Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-33022

Summary
Assigner-icscert
Assigner Org ID-7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At-01 Apr, 2022 | 22:17
Updated At-16 Apr, 2025 | 16:32
Rejected At-
Credits

Philips Vue PACS Cleartext Transmission of Sensitive Information

Philips Vue PACS versions 12.2.x.x and prior transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:icscert
Assigner Org ID:7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At:01 Apr, 2022 | 22:17
Updated At:16 Apr, 2025 | 16:32
Rejected At:
▼CVE Numbering Authority (CNA)
Philips Vue PACS Cleartext Transmission of Sensitive Information

Philips Vue PACS versions 12.2.x.x and prior transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

Affected Products
Vendor
PhilipsPhilips
Product
Vue PACS
Versions
Affected
  • From unspecified through 12.2.x.x (custom)
Vendor
PhilipsPhilips
Product
Vue MyVue
Versions
Affected
  • From unspecified through 12.2.x.x (custom)
Vendor
PhilipsPhilips
Product
Vue Speech
Versions
Affected
  • From unspecified through 12.2.x.x (custom)
Vendor
PhilipsPhilips
Product
Vue Motion
Versions
Affected
  • From unspecified through 12.2.1.5 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-319CWE-319: Cleartext Transmission of Sensitive Information
Type: CWE
CWE ID: CWE-319
Description: CWE-319: Cleartext Transmission of Sensitive Information
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Philips has released the following plans to address these vulnerabilities: Philips recommends configuring the Vue PACS environment per D000763414 – Vue_PACS_12_Ports_Protocols_Services_Guide available on Incenter. Philips released Version 12.2.8.0 in May of 2021 for Speech to remediate this issue and recommends contacting support. Releases are subject to country specific regulations. Users with questions regarding their specific Philips Vue PACS installations and new release eligibility should contact a Philips Sales representative or submit a quote request in the eService portal at: Login - eService (philips.com) The Philips advisory is available. Please see the Philips product security website for the latest security information for Philips products.

Configurations
Workarounds
Exploits
Credits
Philips reported these vulnerabilities to CISA.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.cisa.gov/uscert/ics/advisories/icsma-21-187-01
x_refsource_CONFIRM
http://www.philips.com/productsecurity
x_refsource_CONFIRM
Hyperlink: https://www.cisa.gov/uscert/ics/advisories/icsma-21-187-01
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.philips.com/productsecurity
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.cisa.gov/uscert/ics/advisories/icsma-21-187-01
x_refsource_CONFIRM
x_transferred
http://www.philips.com/productsecurity
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.cisa.gov/uscert/ics/advisories/icsma-21-187-01
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.philips.com/productsecurity
Resource:
x_refsource_CONFIRM
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:ics-cert@hq.dhs.gov
Published At:01 Apr, 2022 | 23:15
Updated At:08 Apr, 2022 | 19:44

Philips Vue PACS versions 12.2.x.x and prior transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
Philips
philips
>>myvue>>Versions before 12.2.1.5(exclusive)
cpe:2.3:a:philips:myvue:*:*:*:*:*:*:*:*
Philips
philips
>>speech>>Versions before 12.2.8.0(exclusive)
cpe:2.3:a:philips:speech:*:*:*:*:*:*:*:*
Philips
philips
>>vue_motion>>Versions before 12.2.1.5(exclusive)
cpe:2.3:a:philips:vue_motion:*:*:*:*:*:*:*:*
Philips
philips
>>vue_pacs>>Versions before 12.2.8.0(exclusive)
cpe:2.3:a:philips:vue_pacs:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-319Primarynvd@nist.gov
CWE-319Secondaryics-cert@hq.dhs.gov
CWE ID: CWE-319
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-319
Type: Secondary
Source: ics-cert@hq.dhs.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.philips.com/productsecurityics-cert@hq.dhs.gov
Vendor Advisory
https://www.cisa.gov/uscert/ics/advisories/icsma-21-187-01ics-cert@hq.dhs.gov
Mitigation
Third Party Advisory
US Government Resource
Hyperlink: http://www.philips.com/productsecurity
Source: ics-cert@hq.dhs.gov
Resource:
Vendor Advisory
Hyperlink: https://www.cisa.gov/uscert/ics/advisories/icsma-21-187-01
Source: ics-cert@hq.dhs.gov
Resource:
Mitigation
Third Party Advisory
US Government Resource

Change History

0
Information is not available yet

Similar CVEs

288Records found
CVE-2021-32966
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-3.7||LOW
EPSS-0.10% / 28.55%
||
7 Day CHG~0.00%
Published-25 May, 2022 | 13:29
Updated-16 Apr, 2025 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Philips Interoperability Solution XDS - Clear Text Transmission of Sensitive Information

Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are vulnerable to clear text transmission of sensitive information when configured to use LDAP via TLS and where the domain controller returns LDAP referrals, which may allow an attacker to remotely read LDAP system credentials.

