Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-3927

Summary
Assigner-Hitachi Energy
Assigner Org ID-e383dce4-0c27-4495-91c4-0db157728d17
Published At-05 Jan, 2023 | 21:41
Updated At-10 Apr, 2025 | 14:06
Rejected At-
Credits

The affected products store public and private key that are used to sign and protect custom parameter set files from modification.

The affected products store both public and private key that are used to sign and protect Custom Parameter Set (CPS) file from modification. An attacker that manages to exploit this vulnerability will be able to change the CPS file, sign it so that it is trusted as the legitimate CPS file. This issue affects * FOXMAN-UN product: FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; * UNEM product: UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C. List of CPEs: * cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Hitachi Energy
Assigner Org ID:e383dce4-0c27-4495-91c4-0db157728d17
Published At:05 Jan, 2023 | 21:41
Updated At:10 Apr, 2025 | 14:06
Rejected At:
▼CVE Numbering Authority (CNA)
The affected products store public and private key that are used to sign and protect custom parameter set files from modification.

The affected products store both public and private key that are used to sign and protect Custom Parameter Set (CPS) file from modification. An attacker that manages to exploit this vulnerability will be able to change the CPS file, sign it so that it is trusted as the legitimate CPS file. This issue affects * FOXMAN-UN product: FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; * UNEM product: UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C. List of CPEs: * cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*

Affected Products
Vendor
Hitachi Energy Ltd.Hitachi Energy
Product
FOXMAN-UN
Default Status
unaffected
Versions
Affected
  • FOXMAN-UN R15B
  • FOXMAN-UN R15A
  • FOXMAN-UN R14B
  • FOXMAN-UN R14A
  • FOXMAN-UN R11B
  • FOXMAN-UN R11A
  • FOXMAN-UN R10C
  • FOXMAN-UN R9C
Unaffected
  • FOXMAN-UN R16A
Vendor
Hitachi Energy Ltd.Hitachi Energy
Product
UNEM
Default Status
unaffected
Versions
Affected
  • UNEM R15B
  • UNEM R15A
  • UNEM R14B
  • UNEM R14A
  • UNEM R11B
  • UNEM R11A
  • UNEM R10C
  • UNEM R9C
Unaffected
  • UNEM R16A
Problem Types
TypeCWE IDDescription
CWECWE-798CWE-798 Use of Hard-coded Credentials
Type: CWE
CWE ID: CWE-798
Description: CWE-798 Use of Hard-coded Credentials
Metrics
VersionBase scoreBase severityVector
3.18.0HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Version: 3.1
Base score: 8.0
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-75CAPEC-75 Manipulating Writeable Configuration Files
CAPEC ID: CAPEC-75
Description: CAPEC-75 Manipulating Writeable Configuration Files
Solutions
Configurations
Workarounds

For immediate recommended mitigation action if using FOXMAN-UN R15B and earlier OR UNEM R15B and earlier, follow the recommended security practices as described in section Mitigation Factors/Workarounds in the respective products' advisory.

Exploits
Credits
reporter
K-Businessom AG, Austria
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083&LanguageCode=en&DocumentPartId=&Action=Launch
N/A
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084&LanguageCode=en&DocumentPartId=&Action=Launch
N/A
Hyperlink: https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083&LanguageCode=en&DocumentPartId=&Action=Launch
Resource: N/A
Hyperlink: https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084&LanguageCode=en&DocumentPartId=&Action=Launch
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083&LanguageCode=en&DocumentPartId=&Action=Launch
x_transferred
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084&LanguageCode=en&DocumentPartId=&Action=Launch
x_transferred
Hyperlink: https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083&LanguageCode=en&DocumentPartId=&Action=Launch
Resource:
x_transferred
Hyperlink: https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084&LanguageCode=en&DocumentPartId=&Action=Launch
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cybersecurity@hitachienergy.com
Published At:05 Jan, 2023 | 22:15
Updated At:07 Nov, 2023 | 03:51

