Vulnerabilities > Use of Hard-coded Credentials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-23 | CVE-2019-10850 | Use of Hard-coded Credentials vulnerability in Computrols Building Automation Software Computrols CBAS 18.0.0 has Default Credentials. | 9.8 |
| 2019-05-23 | CVE-2019-10851 | Use of Hard-coded Credentials vulnerability in Computrols Building Automation Software Computrols CBAS 18.0.0 has hard-coded encryption keys. | 6.5 |
| 2019-05-22 | CVE-2019-6812 | Use of Hard-coded Credentials vulnerability in Schneider-Electric Bmx-Nor-0200H Firmware 1.7 A CWE-798 use of hardcoded credentials vulnerability exists in BMX-NOR-0200H with firmware versions prior to V1.7 IR 19 which could cause a confidentiality issue when using FTP protocol. | 7.2 |
| 2019-05-20 | CVE-2019-8352 | Use of Hard-coded Credentials vulnerability in BMC Patrol Agent By default, BMC PATROL Agent through 11.3.01 uses a static encryption key for encrypting/decrypting user credentials sent over the network to managed PATROL Agent services. | 9.8 |
| 2019-05-14 | CVE-2019-6572 | Use of Hard-coded Credentials vulnerability in Siemens products A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15.1 Update 1), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Professional (All versions < V15.1 Update 1), SIMATIC WinCC (TIA Portal) (All versions < V15.1 Update 1), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). | 9.1 |
| 2019-05-14 | CVE-2018-11691 | Use of Hard-coded Credentials vulnerability in Emerson Ve6046 Firmware 09.0.12 Emerson DeltaV Smart Switch Command Center application, available in versions 11.3.x and 12.3.1, was unable to change the DeltaV Smart Switches’ management password upon commissioning. | 9.8 |
| 2019-05-13 | CVE-2018-4017 | Use of Hard-coded Credentials vulnerability in Anker-In Roav Dashcam A1 Firmware Roava1Swv1.9 An exploitable vulnerability exists in the Wi-Fi Access Point feature of the Roav A1 Dashcam running version RoavA1SWV1.9. | 8.8 |
| 2019-05-09 | CVE-2019-6548 | Use of Hard-coded Credentials vulnerability in GE Communicator 3.15 GE Communicator, all versions prior to 4.0.517, contains two backdoor accounts with hardcoded credentials, which may allow control over the database. | 9.8 |
| 2019-05-07 | CVE-2019-10712 | Use of Hard-coded Credentials vulnerability in Wago products The Web-GUI on WAGO Series 750-88x (750-330, 750-352, 750-829, 750-831, 750-852, 750-880, 750-881, 750-882, 750-884, 750-885, 750-889) and Series 750-87x (750-830, 750-849, 750-871, 750-872, 750-873) devices has undocumented service access. | 9.8 |
| 2019-05-06 | CVE-2018-18979 | Use of Hard-coded Credentials vulnerability in Ascensia Contour Diabetes An issue was discovered in the Ascensia Contour NEXT ONE application for Android before 2019-01-15. | 7.4 |