Action-Not Available
Vendor-Philips
Product-interoperability_solution_xdsInteroperability Solution XDS
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2021-33024
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-3.7||LOW
EPSS-0.18% / 39.96%
||
7 Day CHG~0.00%
Published-01 Apr, 2022 | 22:17
Updated-16 Apr, 2025 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Philips Vue PACS Insufficiently Protected Credentials

Philips Vue PACS versions 12.2.x.x and prior transmits or stores authentication credentials, but it uses an insecure method susceptible to unauthorized interception and/or retrieval.

Action-Not Available
Vendor-Philips
Product-myvuevue_motionspeechvue_pacsVue MotionVue PACSVue SpeechVue MyVue
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-33018
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.11% / 29.21%
||
7 Day CHG~0.00%
Published-01 Apr, 2022 | 22:17
Updated-16 Apr, 2025 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Philips Vue PACS Use of a Broken or Risky Cryptographic Algorithm

The use of a broken or risky cryptographic algorithm in Philips Vue PACS versions 12.2.x.x and prior is an unnecessary risk that may result in the exposure of sensitive information.

Action-Not Available
Vendor-Philips
Product-myvuevue_motionspeechvue_pacsVue MotionVue PACSVue SpeechVue MyVue
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2021-33020
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.2||HIGH
EPSS-0.22% / 44.29%
||
7 Day CHG~0.00%
Published-01 Apr, 2022 | 22:17
Updated-16 Apr, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Philips Vue PACS Use of a Key Past its Expiration Date

Philips Vue PACS versions 12.2.x.x and prior uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attacks against that key.

Action-Not Available
Vendor-Philips
Product-myvuevue_motionspeechvue_pacsVue MotionVue PACSVue SpeechVue MyVue
CWE ID-CWE-324
Use of a Key Past its Expiration Date
CWE ID-CWE-672
Operation on a Resource after Expiration or Release
CVE-2015-2884
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-7.5||HIGH
EPSS-0.32% / 54.19%
||
7 Day CHG~0.00%
Published-10 Apr, 2017 | 03:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Philips In.Sight B120/37 allows remote attackers to obtain sensitive information via a direct request, related to yoics.net URLs, stream.m3u8 URIs, and cam_service_enable.cgi.

Action-Not Available
Vendor-n/aPhilips
Product-in.sight_b120\\37Philips In.Sight B120/37
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-26262
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.2||MEDIUM
EPSS-0.11% / 29.30%
||
7 Day CHG~0.00%
Published-19 Nov, 2021 | 18:35
Updated-03 Aug, 2024 | 20:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Philips MRI 1.5T and 3T Improper Access Control

Philips MRI 1.5T and MRI 3T Version 5.x.x does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Action-Not Available
Vendor-Philips
Product-mri_1.5t_firmwaremri_3t_firmwaremri_1.5tmri_3tMRI 1.5TMRI 3T
CWE ID-CWE-284
Improper Access Control
CVE-2018-14803
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-5.3||MEDIUM
EPSS-0.36% / 57.75%
||
7 Day CHG~0.00%
Published-26 Sep, 2018 | 19:00
Updated-17 Sep, 2024 | 02:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The Philips e-Alert contains a banner disclosure vulnerability that could allow attackers to obtain extraneous product information, such as OS and software components, via the HTTP response header that is normally not available to the attacker, but might be useful information in an attack.

Action-Not Available
Vendor-Philips
Product-e-alerte-alert_firmwaree-Alert Unit (non-medical device)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2020-14518
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-5.3||MEDIUM
EPSS-0.14% / 34.83%
||
7 Day CHG~0.00%
Published-21 Aug, 2020 | 12:10
Updated-04 Jun, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Philips DreamMapper Insertion of Sensitive Information into Log File

Philips DreamMapper, Version 2.24 and prior. Information written to log files can give guidance to a potential attacker.

