Vulnerabilities > Use of Hard-coded Credentials

DATE CVE VULNERABILITY TITLE RISK
2019-03-26 CVE-2014-5431 Use of Hard-coded Credentials vulnerability in Baxter Sigma Spectrum Infusion System Firmware 6.05
Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 contains a hard-coded password, which provides access to basic biomedical information, limited device settings, and network configuration of the WBM, if connected.
low complexity
baxter CWE-798
6.8
6.8
2019-03-26 CVE-2014-5434 Use of Hard-coded Credentials vulnerability in Baxter Sigma Spectrum Infusion System Firmware 6.05
Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 has a default account with hard-coded credentials used with the FTP protocol.
network
low complexity
baxter CWE-798
critical
 9.8
9.8
2019-03-25 CVE-2019-10011 Use of Hard-coded Credentials vulnerability in Jenzabar Internet Campus Solution
ICS/StaticPages/AddTestUsers.aspx in Jenzabar JICS (aka Internet Campus Solution) before 2019-02-06 allows remote attackers to create an arbitrary number of accounts with a password of 1234.
network
low complexity
jenzabar CWE-798
critical
 9.8
9.8
2019-03-25 CVE-2015-3953 Use of Hard-coded Credentials vulnerability in Pifzer products
Hard-coded accounts may be used to access Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior.
network
low complexity
pifzer CWE-798
critical
 9.8
9.8
2019-03-21 CVE-2019-7161 Use of Hard-coded Credentials vulnerability in Zohocorp Manageengine Adselfservice Plus
An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.x through build 5704.
network
low complexity
zohocorp CWE-798
7.5
7.5
2019-03-21 CVE-2019-3497 Use of Hard-coded Credentials vulnerability in Indionetworks Unibox Firmware
An issue was discovered on Wifi-soft UniBox controller 0.x through 2.x devices.
network
low complexity
indionetworks CWE-798
8.8
8.8
2019-03-21 CVE-2019-3496 Use of Hard-coded Credentials vulnerability in Indionetworks Unibox Firmware
An issue was discovered on Wifi-soft UniBox controller 3.x devices.
network
low complexity
indionetworks CWE-798
8.8
8.8
2019-03-21 CVE-2018-20219 Use of Hard-coded Credentials vulnerability in Teracue products
An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below.
network
high complexity
teracue CWE-798
8.1
8.1
2019-03-21 CVE-2018-18473 Use of Hard-coded Credentials vulnerability in Patlite products
A hidden backdoor on PATLITE NH-FB Series devices with firmware version 1.45 or earlier, NH-FV Series devices with firmware version 1.10 or earlier, and NBM Series devices with firmware version 1.09 or earlier allow attackers to enable an SSH daemon via the "kankichi" or "kamiyo4" password to the _secret1.htm URI.
network
low complexity
patlite CWE-798
critical
 9.8
9.8
2019-03-21 CVE-2018-17492 Use of Hard-coded Credentials vulnerability in Hidglobal Easylobby Solo 11.0.4563
EasyLobby Solo contains default administrative credentials.
local
low complexity
hidglobal CWE-798
7.8
7.8