The affected products store both public and private key that are used to sign and protect Custom Parameter Set (CPS) file from modification. An attacker that manages to exploit this vulnerability will be able to change the CPS file, sign it so that it is trusted as the legitimate CPS file. This issue affects * FOXMAN-UN product: FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; * UNEM product: UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C. List of CPEs: * cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary3.18.0HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.0
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CPE Matches
Hitachi Energy Ltd.
hitachienergy
>>foxman-un>>Versions before r16a(exclusive)
cpe:2.3:a:hitachienergy:foxman-un:*:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>unem>>Versions before r16a(exclusive)
cpe:2.3:a:hitachienergy:unem:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-798Primarynvd@nist.gov
CWE-798Secondarycybersecurity@hitachienergy.com
CWE ID: CWE-798
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-798
Type: Secondary
Source: cybersecurity@hitachienergy.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083&LanguageCode=en&DocumentPartId=&Action=Launchcybersecurity@hitachienergy.com
Mitigation
Vendor Advisory
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084&LanguageCode=en&DocumentPartId=&Action=Launchcybersecurity@hitachienergy.com
Mitigation
Vendor Advisory
Hyperlink: https://search.abb.com/library/Download.aspx?DocumentID=8DBD000083&LanguageCode=en&DocumentPartId=&Action=Launch
Source: cybersecurity@hitachienergy.com
Resource:
Mitigation
Vendor Advisory
Hyperlink: https://search.abb.com/library/Download.aspx?DocumentID=8DBD000084&LanguageCode=en&DocumentPartId=&Action=Launch
Source: cybersecurity@hitachienergy.com
Resource:
Mitigation
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

593Records found
CVE-2021-40342
Matching Score-10
Assigner-Hitachi Energy
ShareView Details
Matching Score-10
Assigner-Hitachi Energy
CVSS Score-7.1||HIGH
EPSS-0.28% / 19.96%
||
7 Day CHG~0.00%
Published-05 Jan, 2023 | 21:27
Updated-10 Apr, 2025 | 14:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use of default key for encryption

In the DES implementation, the affected product versions use a default key for encryption. Successful exploitation allows an attacker to obtain sensitive information and gain access to the network elements that are managed by the affected products versions. This issue affects * FOXMAN-UN product: FOXMAN-UN R16A, FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; * UNEM product: UNEM R16A, UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C. List of CPEs: * cpe:2.3:a:hitachienergy:foxman-un:R16A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R16A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*

Action-Not Available
Vendor-Hitachi Energy Ltd.
Product-foxman-ununemUNEMFOXMAN-UN
CWE ID-CWE-798
Use of Hard-coded Credentials
CWE ID-CWE-287
Improper Authentication
CVE-2022-3929
Matching Score-8
Assigner-Hitachi Energy
ShareView Details
Matching Score-8
Assigner-Hitachi Energy
CVSS Score-8.3||HIGH
EPSS-0.39% / 30.58%
||
7 Day CHG~0.00%
Published-05 Jan, 2023 | 21:54
Updated-10 Apr, 2025 | 13:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Communication between the client and server partially using CORBA over TCP/IP

Communication between the client and the server application of the affected products is partially done using CORBA (Common Object Request Broker Architecture) over TCP/IP. This protocol is not encrypted and allows tracing of internal messages. This issue affects * FOXMAN-UN product: FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; * UNEM product: UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C. List of CPEs: * cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*

Action-Not Available
Vendor-Hitachi Energy Ltd.
Product-foxman-ununemUNEMFOXMAN-UN
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2024-7940
Matching Score-8
Assigner-Hitachi Energy
ShareView Details
Matching Score-8
Assigner-Hitachi Energy
CVSS Score-8.3||HIGH
EPSS-0.55% / 41.47%
||
7 Day CHG~0.00%
Published-27 Aug, 2024 | 12:52
Updated-28 Aug, 2024 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The product exposes a service that is intended for local only to all network interfaces without any authentication.

Action-Not Available
Vendor-Hitachi Energy Ltd.
Product-microscada_x_sys600MicroSCADA SYS600microscada_x_sys600
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2019-5620
Matching Score-8
Assigner-Rapid7, Inc.
ShareView Details
Matching Score-8
Assigner-Rapid7, Inc.
CVSS Score-9.8||CRITICAL
EPSS-70.08% / 99.29%
||
7 Day CHG~0.00%
Published-29 Apr, 2020 | 22:15
Updated-17 Sep, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ABB MicroSCADA Pro SYS600 Missing Authentication for Critical Function

ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function.

Action-Not Available
Vendor-Hitachi Energy Ltd.Microsoft CorporationABB
Product-microscada_pro_sys600windows_7windows_xpMicroSCADA Pro SYS600
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-28020
Matching Score-8
Assigner-Hitachi Energy
ShareView Details
Matching Score-8
Assigner-Hitachi Energy
CVSS Score-8||HIGH
EPSS-0.37% / 28.40%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 18:20
Updated-30 Oct, 2024 | 14:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM application and server management. If exploited a malicious high-privileged user could use the passwords and login information through complex routines to extend access on the server and other services.