Action-Not Available
Vendor-Philips
Product-dreammapperDreamMapper
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2019-13557
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-5.3||MEDIUM
EPSS-0.17% / 37.98%
||
7 Day CHG~0.00%
Published-08 Nov, 2019 | 17:26
Updated-04 Aug, 2024 | 23:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Tasy EMR, Tasy WebPortal Versions 3.02.1757 and prior, there is an information exposure vulnerability which may allow a remote attacker to access system and configuration information.

Action-Not Available
Vendor-n/aPhilips
Product-tasy_emrtasy_webportalTasy EMR
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-5466
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.28% / 51.25%
||
7 Day CHG~0.00%
Published-26 Mar, 2018 | 14:00
Updated-17 Sep, 2024 | 00:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a self-signed SSL certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information.

Action-Not Available
Vendor-Philips
Product-intellispace_portalPhilips IntelliSpace Portal
CWE ID-CWE-310
Not Available
CWE ID-CWE-295
Improper Certificate Validation
CVE-2018-5462
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.28% / 51.25%
||
7 Day CHG~0.00%
Published-26 Mar, 2018 | 14:00
Updated-16 Sep, 2024 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an SSL incorrect hostname certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information.

Action-Not Available
Vendor-Philips
Product-intellispace_portalPhilips IntelliSpace Portal
CWE ID-CWE-310
Not Available
CWE ID-CWE-295
Improper Certificate Validation
CVE-2018-8848
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.60% / 68.80%
||
7 Day CHG~0.00%
Published-26 Sep, 2018 | 19:00
Updated-17 Sep, 2024 | 01:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software, upon installation, sets incorrect permissions for an object that exposes it to an unintended actor.

Action-Not Available
Vendor-Philips
Product-e-alert_firmwaree-Alert Unit (non-medical device)
CWE ID-CWE-276
Incorrect Default Permissions
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2018-8863
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-5.9||MEDIUM
EPSS-0.13% / 32.61%
||
7 Day CHG~0.00%
Published-09 Nov, 2023 | 22:46
Updated-03 Sep, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Philips EncoreAnywhere Exposure of Sensitive Information to an Unauthorized Actor

The HTTP header in Philips EncoreAnywhere contains data an attacker may be able to use to gain sensitive information.

Action-Not Available
Vendor-Philips
Product-encoreanywhereEncoreAnywhere
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-8856
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 59.20%
||
7 Day CHG~0.00%
Published-26 Sep, 2018 | 19:00
Updated-17 Sep, 2024 | 01:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software contains hard-coded cryptographic key, which it uses for encryption of internal data.

Action-Not Available
Vendor-Philips
Product-e-alert_firmwaree-Alert Unit (non-medical device)
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2018-7498
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-0.09% / 25.06%
||
7 Day CHG~0.00%
Published-28 Mar, 2018 | 17:00
Updated-16 Sep, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Philips Alice 6 System version R8.0.2 or prior, the lack of proper data encryption passes up the guarantees of confidentiality, integrity, and accountability that properly implemented encryption conveys.

Action-Not Available
Vendor-Philips
Product-alice_6alice_6_firmwarePhilips Alice 6 System
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CVE-2018-7580
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.66% / 81.72%
||
7 Day CHG~0.00%
Published-21 Dec, 2020 | 20:33
Updated-05 Aug, 2024 | 06:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Philips Hue is vulnerable to a Denial of Service attack. Sending a SYN flood on port tcp/80 will freeze Philips Hue's hub and it will stop responding. The "hub" will stop operating and be frozen until the flood stops. During the flood, the user won't be able to turn on/off the lights, and all of the hub's functionality will be unresponsive. The cloud service also won't work with the hub.

Action-Not Available
Vendor-n/aPhilips
Product-hue_firmwarehuen/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2018-5464
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.28% / 51.25%
||
7 Day CHG~0.00%
Published-26 Mar, 2018 | 14:00
Updated-16 Sep, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an untrusted SSL certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information.

Action-Not Available
Vendor-Philips
Product-intellispace_portalPhilips IntelliSpace Portal
CWE ID-CWE-310
Not Available
CWE ID-CWE-295
Improper Certificate Validation
CVE-2018-5458
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.11% / 30.05%
||
7 Day CHG~0.00%
Published-26 Mar, 2018 | 14:00
Updated-17 Sep, 2024 | 03:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a vulnerability using SSL legacy encryption that could allow an attacker to gain unauthorized access to resources and information.

