Vulnerabilities > Use of Hard-coded Credentials

DATE CVE VULNERABILITY TITLE RISK
2023-12-12 CVE-2023-36647 Use of Hard-coded Credentials vulnerability in Prolion Cryptospike 3.0.15
A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate arbitrary users and roles in web management and REST API endpoints via crafted JWT tokens.
network
low complexity
prolion CWE-798
7.5
2023-12-12 CVE-2023-36651 Use of Hard-coded Credentials vulnerability in Prolion Cryptospike 3.0.15
Hidden and hard-coded credentials in ProLion CryptoSpike 3.0.15P2 allow remote attackers to login to web management as super-admin and consume the most privileged REST API endpoints via these credentials.
network
low complexity
prolion CWE-798
7.2
2023-12-07 CVE-2023-33413 Use of Hard-coded Credentials vulnerability in Supermicro products
The configuration functionality in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions through 3.17.02, allows remote authenticated users to execute arbitrary commands.
network
low complexity
supermicro CWE-798
8.8
2023-12-07 CVE-2023-40300 Use of Hard-coded Credentials vulnerability in Netscout Ngeniuspulse 3.8.00.2349.0
NETSCOUT nGeniusPULSE 3.8 has a Hardcoded Cryptographic Key.
network
low complexity
netscout CWE-798
critical
9.8
2023-12-05 CVE-2023-6448 Use of Hard-coded Credentials vulnerability in Unitronics products
Unitronics VisiLogic before version 9.9.00, used in Vision and Samba PLCs and HMIs, uses a default administrative password.
network
low complexity
unitronics CWE-798
critical
9.8
2023-12-04 CVE-2023-40463 Use of Hard-coded Credentials vulnerability in Sierrawireless Aleos
When configured in debugging mode by an authenticated user with administrative privileges, ALEOS 4.16 and earlier store the SHA512 hash of the common root password for that version in a directory accessible to a user with root privileges or equivalent access.
network
low complexity
sierrawireless CWE-798
7.2
2023-12-04 CVE-2023-40464 Use of Hard-coded Credentials vulnerability in Sierrawireless Aleos
Several versions of ALEOS, including ALEOS 4.16.0, use a hardcoded SSL certificate and private key.
network
high complexity
sierrawireless CWE-798
6.8
2023-12-01 CVE-2023-28895 Use of Hard-coded Credentials vulnerability in Preh Mib3 Firmware
The password for access to the debugging console of the PoWer Controller chip (PWC) of the MIB3 infotainment is hard-coded in the firmware.
low complexity
preh CWE-798
6.8
2023-11-29 CVE-2023-23324 Use of Hard-coded Credentials vulnerability in Zumtobel Netlink CCD Firmware 3.80
Zumtobel Netlink CCD Onboard 3.74 - Firmware 3.80 was discovered to contain hardcoded credentials for the Administrator account.
network
low complexity
zumtobel CWE-798
critical
9.8
2023-11-28 CVE-2023-29064 Use of Hard-coded Credentials vulnerability in BD Facschorus
The FACSChorus software contains sensitive information stored in plaintext.
low complexity
bd CWE-798
4.3