Total
1366 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-34005 | 1 Southrivertech | 1 Titan Ftp Server Nextgen | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2.1050. There is Remote Code Execution due to a hardcoded password for the sa account on the Microsoft SQL Express 2019 instance installed by default during TitanFTP NextGen installation, aka NX-I674 (sub-issue 1). NOTE: as of 2022-06-21, the 1.2.1050 release corrects this vulnerability in a new installation, but not in an upgrade installation. | |||||
| CVE-2022-32985 | 1 Nexans | 26 Gigaswitch 641 Desk V5 Sfp-vi, Gigaswitch 641 Desk V5 Sfp-vi Firmware, Gigaswitch 642 Desk V5 Sfp-2vi and 23 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| libnx_apl.so on Nexans FTTO GigaSwitch before 6.02N and 7.x before 7.02 implements a Backdoor Account for SSH logins on port 50200 or 50201. | |||||
| CVE-2022-32967 | 1 Realtek | 4 Rtl8111ep-cg, Rtl8111ep-cg Firmware, Rtl8111fp-cg and 1 more | 2024-11-21 | N/A | 2.1 LOW |
| RTL8111EP-CG/RTL8111FP-CG DASH function has hard-coded password. An unauthenticated physical attacker can use the hard-coded default password during system reboot triggered by other user, to acquire partial system information such as serial number and server information. | |||||
| CVE-2022-32965 | 1 Omicard Edm Project | 1 Omicard Edm | 2024-11-21 | N/A | 9.8 CRITICAL |
| OMICARD EDM has a hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code, manipulate system data and disrupt service. | |||||
| CVE-2022-32389 | 1 Isode | 1 Swift | 2024-11-21 | N/A | 7.5 HIGH |
| Isode SWIFT v4.0.2 was discovered to contain hard-coded credentials in the Registry Editor. This allows attackers to access sensitive information such as user credentials and certificates. | |||||
| CVE-2022-31619 | 1 Siemens | 1 Teamcenter | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9), Teamcenter V13.1 (All versions < V13.1.0.9), Teamcenter V13.2 (All versions < V13.2.0.9), Teamcenter V13.3 (All versions < V13.3.0.3), Teamcenter V14.0 (All versions < V14.0.0.2). Java EE Server Manager HTML Adaptor in Teamcenter consists of default hardcoded credentials. Access to the application allows a user to perform a series of actions that could potentially lead to remote code execution with elevated permissions. | |||||
| CVE-2022-31462 | 1 Owllabs | 2 Meeting Owl Pro, Meeting Owl Pro Firmware | 2024-11-21 | 5.4 MEDIUM | 9.3 CRITICAL |
| Owl Labs Meeting Owl 5.2.0.15 allows attackers to control the device via a backdoor password (derived from the serial number) that can be found in Bluetooth broadcast data. | |||||
| CVE-2022-31460 | 1 Owllabs | 2 Meeting Owl Pro, Meeting Owl Pro Firmware | 2024-11-21 | 3.3 LOW | 7.4 HIGH |
| Owl Labs Meeting Owl 5.2.0.15 allows attackers to activate Tethering Mode with hard-coded hoothoot credentials via a certain c 150 value. | |||||
| CVE-2022-31322 | 1 Pentasecurity | 1 Wapples | 2024-11-21 | N/A | 7.8 HIGH |
| Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to escalate privileges via overwriting files using SUID flagged executables. | |||||
| CVE-2022-31269 | 1 Nortekcontrol | 2 Emerge E3, Emerge E3 Firmware | 2024-11-21 | N/A | 8.2 HIGH |
| Nortek Linear eMerge E3-Series devices through 0.32-09c place admin credentials in /test.txt that allow an attacker to open a building's doors. (This occurs in situations where the CVE-2019-7271 default credentials have been changed.) | |||||
| CVE-2022-31210 | 1 Infiray | 2 Iray-a8z3, Iray-a8z3 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The binary file /usr/local/sbin/webproject/set_param.cgi contains hardcoded credentials to the web application. Because these accounts cannot be deactivated or have their passwords changed, they are considered to be backdoor accounts. | |||||
| CVE-2022-30997 | 1 Yokogawa | 4 Stardom Fcj, Stardom Fcj Firmware, Stardom Fcn and 1 more | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| Use of hard-coded credentials vulnerability exists in STARDOM FCN Controller and FCJ Controller R4.10 to R4.31, which may allow an attacker with an administrative privilege to read/change configuration settings or update the controller with tampered firmware. | |||||
| CVE-2022-30627 | 1 Chcnav | 2 P5e Gnss, P5e Gnss Firmware | 2024-11-21 | N/A | 5.7 MEDIUM |
| This vulnerability affects all of the company's products that also include the FW versions: update_i90_cv2.021_b20210104, update_i50_v1.0.55_b20200509, update_x6_v2.1.2_b202001127, update_b5_v2.0.9_b20200706. This vulnerability makes it possible to extract from the FW the existing user passwords on their operating systems and passwords. | |||||