Action-Not Available
Vendor-Philips
Product-intellispace_portalPhilips IntelliSpace Portal
CWE ID-CWE-310
Not Available
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2018-8842
Matching Score-6
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-6
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.8||HIGH
EPSS-0.43% / 62.39%
||
7 Day CHG~0.00%
Published-26 Sep, 2018 | 19:00
Updated-16 Sep, 2024 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The Philips e-Alert communication channel is not encrypted which could therefore lead to disclosure of personal contact information and application login credentials from within the same subnet.

Action-Not Available
Vendor-Philips
Product-e-alert_firmwaree-Alert Unit (non-medical device)
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2018-4227
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.36% / 57.48%
||
7 Day CHG~0.00%
Published-08 Jun, 2018 | 18:00
Updated-05 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "Mail" component. It allows remote attackers to read the cleartext content of S/MIME encrypted messages via direct exfiltration.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xn/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2021-32982
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.12% / 30.50%
||
7 Day CHG~0.00%
Published-04 Apr, 2022 | 19:45
Updated-16 Apr, 2025 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Automation Direct CLICK PLC CPU Modules Cleartext Transmission of Sensitive Information

Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 passwords are sent as plaintext during unlocking and project transfers. An attacker who has network visibility can observe the password exchange.

Action-Not Available
Vendor-AutomationDirect
Product-c0-12dd1e-d_firmwarec0-10dd1e-dc0-12dd1e-1-dc0-11dd1e-dc0-11dre-d_firmwarec0-12are-1-dc0-11dd2e-d_firmwarec0-10dd1e-d_firmwarec0-11dd2e-dc0-12dre-2-dc0-12are-d_firmwarec0-12dd2e-d_firmwarec0-12dre-dc0-12are-2-dc0-10dre-d_firmwarec0-12dd1e-dc0-11dre-dc0-10dre-dc0-11are-dc0-12dd2e-dc0-12dd1e-2-d_firmwarec0-12dd1e-1-d_firmwarec0-12dre-d_firmwarec0-12are-2-d_firmwarec0-12dd2e-2-d_firmwarec0-12dd2e-1-d_firmwarec0-11dd1e-d_firmwarec0-12dd1e-2-dc0-12dd2e-1-dc0-10dd2e-dc0-12dre-2-d_firmwarec0-11are-d_firmwarec0-10are-d_firmwarec0-10dd2e-d_firmwarec0-12dd2e-2-dc0-12are-1-d_firmwarec0-12dre-1-d_firmwarec0-12dre-1-dc0-10are-dc0-12are-dCLICK PLC CPU Modules: C0-1x CPUs
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2021-32934
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.1||CRITICAL
EPSS-0.11% / 29.60%
||
7 Day CHG~0.00%
Published-19 May, 2022 | 17:20
Updated-16 Apr, 2025 | 16:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ThroughTek P2P SDK - Cleartext Transmission of Sensitive Information

The affected ThroughTek P2P products (SDKs using versions before 3.1.5, any versions with nossl tag, device firmware not using AuthKey for IOTC conneciton, firmware using AVAPI module without enabling DTLS mechanism, and firmware using P2PTunnel or RDT module) do not sufficiently protect data transferred between the local device and ThroughTek servers. This can allow an attacker to access sensitive information, such as camera feeds.

Action-Not Available
Vendor-throughtekThroughTek
Product-kalay_p2p_software_development_kitP2P SDK
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2021-31898
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.00% / 0.03%
||
7 Day CHG~0.00%
Published-11 May, 2021 | 12:18
Updated-03 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains WebStorm before 2021.1, HTTP requests were used instead of HTTPS.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-webstormn/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2008-4390
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-7.5||HIGH
EPSS-3.84% / 87.91%
||
7 Day CHG~0.00%
Published-09 Dec, 2008 | 00:00
Updated-07 Aug, 2024 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Cisco Linksys WVC54GC wireless video camera before firmware 1.25 sends cleartext configuration data in response to a Setup Wizard remote-management command, which allows remote attackers to obtain sensitive information such as passwords by sniffing the network.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-linksys_wvc54gclinksys_wvc54gc_firmwaren/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2025-1060
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-8.7||HIGH
EPSS-0.09% / 25.51%
||
7 Day CHG~0.00%
Published-13 Feb, 2025 | 05:53
Updated-13 Feb, 2025 | 15:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists that could result in the exposure of data when network traffic is being sniffed by an attacker.

