Vulnerabilities > Use of Hard-coded Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-11 | CVE-2021-41848 | Use of Hard-coded Credentials vulnerability in multiple products An issue was discovered in Luna Simo PPR1.180610.011/202001031830. | 7.8 |
| 2022-03-11 | CVE-2022-21194 | Use of Hard-coded Credentials vulnerability in Yokogawa products The following Yokogawa Electric products do not change the passwords of the internal Windows accounts from the initial configuration: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.0, Exaopc versions from R3.72.00 to R3.79.00. | 9.8 |
| 2022-03-11 | CVE-2022-23402 | Use of Hard-coded Credentials vulnerability in Yokogawa products The following Yokogawa Electric products hard-code the password for CAMS server applications: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00 | 9.8 |
| 2022-03-11 | CVE-2022-25510 | Use of Hard-coded Credentials vulnerability in Freetakserver-Ui Project Freetakserver-Ui 1.9.8 FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or escalate privileges. | 8.8 |
| 2022-03-10 | CVE-2022-25213 | Use of Hard-coded Credentials vulnerability in Phicomm products Improper physical access control and use of hard-coded credentials in /etc/passwd permits an attacker with physical access to obtain a root shell via an unprotected UART port on the device. | 6.8 |
| 2022-03-10 | CVE-2022-25217 | Use of Hard-coded Credentials vulnerability in Phicomm K2 Firmware and K3C Firmware Use of a hard-coded cryptographic key pair by the telnetd_startup service allows an attacker on the local area network to obtain a root shell on the device over telnet. | 7.8 |
| 2022-03-02 | CVE-2022-25045 | Use of Hard-coded Credentials vulnerability in Home Owners Collection Management System Project Home Owners Collection Management System 1.0 Home Owners Collection Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel. | 9.8 |
| 2022-03-01 | CVE-2022-24255 | Use of Hard-coded Credentials vulnerability in Extensis Portfolio 4.0 Extensis Portfolio v4.0 was discovered to contain hardcoded credentials which allows attackers to gain administrator privileges. | 8.8 |
| 2022-02-24 | CVE-2022-25329 | Use of Hard-coded Credentials vulnerability in Trendmicro products Trend Micro ServerProtect 6.0/5.8 Information Server uses a static credential to perform authentication when a specific command is typed in the console. | 9.8 |
| 2022-02-21 | CVE-2021-27797 | Use of Hard-coded Credentials vulnerability in Broadcom Fabric Operating System Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric OS v8.0.x and v7.x contain documented hard-coded credentials, which could allow attackers to gain access to the system. | 9.8 |