Vulnerabilities > Use of Hard-coded Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-25 | CVE-2022-29829 | Use of Hard-coded Credentials vulnerability in Mitsubishielectric GX Works3 Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.090U, GT Designer3 Version1 (GOT2000) versions from 1.122C to 1.290C and Motion Control Setting(GX Works3 related software) versions from 1.035M to 1.042U allows a remote unauthenticated attacker to disclose sensitive information. | 7.5 |
| 2022-11-25 | CVE-2022-29830 | Use of Hard-coded Credentials vulnerability in Mitsubishielectric GX Works3 Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.095Z and Motion Control Setting(GX Works3 related software) versions from 1.000A and later allows a remote unauthenticated attacker to disclose or tamper with sensitive information. | 9.1 |
| 2022-11-25 | CVE-2022-29831 | Use of Hard-coded Credentials vulnerability in Mitsubishielectric GX Works3 Use of Hard-coded Password vulnerability in Mitsubishi Electric Corporation GX Works3 versions from 1.015R to 1.095Z allows a remote unauthenticated attacker to obtain information about the project file for MELSEC safety CPU modules. | 7.5 |
| 2022-11-22 | CVE-2022-40602 | Use of Hard-coded Credentials vulnerability in Zyxel Lte3301-M209 Firmware 1.00(Ablg.2)C0/1.00(Ablg.4)C0 A flaw in the Zyxel LTE3301-M209 firmware verisons prior to V1.00(ABLG.6)C0 could allow a remote attacker to access the device using an improper pre-configured password if the remote administration feature has been enabled by an authenticated administrator. | 9.8 |
| 2022-11-09 | CVE-2021-34577 | Use of Hard-coded Credentials vulnerability in Kadenvodomery Picoflux AIR Firmware In the Kaden PICOFLUX AiR water meter an adversary can read the values through wireless M-Bus mode 5 with a hardcoded shared key while being adjacent to the device. | 6.5 |
| 2022-11-07 | CVE-2022-37710 | Use of Hard-coded Credentials vulnerability in Pattersondental Eaglesoft 21.0 Patterson Dental Eaglesoft 21 has AES-256 encryption but there are two ways to obtain a keyfile: (1) keybackup.data > License > Encryption Key or (2) Eaglesoft.Server.Configuration.data > DbEncryptKeyPrimary > Encryption Key. | 7.8 |
| 2022-11-04 | CVE-2022-40263 | Use of Hard-coded Credentials vulnerability in BD Totalys Multiprocessor Firmware 1.70 BD Totalys MultiProcessor, versions 1.70 and earlier, contain hardcoded credentials. | 7.8 |
| 2022-11-04 | CVE-2022-20868 | Use of Hard-coded Credentials vulnerability in Cisco Asyncos A vulnerability in the web-based management interface of Cisco Email Security Appliance, Cisco Secure Email and Web Manager and Cisco Secure Web Appliance could allow an authenticated, remote attacker to elevate privileges on an affected system. | 8.8 |
| 2022-11-02 | CVE-2022-26119 | Use of Hard-coded Credentials vulnerability in Fortinet Fortisiem A improper authentication vulnerability in Fortinet FortiSIEM before 6.5.0 allows a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password. | 7.8 |
| 2022-10-25 | CVE-2022-29477 | Use of Hard-coded Credentials vulnerability in Goabode Iota All-In-One Security KIT Firmware 6.9X/6.9Z An authentication bypass vulnerability exists in the web interface /action/factory* functionality of Abode Systems, Inc. | 9.8 |