| CVE-2022-30622 | 1 Chcnav | 2 P5e Gnss, P5e Gnss Firmware | 2024-11-21 | N/A | 5.3 MEDIUM |
| Disclosure of information - the system allows you to view usernames and passwords without permissions, thus it will be possible to enter the system. Path access: http://api/sys_username_passwd.cmd - The server loads the request clearly by default. Disclosure of hard-coded credit information within the JS code sent to the customer within the Login.js file is a strong user (which is not documented) and also the password, which allow for super-user access. Username: chcadmin, Password: chcpassword. | |||||
| CVE-2022-30422 | 1 Proietti | 1 Planet Time Enterprise | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Proietti Tech srl Planet Time Enterprise 4.2.0.1,4.2.0.0,4.1.0.0,4.0.0.0,3.3.1.0,3.3.0.0 is vulnerable to Remote code execution via the Viewstate parameter. | |||||
| CVE-2022-30318 | 1 Honeywell | 4 Controledge Plc, Controledge Plc Firmware, Controledge Rtu and 1 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| Honeywell ControlEdge through R151.1 uses Hard-coded Credentials. According to FSCT-2022-0056, there is a Honeywell ControlEdge hardcoded credentials issue. The affected components are characterized as: SSH. The potential impact is: Remote code execution, manipulate configuration, denial of service. The Honeywell ControlEdge PLC and RTU product line exposes an SSH service on port 22/TCP. Login as root to this service is permitted and credentials for the root user are hardcoded without automatically changing them upon first commissioning. The credentials for the SSH service are hardcoded in the firmware. The credentials grant an attacker access to a root shell on the PLC/RTU, allowing for remote code execution, configuration manipulation and denial of service. | |||||
| CVE-2022-30314 | 1 Honeywell | 2 Safety Manager, Safety Manager Firmware | 2024-11-21 | N/A | 4.6 MEDIUM |
| Honeywell Experion PKS Safety Manager 5.02 uses Hard-coded Credentials. According to FSCT-2022-0052, there is a Honeywell Experion PKS Safety Manager hardcoded credentials issue. The affected components are characterized as: POLO bootloader. The potential impact is: Manipulate firmware. The Honeywell Experion PKS Safety Manager utilizes the DCOM-232/485 serial interface for firmware management purposes. When booting, the Safety Manager exposes the Enea POLO bootloader via this interface. Access to the boot configuration is controlled by means of credentials hardcoded in the Safety Manager firmware. The credentials for the bootloader are hardcoded in the firmware. An attacker with access to the serial interface (either through physical access, a compromised EWS or an exposed serial-to-ethernet gateway) can utilize these credentials to control the boot process and manipulate the unauthenticated firmware image (see FSCT-2022-0054). | |||||
| CVE-2022-30274 | 1 Motorola | 2 Ace1000, Ace1000 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| The Motorola ACE1000 RTU through 2022-05-02 uses ECB encryption unsafely. It can communicate with an XRT LAN-to-radio gateway by means of an embedded client. Credentials for accessing this gateway are stored after being encrypted with the Tiny Encryption Algorithm (TEA) in ECB mode using a hardcoded key. Similarly, the ACE1000 RTU can route MDLC traffic over Extended Command and Management Protocol (XCMP) and Network Layer (XNL) networks via the MDLC driver. Authentication to the XNL port is protected by TEA in ECB mode using a hardcoded key. | |||||
| CVE-2022-30271 | 1 Motorola | 2 Ace1000, Ace1000 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| The Motorola ACE1000 RTU through 2022-05-02 ships with a hardcoded SSH private key and initialization scripts (such as /etc/init.d/sshd_service) only generate a new key if no private-key file exists. Thus, this hardcoded key is likely to be used by default. | |||||
| CVE-2022-30234 | 1 Schneider-electric | 4 Wiser Smart Eer21000, Wiser Smart Eer21000 Firmware, Wiser Smart Eer21001 and 1 more | 2024-11-21 | 10.0 HIGH | 9.4 CRITICAL |
| A CWE-798: Use of Hard-coded Credentials vulnerability exists that could allow arbitrary code to be executed when root level access is obtained. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior) | |||||