Total
1282 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-9358 | 1 Marel | 44 A320, A320 Firmware, A325 and 41 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
A Hard-Coded Passwords issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dual Cam v139, IPM3 Single Cam v132, P520, P574, SensorX13 QC flow line, SensorX23 QC Master, SensorX23 QC Slave, Speed Batcher, T374, T377, V36, V36B, and V36C; M3210 terminal associated with the same systems as the M3000 terminal identified above; M3000 desktop software associated with the same systems as the M3000 terminal identified above; MAC4 controller associated with the same systems as the M3000 terminal identified above; SensorX23 X-ray machine; SensorX25 X-ray machine; and MWS2 weighing system. The end user does not have the ability to change system passwords. | |||||
CVE-2016-9335 | 1 Redlion | 4 Sixnet-managed Industrial Switches, Sixnet-managed Industrial Switches Firmware, Stride-managed Ethernet Switches and 1 more | 2024-11-21 | 10.0 HIGH | 10.0 CRITICAL |
A hard-coded cryptographic key vulnerability was identified in Red Lion Controls Sixnet-Managed Industrial Switches running firmware Version 5.0.196 and Stride-Managed Ethernet Switches running firmware Version 5.0.190. Vulnerable versions of Stride-Managed Ethernet switches and Sixnet-Managed Industrial switches use hard-coded HTTP SSL/SSH keys for secure communication. Because these keys cannot be regenerated by users, all products use the same key. The attacker could disrupt communication or compromise the system. CVSS v3 base score: 10, CVSS vector string: (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). Red Lion Controls recommends updating to SLX firmware Version 5.3.174. | |||||
CVE-2016-9013 | 3 Canonical, Djangoproject, Fedoraproject | 3 Ubuntu Linux, Django, Fedora | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the database server by leveraging failure to manually specify a password in the database settings TEST dictionary. | |||||
CVE-2016-8954 | 1 Ibm | 1 Dashdb Local | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
IBM dashDB Local uses hard-coded credentials that could allow a remote attacker to gain access to the Docker container or database. | |||||
CVE-2016-8754 | 1 Huawei | 2 Oceanstor 5600 V3, Oceanstor 5600 V3 Firmware | 2024-11-21 | 5.4 MEDIUM | 7.5 HIGH |
Huawei OceanStor 5600 V3 V300R003C00 has a hardcoded SSH key vulnerability; the hardcoded keys are used to encrypt communication data and authenticate different nodes of the devices. An attacker may obtain the hardcoded keys and log in to such a device through SSH. | |||||
CVE-2016-8731 | 1 Foscam | 2 C1 Webcam, C1 Webcam Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Hard-coded FTP credentials (r:r) are included in the Foscam C1 running firmware 1.9.1.12. Knowledge of these credentials would allow remote access to any cameras found on the internet that do not have port 50021 blocked by an intermediate device. | |||||
CVE-2016-8717 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless Access Point running firmware 1.1. The device operating system contains an undocumented, privileged (root) account with hard-coded credentials, giving attackers full control of affected devices. | |||||
CVE-2016-8567 | 1 Siemens | 1 Sicam Pas\/pqs | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in Siemens SICAM PAS before 8.00. A factory account with hard-coded passwords is present in the SICAM PAS installations. Attackers might gain privileged access to the database over Port 2638/TCP. | |||||
CVE-2016-8491 | 1 Fortinet | 1 Fortiwlc | 2024-11-21 | 9.4 HIGH | 9.1 CRITICAL |
The presence of a hardcoded account named 'core' in Fortinet FortiWLC allows attackers to gain unauthorized read/write access via a remote shell. | |||||
CVE-2016-8361 | 1 Lynxspring | 1 Jenesys Bas Bridge | 2024-11-21 | 7.5 HIGH | 8.6 HIGH |
An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application uses a hard-coded username with no password allowing an attacker into the system without authentication. | |||||
CVE-2016-7560 | 1 Fortinet | 1 Fortiwlc | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
The rsyncd server in Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 has a hardcoded rsync account, which allows remote attackers to read or write to arbitrary files via unspecified vectors. | |||||
CVE-2016-6829 | 2 Barclamp-trove Project, Crowbar-openstack Project | 2 Barclamp-trove, Crowbar-openstack | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
The trove service user in (1) Openstack deployment (aka crowbar-openstack) and (2) Trove Barclamp (aka barclamp-trove and crowbar-barclamp-trove) in the Crowbar Framework has a default password, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||
CVE-2016-6535 | 1 Aver | 2 Eh6108h\+, Eh6108h\+ Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
AVer Information EH6108H+ devices with firmware X9.03.24.00.07l have hardcoded accounts, which allows remote attackers to obtain root access by leveraging knowledge of the credentials and establishing a TELNET session. | |||||
CVE-2016-6532 | 1 Dexis | 1 Imaging Suite | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
DEXIS Imaging Suite 10 has a hardcoded password for the sa account, which allows remote attackers to obtain administrative access by entering this password in a DEXIS_DATA SQL Server session. | |||||
CVE-2016-6530 | 1 Dentsply Sirona | 1 Cdr Dicom | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
Dentsply Sirona (formerly Schick) CDR Dicom 5 and earlier has default passwords for the sa and cdr accounts, which allows remote attackers to obtain administrative access by leveraging knowledge of these passwords. | |||||
CVE-2016-5818 | 1 Schneider-electric | 2 Powerlogic Pm8ecc, Powerlogic Pm8ecc Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in Schneider Electric PowerLogic PM8ECC device 2.651 and older. Undocumented hard-coded credentials allow access to the device. | |||||
CVE-2016-5816 | 1 Westermo | 8 Mrd-305-din, Mrd-305-din Firmware, Mrd-315-din and 5 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
A Use of Hard-Coded Cryptographic Key issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded private cryptographic keys that may allow an attacker to decrypt traffic from any other source. | |||||
CVE-2016-5678 | 1 Nuuo | 2 Nvrmini 2, Nvrsolo | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
NUUO NVRmini 2 1.0.0 through 3.0.0 and NUUO NVRsolo 1.0.0 through 3.0.0 have hardcoded root credentials, which allows remote attackers to obtain administrative access via unspecified vectors. | |||||
CVE-2016-5333 | 1 Vmware | 1 Photon Os | 2024-11-21 | 9.3 HIGH | 9.8 CRITICAL |
VMware Photos OS OVA 1.0 before 2016-08-14 has a default SSH public key in an authorized_keys file, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key. | |||||
CVE-2016-5081 | 1 Zmodo | 2 Zp-ibh-13w, Zp-ne-14-s | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
ZModo ZP-NE14-S and ZP-IBH-13W devices have a hardcoded root password, which makes it easier for remote attackers to obtain access via a TELNET session. |