Vulnerabilities (CVE)

CWE filter

CWE-798

Filter

329 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-15017 1 Zingbox 1 Inspector 2019-10-16 7.2
The SSH service is enabled on the Zingbox Inspector versions 1.294 and earlier, exposing SSH to the local network. When combined with PAN-SA-2019-0027, this can allow an attacker to authenticate to the service using hardcoded credentials.
CVE-2019-15015 1 Zingbox 1 Inspector 2019-10-16 7.2
In the Zingbox Inspector, versions 1.294 and earlier, hardcoded credentials for root and inspector user accounts are present in the system software, which can result in unauthorized users gaining access to the system.
CVE-2019-7594 2019-10-10 6.4
Metasys? ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a hardcoded RC2 key for certain encryption operations involving the Site Management Portal (SMP).
CVE-2019-7593 2019-10-10 6.4
Metasys? ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a shared RSA key pair for certain encryption operations involving the Site Management Portal (SMP).
CVE-2019-7212 1 Smartertools 1 Smartermail 2019-10-10 6.4
SmarterTools SmarterMail 16.x before build 6985 has hardcoded secret keys. An unauthenticated attacker could access other users? emails and file attachments. It was also possible to interact with mailing lists.
CVE-2018-11691 1 Emerson 1 Ve6046 Firmware 2019-10-10 10.0
Emerson DeltaV Smart Switch Command Center application, available in versions 11.3.x and 12.3.1, was unable to change the DeltaV Smart Switches? management password upon commissioning. Emerson released patches for DeltaV workstations to address...
CVE-2019-7225 1 Abb 15 Cp620-web Firmware, Cp620 Firmware, Cp630-web Firmware and 12 more 2019-10-09 5.8
The ABB HMI components implement hidden administrative accounts that are used during the provisioning phase of the HMI interface. These credentials allow the provisioning tool "Panel Builder 600" to flash a new interface and Tags (MODBUS coils)...
CVE-2019-6548 1 Ge 1 Ge Communicator 2019-10-09 6.8
GE Communicator, all versions prior to 4.0.517, contains two backdoor accounts with hardcoded credentials, which may allow control over the database. This service is inaccessible to attackers if Windows default firewall settings are used by the end user.
CVE-2019-4220 1 Ibm 2 Infosphere Information Server On Cloud, Watson Knowledge Catalog 2019-10-09 2.1
IBM InfoSphere Information Server 11.7.1.0 stores a common hard coded encryption key that could be used to decrypt sensitive information. IBM X-Force ID: 159229.
CVE-2019-3939 1 Crestron 2 Am-100 Firmware, Am-101 Firmware 2019-10-09 7.5
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 use default credentials admin/admin and moderator/moderator for the web interface. An unauthenticated, remote attacker can use these credentials to gain privileged access to...
CVE-2019-3938 1 Crestron 2 Am-100 Firmware, Am-101 Firmware 2019-10-09 2.1
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 stores usernames, passwords, and other configuration options in the file generated via the "export configuration" feature. The configuration file is encrypted using the awenc...
CVE-2019-3932 1 Crestron 2 Am-100 Firmware, Am-101 Firmware 2019-10-09 7.5
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to authentication bypass due to a hard-coded password in return.tgi. A remote, unauthenticated attacker can use this vulnerability to control external devices...
CVE-2019-3918 1 Nokia 1 I-240w-q Gpon Ont Firmware 2019-10-09 10.0
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 contains multiple hard coded credentials for the Telnet and SSH interfaces.
CVE-2019-3908 1 Identicard 1 Premisys Id 2019-10-09 5.0
Premisys Identicard version 3.1.190 stores backup files as encrypted zip files. The password to the zip is hard-coded and unchangeable. An attacker with access to these backups can decrypt them and obtain sensitive data.
CVE-2019-3906 1 Identicard 1 Premisys Id 2019-10-09 9.0
Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and modify its contents.
CVE-2019-1919 1 Cisco 2 Findit Network Manager, Findit Network Probe 2019-10-09 7.2
A vulnerability in the Cisco FindIT Network Management Software virtual machine (VM) images could allow an unauthenticated, local attacker who has access to the VM console to log in to the device with a static account that has root privileges....
CVE-2019-1688 1 Cisco 1 Network Assurance Engine 2019-10-09 5.6
A vulnerability in the management web interface of Cisco Network Assurance Engine (NAE) could allow an unauthenticated, local attacker to gain unauthorized access or cause a Denial of Service (DoS) condition on the server. The vulnerability is...
CVE-2019-1675 1 Cisco 1 Aironet Active Sensor 2019-10-09 7.8
A vulnerability in the default configuration of the Cisco Aironet Active Sensor could allow an unauthenticated, remote attacker to restart the sensor. The vulnerability is due to a default local account with a static password. The account has...
CVE-2019-13658 1 Ca 1 Network Flow Analysis 2019-10-09 7.5
CA Network Flow Analysis 9.x and 10.0.x have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security.
CVE-2019-13530 1 Philips 4 Intellivue Mp Monitors Mp2%2fx2 Firmware, Intellivue Mp Monitors Mp20-mp90 Firmware, Intellivue Mp Monitors Mp5%2f5sc Firmware and 1 more 2019-10-09 6.5
Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Firmware A.03.09, WLAN Version A, Firmware A.03.09, Part #: M8096-67501, WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C) and WLAN Version B, Firmware...