映射到 CWE-798 的搜索结果 (83)

CVE-2018-9112(发布:2018-05-09 23:29:00)NM
CVSS7.5

[原文]A low privileged admin account with a weak default password of admin exists on the Foxconn FEMTO AP-FC4064-T AP_GT_B38_5.8.3lb15-W47 LTE Build 15. In addition, its web management page relies on the existence or values of cookies when performing security-critical operations. One can gain privileges by modifying cookies.

CVE-2016-9335(发布:2018-05-09 09:29:00)NM
CVSS10.0

[原文]A hard-coded cryptographic key vulnerability was identified in Red Lion Controls Sixnet-Managed Industrial Switches running firmware Version 5.0.196 and Stride-Managed Ethernet Switches running firmware Version 5.0.190. Vulnerable versions of Stride-Managed Ethernet switches and Sixnet-Managed Industrial switches use hard-coded HTTP SSL/SSH keys for secure communication. Because these keys cannot be regenerated by users, all products use the same key. The attacker could disrupt communication or compromise the system. CVSS v3 base score: 10, CVSS vector string: (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). Red Lion Controls recommends updating to SLX firmware Version 5.3.174.

CVE-2018-8857(发布:2018-05-04 13:29:00)NM
CVSS7.2

[原文]Philips Brilliance CT software (Brilliance 64 version 2.6.2 and prior, Brilliance iCT versions 4.1.6 and prior, Brillance iCT SP versions 3.2.4 and prior, and Brilliance CT Big Bore 2.3.5 and prior) contains fixed credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. An attacker could compromise these credentials and gain access to the system.

CVE-2018-6401(发布:2018-05-02 03:29:00)NM
CVSS7.5

[原文]Meross MSS110 devices before 1.1.24 contain a TELNET listener providing access for an undocumented admin account with a blank password.

CVE-2017-9656(发布:2018-04-24 11:29:00)NMS
CVSS6.5

[原文]The backend database of the Philips DoseWise Portal application versions 1.1.7.333 and 2.1.1.3069 uses hard-coded credentials for a database account with privileges that can affect confidentiality, integrity, and availability of the database. For an attacker to exploit this vulnerability, elevated privileges are first required for an attacker to access the web application backend system files that contain the hard-coded credentials. Successful exploitation may allow a remote attacker to gain access to the database of the DWP application, which contains PHI. CVSS v3 base score: 9.1, CVSS vector string: AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H.

CVE-2018-7241(发布:2018-04-18 16:29:00)NMS
CVSS10.0

[原文]Hard coded accounts exist in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controlers in all versions of the communication modules.

12345678下一页尾页 第1页 / 共14页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站