Total
1388 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8964 | 1 Timetoolsltd | 20 Sc7105, Sc7105 Firmware, Sc9205 and 17 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.007, SR9210 1.0.007, SR9750 1.0.007, SR9850 1.0.007, T100 1.0.003, T300 1.0.003, and T550 1.0.003 devices allow remote attackers to bypass authentication by placing t3axs=TiMEtOOlsj7G3xMm52wB in a t3.cgi request, aka a "hardcoded cookie." | |||||
| CVE-2020-8868 | 1 Quest | 1 Foglight Evolve | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest Foglight Evolve 9.0.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the __service__ user account. The product contains a hard-coded password for this account. An attacker can leverage this vulnerability to execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-9553. | |||||
| CVE-2020-8573 | 1 Netapp | 2 Hci H610s, Hci H610s Firmware | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The NetApp HCI H610C, H615C and H610S Baseboard Management Controllers (BMC) are shipped with a documented default account and password that should be changed during the initial node setup. During upgrades to Element 11.8 and 12.0 or the Compute Firmware Bundle 12.2.92 the BMC account password on the H610C, H615C and H610S platforms is reset to the default documented value which could allow remote attackers to cause a Denial of Service (DoS). | |||||
| CVE-2020-8001 | 1 Intelliantech | 1 Aptus | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The Intellian Aptus application 1.0.2 for Android has a hardcoded password of intellian for the masteruser FTP account. | |||||
| CVE-2020-8000 | 1 Intelliantech | 1 Aptus Web | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Intellian Aptus Web 1.24 has a hardcoded password of 12345678 for the intellian account. | |||||
| CVE-2020-7999 | 1 Intelliantech | 1 Aptus | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Intellian Aptus application 1.0.2 for Android has hardcoded values for DOWNLOAD_API_KEY and FILE_DOWNLOAD_API_KEY. | |||||
| CVE-2020-7846 | 1 Cnesty | 1 Helpcom | 2024-11-21 | 6.8 MEDIUM | 8.0 HIGH |
| Helpcom before v10.0 contains a file download and execution vulnerability caused by storing hardcoded cryptographic key. It finally leads to a file download and execution via access to crafted web page. | |||||
| CVE-2020-7515 | 1 Schneider-electric | 1 Easergy Builder | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| A CWE-321: Use of hard-coded cryptographic key stored in cleartext vulnerability exists in Easergy Builder V1.4.7.2 and prior which could allow an attacker to decrypt a password. | |||||
| CVE-2020-7501 | 1 Schneider-electric | 1 Vijeo Designer | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A CWE-798: Use of Hard-coded Credentials vulnerability exists in Vijeo Designer Basic (V1.1 HotFix 16 and prior) and Vijeo Designer (V6.2 SP9 and prior) which could cause unauthorized read and write when downloading and uploading project or firmware into Vijeo Designer Basic and Vijeo Designer. | |||||
| CVE-2020-7498 | 1 Schneider-electric | 2 Os Loader, Unity Loader | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A CWE-798: Use of Hard-coded Credentials vulnerability exists in the Unity Loader and OS Loader Software (all versions). The fixed credentials are used to simplify file transfer. Today the use of fixed credentials is considered a vulnerability, which could cause unauthorized access to the file transfer service provided by the Modicon PLCs. This could result in various unintended results. | |||||
| CVE-2020-7352 | 1 Gog | 1 Galaxy | 2024-11-21 | 7.2 HIGH | 8.4 HIGH |
| The GalaxyClientService component of GOG Galaxy runs with elevated SYSTEM privileges in a Windows environment. Due to the software shipping with embedded, static RSA private key, an attacker with this key material and local user permissions can effectively send any operating system command to the service for execution in this elevated context. The service listens for such commands on a locally-bound network port, localhost:9978. A Metasploit module has been published which exploits this vulnerability. This issue affects the 2.0.x branch of the software (2.0.12 and earlier) as well as the 1.2.x branch (1.2.64 and earlier). A fix was issued for the 2.0.x branch of the affected software. | |||||
| CVE-2020-6990 | 1 Rockwellautomation | 6 Micrologix 1100, Micrologix 1100 Firmware, Micrologix 1400 and 3 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic key utilized to help protect the account password is hard coded into the RSLogix 500 binary file. An attacker could identify cryptographic keys and use it for further cryptographic attacks that could ultimately lead to a remote attacker gaining unauthorized access to the controller. | |||||
| CVE-2020-6985 | 1 Moxa | 110 Pt-7528-12msc-12tx-4gsfp-hv, Pt-7528-12msc-12tx-4gsfp-hv-hv, Pt-7528-12msc-12tx-4gsfp-hv-hv Firmware and 107 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, these devices use a hard-coded service code for access to the console. | |||||
| CVE-2020-6983 | 1 Moxa | 110 Pt-7528-12msc-12tx-4gsfp-hv, Pt-7528-12msc-12tx-4gsfp-hv-hv, Pt-7528-12msc-12tx-4gsfp-hv-hv Firmware and 107 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the affected products use a hard-coded cryptographic key, which increases the possibility that confidential data can be recovered. | |||||
| CVE-2020-6981 | 1 Moxa | 4 Eds-510e, Eds-510e Firmware, Eds-g516e and 1 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| In Moxa EDS-G516E Series firmware, Version 5.2 or lower, an attacker may gain access to the system without proper authentication. | |||||
| CVE-2020-6979 | 1 Moxa | 4 Eds-510e, Eds-510e Firmware, Eds-g516e and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected products use a hard-coded cryptographic key, increasing the possibility that confidential data can be recovered. | |||||
| CVE-2020-6963 | 1 Gehealthcare | 12 Apexpro Telemetry Server, Apexpro Telemetry Server Firmware, Carescape Central Station Mai700 and 9 more | 2024-11-21 | 10.0 HIGH | 10.0 CRITICAL |
| In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the affected products utilized hard coded SMB credentials, which may allow an attacker to remotely execute arbitrary code. | |||||
| CVE-2020-6882 | 1 Zte | 6 Zxhn E8810, Zxhn E8810 Firmware, Zxhn E8820 and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| ZTE E8810/E8820/E8822 series routers have an information leak vulnerability, which is caused by hard-coded MQTT service access credentials on the device. The remote attacker could use this credential to connect to the MQTT server, so as to obtain information about other devices by sending specific topics. This affects:<ZXHN E8810, ZXHN E8820, ZXHN E8822><E8810 V1.0.26, E8810 V2.0.1, E8820 V1.1.3L, E8820 V2.0.13, E8822 V2.0.13> | |||||
| CVE-2020-6857 | 1 Taskautomation | 1 Carbonftp | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| CarbonFTP v1.4 uses insecure proprietary password encryption with a hard-coded weak encryption key. The key for local FTP server passwords is hard-coded in the binary. | |||||
| CVE-2020-6779 | 1 Bosch | 4 Fsm-2500, Fsm-2500 Firmware, Fsm-5000 and 1 more | 2024-11-21 | 10.0 HIGH | 10.0 CRITICAL |
| Use of Hard-coded Credentials in the database of Bosch FSM-2500 server and Bosch FSM-5000 server up to and including version 5.2 allows an unauthenticated remote attacker to log into the database with admin-privileges. This may result in complete compromise of the confidentiality and integrity of the stored data as well as a high availability impact on the database itself. In addition, an attacker may execute arbitrary commands on the underlying operating system. | |||||