Vulnerabilities > Use of Hard-coded Credentials

DATE CVE VULNERABILITY TITLE RISK
2022-11-25 CVE-2022-29830 Use of Hard-coded Credentials vulnerability in Mitsubishielectric GX Works3
Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.095Z and Motion Control Setting(GX Works3 related software) versions from 1.000A and later allows a remote unauthenticated attacker to disclose or tamper with sensitive information.
network
low complexity
mitsubishielectric CWE-798
critical
9.1
2022-11-25 CVE-2022-29831 Use of Hard-coded Credentials vulnerability in Mitsubishielectric GX Works3
Use of Hard-coded Password vulnerability in Mitsubishi Electric Corporation GX Works3 versions from 1.015R to 1.095Z allows a remote unauthenticated attacker to obtain information about the project file for MELSEC safety CPU modules.
network
low complexity
mitsubishielectric CWE-798
7.5
2022-11-22 CVE-2022-40602 Use of Hard-coded Credentials vulnerability in Zyxel Lte3301-M209 Firmware 1.00(Ablg.2)C0/1.00(Ablg.4)C0
A flaw in the Zyxel LTE3301-M209 firmware verisons prior to V1.00(ABLG.6)C0 could allow a remote attacker to access the device using an improper pre-configured password if the remote administration feature has been enabled by an authenticated administrator.
network
low complexity
zyxel CWE-798
critical
9.8
2022-11-07 CVE-2022-37710 Use of Hard-coded Credentials vulnerability in Pattersondental Eaglesoft 21.0
Patterson Dental Eaglesoft 21 has AES-256 encryption but there are two ways to obtain a keyfile: (1) keybackup.data > License > Encryption Key or (2) Eaglesoft.Server.Configuration.data > DbEncryptKeyPrimary > Encryption Key.
local
low complexity
pattersondental CWE-798
7.8
2022-11-04 CVE-2022-40263 Use of Hard-coded Credentials vulnerability in BD Totalys Multiprocessor Firmware 1.70
BD Totalys MultiProcessor, versions 1.70 and earlier, contain hardcoded credentials.
local
low complexity
bd CWE-798
7.8
2022-11-04 CVE-2022-20868 Use of Hard-coded Credentials vulnerability in Cisco Asyncos
A vulnerability in the web-based management interface of Cisco Email Security Appliance, Cisco Secure Email and Web Manager and Cisco Secure Web Appliance could allow an authenticated, remote attacker to elevate privileges on an affected system.
network
low complexity
cisco CWE-798
8.8
2022-11-02 CVE-2022-26119 Use of Hard-coded Credentials vulnerability in Fortinet Fortisiem
A improper authentication vulnerability in Fortinet FortiSIEM before 6.5.0 allows a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password.
local
low complexity
fortinet CWE-798
7.8
2022-10-24 CVE-2021-4228 Use of Hard-coded Credentials vulnerability in Lannerinc Iac-Ast2500 Firmware 1.00.0
Use of hard-coded TLS certificate by default allows an attacker to perform Man-in-the-Middle (MitM) attacks even in the presence of the HTTPS connection.
network
high complexity
lannerinc CWE-798
7.4
2022-10-24 CVE-2022-38117 Use of Hard-coded Credentials vulnerability in Juiker 4.6.0311.1
Juiker app hard-coded its AES key in the source code.
low complexity
juiker CWE-798
6.1
2022-10-20 CVE-2022-42176 Use of Hard-coded Credentials vulnerability in Pctechsoft Pcsecure 5.0.8.Xw
In PCTechSoft PCSecure V5.0.8.xw, use of Hard-coded Credentials in configuration files leads to admin panel access.
local
low complexity
pctechsoft CWE-798
7.8