Action-Not Available
Vendor-Schneider Electric SE
Product-ASCO 5350 Eight Channel Remote AnnunciatorASCO 5310 Single-Channel Remote Annunciator
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2008-3289
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.73% / 72.27%
||
7 Day CHG~0.00%
Published-24 Jul, 2008 | 17:00
Updated-07 Aug, 2024 | 09:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EMC Dantz Retrospect Backup Client 7.5.116 sends the password hash in cleartext at an unspecified point, which allows remote attackers to obtain sensitive information via a crafted packet.

Action-Not Available
Vendor-storcentricn/a
Product-retrospect_backup_clientn/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2018-19111
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 14.75%
||
7 Day CHG~0.00%
Published-08 Nov, 2018 | 08:00
Updated-05 Aug, 2024 | 11:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Google Cardboard application 1.8 for Android and 1.2 for iOS sends potentially private cleartext information to the Unity 3D Stats web site, as demonstrated by device make, model, and OS.

Action-Not Available
Vendor-n/aGoogle LLC
Product-cardboardn/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2021-31671
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.26% / 48.67%
||
7 Day CHG+0.01%
Published-27 Apr, 2021 | 02:43
Updated-03 Aug, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

pgsync before 0.6.7 is affected by Information Disclosure of sensitive information. Syncing the schema with the --schema-first and --schema-only options is mishandled. For example, the sslmode connection parameter may be lost, which means that SSL would not be used.

Action-Not Available
Vendor-pgsync_projectn/a
Product-pgsyncn/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2025-7731
Matching Score-4
Assigner-Mitsubishi Electric Corporation
ShareView Details
Matching Score-4
Assigner-Mitsubishi Electric Corporation
CVSS Score-7.5||HIGH
EPSS-0.02% / 4.74%
||
7 Day CHG~0.00%
Published-01 Sep, 2025 | 03:57
Updated-02 Sep, 2025 | 19:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Information Disclosure Vulnerability in MELSEC iQ-F Series CPU module

