6.7 MEDIUM |
| Dell PowerPath Management Appliance, versions 3.2, 3.1, 3.0 P01, 3.0, and 2.6, use hard-coded cryptographic key. A local high-privileged malicious user may potentially exploit this vulnerability to gain access to secrets and elevate to gain higher privileges. | |||||
| CVE-2021-32520 | 1 Qsan | 1 Storage Manager | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Use of hard-coded cryptographic key vulnerability in QSAN Storage Manager allows attackers to obtain users’ credentials and related permissions. Suggest contacting with QSAN and refer to recommendations in QSAN Document. | |||||
| CVE-2021-27389 | 1 Siemens | 2 Opcenter Quality, Qms Automotive | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability has been identified in Opcenter Quality (All versions < V12.2), QMS Automotive (All versions < V12.30). A private sign key is shipped with the product without adequate protection. | |||||
| CVE-2020-25233 | 1 Siemens | 2 Logo\! 8 Bm, Logo\! 8 Bm Firmware | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). The firmware update of affected devices contains the private RSA key that is used as a basis for encryption of communication with the device. | |||||
| CVE-2020-28391 | 1 Siemens | 132 Scalance X200-4pirt, Scalance X200-4pirt Firmware, Scalance X201-3pirt and 129 more | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
| A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-200RNA switch family (All versions < V3.2.7). Devices create a new unique key upon factory reset, except when used with C-PLUG. When used with C-PLUG the devices use the hardcoded private RSA-key shipped with the firmware-image. An attacker could leverage this situation to a man-in-the-middle situation and decrypt previously captured traffic. | |||||
| CVE-2020-25234 | 1 Siemens | 2 Logo\! 8 Bm, Logo\! 8 Bm Firmware | 2024-02-04 | 3.6 LOW | 7.7 HIGH |
| A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3), LOGO! Soft Comfort (All versions < V8.3). The LOGO! program files generated and used by the affected components offer the possibility to save user-defined functions (UDF) in a password protected way. This protection is implemented in the software that displays the information. An attacker could reverse engineer the UDFs directly from stored program files. | |||||
| CVE-2020-28395 | 1 Siemens | 16 Scalance Xr324-12m, Scalance Xr324-12m Firmware, Scalance Xr324-12m Ts and 13 more | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
| A vulnerability has been identified in SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.0). Devices do not create a new unique private key after factory reset. An attacker could leverage this situation to a man-in-the-middle situation and decrypt previously captured traffic. | |||||
| CVE-2020-25231 | 1 Siemens | 3 Logo\! 8 Bm, Logo\! 8 Bm Firmware, Logo\! Soft Comfort | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3), LOGO! Soft Comfort (All versions < V8.3). The encryption of program data for the affected devices uses a static key. An attacker could use this key to extract confidential information from protected program files. | |||||
| CVE-2019-10920 | 1 Siemens | 2 Logo\!8 Bm, Logo\!8 Bm Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Project data stored on the device, which is accessible via port 10005/tcp, can be decrypted due to a hardcoded encryption key. The security vulnerability could be exploited by an unauthenticated attacker with network access to port 10005/tcp. No user interaction is required to exploit this security vulnerability. The vulnerability impacts confidentiality of the device. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||