Vulnerabilities > Use of Hard-coded Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-07 | CVE-2023-39169 | Use of Hard-coded Credentials vulnerability in Enbw Senec Storage BOX Firmware The affected devices use publicly available default credentials with administrative privileges. | 9.8 |
| 2023-12-05 | CVE-2023-6448 | Use of Hard-coded Credentials vulnerability in Unitronics products Unitronics VisiLogic before version 9.9.00, used in Vision and Samba PLCs and HMIs, uses a default administrative password. | 9.8 |
| 2023-12-04 | CVE-2023-40463 | Use of Hard-coded Credentials vulnerability in Sierrawireless Aleos When configured in debugging mode by an authenticated user with administrative privileges, ALEOS 4.16 and earlier store the SHA512 hash of the common root password for that version in a directory accessible to a user with root privileges or equivalent access. | 7.2 |
| 2023-12-04 | CVE-2023-40464 | Use of Hard-coded Credentials vulnerability in Sierrawireless Aleos Several versions of ALEOS, including ALEOS 4.16.0, use a hardcoded SSL certificate and private key. | 6.8 |
| 2023-12-01 | CVE-2023-28895 | Use of Hard-coded Credentials vulnerability in Preh Mib3 Firmware The password for access to the debugging console of the PoWer Controller chip (PWC) of the MIB3 infotainment is hard-coded in the firmware. | 6.8 |
| 2023-11-29 | CVE-2023-23324 | Use of Hard-coded Credentials vulnerability in Zumtobel Netlink CCD Firmware 3.80 Zumtobel Netlink CCD Onboard 3.74 - Firmware 3.80 was discovered to contain hardcoded credentials for the Administrator account. | 9.8 |
| 2023-11-28 | CVE-2023-29064 | Use of Hard-coded Credentials vulnerability in BD Facschorus The FACSChorus software contains sensitive information stored in plaintext. | 4.3 |
| 2023-11-22 | CVE-2023-47315 | Use of Hard-coded Credentials vulnerability in H-Mdm Headwind MDM 5.22.1 Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to a hard-coded JWT Secret. | 8.8 |
| 2023-11-16 | CVE-2023-48053 | Use of Hard-coded Credentials vulnerability in Archerydms Archery 1.9.0 Archery v1.10.0 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption. | 7.5 |
| 2023-11-16 | CVE-2023-48055 | Use of Hard-coded Credentials vulnerability in Superagi 0.0.13 SuperAGI v0.0.13 was discovered to use a hardcoded key for encryption operations. | 7.5 |