Cleartext Transmission of Sensitive Information vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote unauthenticated attacker to obtain credential information by intercepting SLMP communication messages, and read or write the device values of the product and stop the operations of programs by using the obtained credential information.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-MELSEC iQ-F Series FX5U-32MT/ESSMELSEC iQ-F Series FX5U-32MT/DSMELSEC iQ-F Series FX5U-32MT/DSSMELSEC iQ-F Series FX5S-80MT/DSSMELSEC iQ-F Series FX5U-64MR/DSMELSEC iQ-F Series FX5UJ-60MR/ESMELSEC iQ-F Series FX5UJ-60MR/DSMELSEC iQ-F Series FX5UJ-40MT/ES-AMELSEC iQ-F Series FX5S-40MT/ESMELSEC iQ-F Series FX5S-60MT/ESSMELSEC iQ-F Series FX5S-80MT/DSMELSEC iQ-F Series FX5S-30MT/DSMELSEC iQ-F Series FX5U-32MR/DSMELSEC iQ-F Series FX5UJ-24MR/DSMELSEC iQ-F Series FX5S-30MT/ESMELSEC iQ-F Series FX5UJ-24MT/DSMELSEC iQ-F Series FX5UJ-40MT/DSMELSEC iQ-F Series FX5UJ-60MT/DSSMELSEC iQ-F Series FX5UJ-24MT/DSSMELSEC iQ-F Series FX5U-80MT/DSMELSEC iQ-F Series FX5UJ-60MT/DSMELSEC iQ-F Series FX5U-64MT/ESMELSEC iQ-F Series FX5UJ-24MT/ESMELSEC iQ-F Series FX5S-60MT/ESMELSEC iQ-F Series FX5S-80MT/ESSMELSEC iQ-F Series FX5U-64MT/ESSMELSEC iQ-F Series FX5UC-64MT/DMELSEC iQ-F Series FX5U-64MT/DSSMELSEC iQ-F Series FX5UJ-60MT/ESMELSEC iQ-F Series FX5UC-64MT/DSSMELSEC iQ-F Series FX5S-30MR/ESMELSEC iQ-F Series FX5U-80MT/DSSMELSEC iQ-F Series FX5UC-32MT/DS-TSMELSEC iQ-F Series FX5UJ-40MT/ESMELSEC iQ-F Series FX5S-80MT/ESMELSEC iQ-F Series FX5S-60MT/DSMELSEC iQ-F Series FX5U-80MT/ESMELSEC iQ-F Series FX5S-30MT/ESSMELSEC iQ-F Series FX5U-64MT/DSMELSEC iQ-F Series FX5UJ-24MR/ES-AMELSEC iQ-F Series FX5UJ-40MR/DSMELSEC iQ-F Series FX5UJ-40MT/ESSMELSEC iQ-F Series FX5UJ-40MR/ESMELSEC iQ-F Series FX5S-60MR/DSMELSEC iQ-F Series FX5UJ-24MR/ESMELSEC iQ-F Series FX5UJ-40MR/ES-AMELSEC iQ-F Series FX5S-40MT/ESSMELSEC iQ-F Series FX5S-60MR/ESMELSEC iQ-F Series FX5U-80MT/ESSMELSEC iQ-F Series FX5UC-32MT/DSS-TSMELSEC iQ-F Series FX5UC-32MT/DSSMELSEC iQ-F Series FX5U-32MT/ESMELSEC iQ-F Series FX5U-80MR/ESMELSEC iQ-F Series FX5UC-32MT/DMELSEC iQ-F Series FX5S-40MR/ESMELSEC iQ-F Series FX5S-30MT/DSSMELSEC iQ-F Series FX5S-80MR/ESMELSEC iQ-F Series FX5UJ-60MR/ES-AMELSEC iQ-F Series FX5S-30MR/DSMELSEC iQ-F Series FX5S-40MT/DSSMELSEC iQ-F Series FX5U-80MR/DSMELSEC iQ-F Series FX5UJ-60MT/ES-AMELSEC iQ-F Series FX5S-40MT/DSMELSEC iQ-F Series FX5S-60MT/DSSMELSEC iQ-F Series FX5U-64MR/ESMELSEC iQ-F Series FX5UJ-40MT/DSSMELSEC iQ-F Series FX5S-40MR/DSMELSEC iQ-F Series FX5S-80MR/DSMELSEC iQ-F Series FX5UC-32MR/DS-TSMELSEC iQ-F Series FX5UC-96MT/DSSMELSEC iQ-F Series FX5UJ-60MT/ESSMELSEC iQ-F Series FX5UC-96MT/DMELSEC iQ-F Series FX5UJ-24MT/ESSMELSEC iQ-F Series FX5UJ-24MT/ES-AMELSEC iQ-F Series FX5U-32MR/ES
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2008-0374
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.75% / 82.24%
||
7 Day CHG~0.00%
Published-22 Jan, 2008 | 19:00
Updated-07 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OKI C5510MFP Printer CU H2.15, PU 01.03.01, System F/W 1.01, and Web Page 1.00 sends the configuration of the printer in cleartext, which allows remote attackers to obtain the administrative password by connecting to TCP port 5548 or 7777.

Action-Not Available
Vendor-okin/a
Product-c5510mfpc5510mfp_firmwaren/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2015-7542
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 30.08%
||
7 Day CHG~0.00%
Published-03 Dec, 2019 | 22:13
Updated-06 Aug, 2024 | 07:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability exists in libgwenhywfar through 4.12.0 due to the usage of outdated bundled CA certificates.

Action-Not Available
Vendor-aquamaniaclibgwenhywfarDebian GNU/LinuxopenSUSE
Product-debian_linuxgwenhywfarleaplibgwenhywfar
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2025-69272
Matching Score-4
Assigner-CA Technologies - A Broadcom Company
ShareView Details
Matching Score-4
Assigner-CA Technologies - A Broadcom Company
CVSS Score-5.3||MEDIUM
EPSS-0.02% / 3.75%
||
7 Day CHG~0.00%
Published-12 Jan, 2026 | 04:33
Updated-14 Jan, 2026 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Spectrum password returned in clear

Cleartext Transmission of Sensitive Information vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Sniffing Attacks.This issue affects DX NetOps Spectrum: 21.2.1 and earlier.

Action-Not Available
Vendor-Microsoft CorporationLinux Kernel Organization, IncBroadcom Inc.
Product-linux_kernelwindowsdx_netops_spectrumDX NetOps Spectrum
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2025-66573
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-0.09% / 26.18%
||
7 Day CHG~0.00%
Published-04 Dec, 2025 | 20:45
Updated-23 Dec, 2025 | 00:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Solstice Pod API Session Key Extraction via API Endpoint

Solstice Pod API (version 5.5, 6.2) contains an unauthenticated API endpoint (`/api/config`) that exposes sensitive information such as the session key, server version, product details, and display name. Unauthorized users can extract live session information by accessing this endpoint without authentication.

Action-Not Available
Vendor-mersivemersive
Product-solstice_podsolstice_pod_firmwareSolstice Pod API Session Key Extraction via API Endpoint
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2019-16274
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.18% / 39.93%
||
7 Day CHG~0.00%
Published-06 Jan, 2020 | 19:52
Updated-05 Aug, 2024 | 01:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DTEN D5 before 1.3 and D7 before 1.3 devices transfer customer data files via unencrypted HTTP.

Action-Not Available
Vendor-dtenn/a
Product-d7d5_firmwared5d7_firmwaren/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2025-67159
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.02% / 5.85%
||
7 Day CHG+0.01%
Published-02 Jan, 2026 | 00:00
Updated-30 Jan, 2026 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vatilon v1.12.37-20240124 was discovered to transmit user credentials in plaintext.

Action-Not Available
Vendor-vatilonn/a
Product-pa4_firmwarepa4n/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2021-29397
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.18% / 39.39%
||
7 Day CHG~0.00%
Published-04 Feb, 2022 | 18:52
Updated-03 Aug, 2024 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cleartext Transmission of Sensitive Information in /northstar/Admin/login.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote local user to intercept users credentials transmitted in cleartext over HTTP.

Action-Not Available
Vendor-globalnorthstarn/a
Product-northstar_club_managementn/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2022-41636
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.1||CRITICAL
EPSS-0.12% / 30.52%
||
7 Day CHG~0.00%
Published-28 Oct, 2022 | 17:12
Updated-16 Apr, 2025 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Communication traffic involving "Ethernet Q Commands" service of Haas Controller version 100.20.000.1110 is transmitted in cleartext. This allows an attacker to obtain sensitive information being passed to and from the controller.

Action-Not Available
Vendor-haascncHaas
Product-haas_controllerHaas CNC Controller
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2024-49819
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.1||MEDIUM
EPSS-0.02% / 5.36%
||
7 Day CHG~0.00%
Published-17 Dec, 2024 | 17:41
Updated-10 Jan, 2025 | 17:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Guardium Key Lifecycle Manager information disclosure

IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that can be sniffed by unauthorized actors.

Action-Not Available
Vendor-IBM Corporation
Product-security_guardium_key_lifecycle_managerSecurity Guardium Key Lifecycle Manager
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2024-49387
Matching Score-4
Assigner-Acronis International GmbH
ShareView Details
Matching Score-4
Assigner-Acronis International GmbH
CVSS Score-5.4||MEDIUM
EPSS-0.15% / 36.28%
||
7 Day CHG~0.00%
Published-15 Oct, 2024 | 10:34
Updated-04 Feb, 2025 | 17:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cleartext transmission of sensitive information in acep-collector service. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.

Action-Not Available
Vendor-Microsoft CorporationAcronis (Acronis International GmbH)Linux Kernel Organization, Inc
Product-linux_kernelcyber_protectwindowsAcronis Cyber Protect 16
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2024-48894
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-5.9||MEDIUM
EPSS-0.04% / 12.61%
||
7 Day CHG~0.00%
Published-01 Dec, 2025 | 15:25
Updated-05 Dec, 2025 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cleartext transmission vulnerability exists in the WEBVIEW-M functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can sniff network traffic to trigger this vulnerability.

Action-Not Available
Vendor-socomecSocomec
Product-diris_m-70diris_m-70_firmwareDIRIS Digiware M-70
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2025-63364
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.03% / 6.74%
||
7 Day CHG~0.00%
Published-04 Dec, 2025 | 00:00
Updated-16 Dec, 2025 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway Firmware V3.1.1.0: HW 4.3.2.1: Webpage V7.04T.07.002880.0301 was discovered to transmit Administrator credentials in plaintext.

Action-Not Available
Vendor-wavesharen/a
Product-rs232\/485_to_wifi_eth_\(b\)rs232\/485_to_wifi_eth_\(b\)_firmwaren/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2017-1000024
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.25% / 47.66%
||
7 Day CHG~0.00%
Published-13 Jul, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable to an information disclosure in the web publishing plugins resulting in potential password and oauth token plaintext transmission

Action-Not Available
Vendor-n/aThe GNOME Project
Product-shotwelln/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2024-43187
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.06% / 17.67%
||
7 Day CHG~0.00%
Published-04 Feb, 2025 | 20:37
Updated-15 Dec, 2025 | 20:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Verify Access information disclosure

IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_access_dockersecurity_verify_accessSecurity Verify Access ApplianceSecurity Verify Access Container
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2025-62578
Matching Score-4
Assigner-Delta Electronics, Inc.
ShareView Details
Matching Score-4
Assigner-Delta Electronics, Inc.
CVSS Score-7.2||HIGH
EPSS-0.02% / 3.10%
||
7 Day CHG~0.00%
Published-26 Dec, 2025 | 06:05
Updated-08 Jan, 2026 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DVP-12SE - Modbus/TCP Cleartext Transmission of Sensitive Information

DVP-12SE - Modbus/TCP Cleartext Transmission of Sensitive Information

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-dvp-12se_firmwaredvp-12seDVP-12SE
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2014-5380
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-18.98% / 95.16%
||
7 Day CHG~0.00%
Published-13 Jan, 2020 | 12:55
Updated-06 Aug, 2024 | 11:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Grand MA 300 allows retrieval of the access PIN from sniffed data.

Action-Not Available
Vendor-grandingn/a
Product-grand_ma300grand_ma300_firmwaren/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2025-62765
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.7||HIGH
EPSS-0.02% / 4.52%
||
7 Day CHG~0.00%
Published-14 Nov, 2025 | 23:27
Updated-18 Nov, 2025 | 14:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
General Industrial Controls Lynx+ Gateway Cleartext Transmission of Sensitive Information

General Industrial Controls Lynx+ Gateway is vulnerable to a cleartext transmission vulnerability that could allow an attacker to observe network traffic to obtain sensitive information, including plaintext credentials.

Action-Not Available
Vendor-General Industrial Controls
Product-Lynx+ Gateway
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2022-3261
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.04% / 11.83%
||
7 Day CHG~0.00%
Published-15 Sep, 2023 | 20:20
Updated-25 Sep, 2024 | 13:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Plain-text passwords saved in /var/log/messages

A flaw was found in OpenStack. Multiple components show plain-text passwords in /var/log/messages during the OpenStack overcloud update run, leading to a disclosure of sensitive information problem.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-openstack_platformRed Hat OpenStack Platform 16.2openstack
CWE ID-CWE-256
Plaintext Storage of a Password
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2022-30994
Matching Score-4
Assigner-Acronis International GmbH
ShareView Details
Matching Score-4
Assigner-Acronis International GmbH
CVSS Score-7.5||HIGH
EPSS-0.15% / 35.72%
||
7 Day CHG~0.00%
Published-18 May, 2022 | 19:41
Updated-17 Sep, 2024 | 02:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cleartext transmission of sensitive information

Cleartext transmission of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 29240

Action-Not Available
Vendor-Acronis (Acronis International GmbH)Linux Kernel Organization, IncMicrosoft Corporation
Product-cyber_protectwindowslinux_kernelAcronis Cyber Protect 15
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2022-31204
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.12% / 31.28%
||
7 Day CHG-0.06%
Published-26 Jul, 2022 | 21:28
Updated-03 Aug, 2024 | 07:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords. They feature a UM Protection setting that allows users or system integrators to configure a password in order to restrict sensitive engineering operations (such as project/logic uploads and downloads). This password is set using the OMRON FINS command Program Area Protect and unset using the command Program Area Protect Clear, both of which are transmitted in cleartext.

Action-Not Available
Vendor-omronn/a
Product-sysmac_cp1e_firmwaresysmac_cp1lsysmac_cj2m_firmwaresysmac_cj2hsysmac_cp1esysmac_cj2h_firmwaresysmac_cp1h_firmwaresysmac_cp1hsysmac_cp1l_firmwarecp1w-cif41_firmwarecx-programmercp1w-cif41sysmac_cj2msysmac_cs1_firmwaresysmac_cs1n/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2022-40693
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-5.9||MEDIUM
EPSS-0.22% / 44.28%
||
7 Day CHG+0.10%
Published-07 Feb, 2023 | 16:52
Updated-16 Feb, 2023 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cleartext transmission vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted network sniffing can lead to a disclosure of sensitive information. An attacker can sniff network traffic to trigger this vulnerability.

Action-Not Available
Vendor-Moxa Inc.
Product-sds-3008-t_firmwaresds-3008sds-3008_firmwaresds-3008-tSDS-3008 Series Industrial Ethernet Switch
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found