Action-Not Available
Vendor-Hitachi Energy Ltd.
Product-foxman-ununemFOXMAN-UNUNEMfoxman-ununem
CWE ID-CWE-286
Incorrect User Management
CVE-2024-2012
Matching Score-8
Assigner-Hitachi Energy
ShareView Details
Matching Score-8
Assigner-Hitachi Energy
CVSS Score-9.1||CRITICAL
EPSS-0.60% / 44.09%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 13:16
Updated-15 Aug, 2024 | 21:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or code to be executed on the UNEM server allowing sensitive data to be read or modified or could cause other unintended behavior

Action-Not Available
Vendor-Hitachi Energy Ltd.
Product-foxman-ununemFOXMAN-UNUNEMfoxman_ununem
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2024-2011
Matching Score-8
Assigner-Hitachi Energy
ShareView Details
Matching Score-8
Assigner-Hitachi Energy
CVSS Score-8.6||HIGH
EPSS-0.47% / 36.98%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 13:24
Updated-15 Aug, 2024 | 21:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based buffer overflow vulnerability exists in the FOXMAN-UN/UNEM that if exploited will generally lead to a denial of service but can be used to execute arbitrary code, which is usually outside the scope of a program's implicit security policy

Action-Not Available
Vendor-Hitachi Energy Ltd.
Product-foxman-ununemFOXMAN-UNUNEMfoxman-ununem
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-3928
Matching Score-6
Assigner-Hitachi Energy
ShareView Details
Matching Score-6
Assigner-Hitachi Energy
CVSS Score-7.1||HIGH
EPSS-0.21% / 11.22%
||
7 Day CHG~0.00%
Published-05 Jan, 2023 | 21:50
Updated-10 Apr, 2025 | 13:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Hardcoded credential is found in the message queue

Hardcoded credential is found in affected products' message queue. An attacker that manages to exploit this vulnerability will be able to access data to the internal message queue. This issue affects * FOXMAN-UN product: FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; * UNEM product: UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C. List of CPEs: * cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*

Action-Not Available
Vendor-Hitachi Energy Ltd.
Product-foxman-ununemUNEMFOXMAN-UN
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-27163
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-23.63% / 97.51%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 18:37
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / tele1234 credentials for an ISP.

Action-Not Available
Vendor-fiberhomen/a
Product-hg6245dhg6245d_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-27158
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-23.63% / 97.51%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 18:37
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded L1vt1m4eng / 888888 credentials for an ISP.

Action-Not Available
Vendor-fiberhomen/a
Product-hg6245dhg6245d_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-27149
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-23.63% / 97.51%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 18:39
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded adminpldt / z6dUABtl270qRxt7a2uGTiw credentials for an ISP.

Action-Not Available
Vendor-fiberhomen/a
Product-hg6245dhg6245d_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-27155
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-20.49% / 97.17%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 18:38
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / 3UJUh2VemEfUtesEchEC2d2e credentials for an ISP.

Action-Not Available
Vendor-fiberhomen/a
Product-hg6245dhg6245d_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-49806
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-9.4||CRITICAL
EPSS-0.31% / 22.62%
||
7 Day CHG~0.00%
Published-29 Nov, 2024 | 16:53
Updated-29 Jan, 2025 | 21:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Verify Access Appliance hard coded credentials

IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_accessSecurity Verify Access
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-27168
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-19.84% / 97.07%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 18:36
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on FiberHome HG6245D devices through RP2613. There is a 6GFJdY4aAuUKJjdtSn7d password for the rdsadmin account.

Action-Not Available
Vendor-fiberhomen/a
Product-hg6245dhg6245d_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-27152
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-23.63% / 97.51%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 18:38
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded awnfibre / fibre@dm!n credentials for an ISP.

Action-Not Available
Vendor-fiberhomen/a
Product-hg6245dhg6245d_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-27150
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-20.49% / 97.17%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 18:39
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded gestiontelebucaramanga / t3l3buc4r4m4ng42013 credentials for an ISP.

Action-Not Available
Vendor-fiberhomen/a
Product-hg6245dhg6245d_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2026-29119
Matching Score-4
Assigner-Gridware Cybersecurity
ShareView Details
Matching Score-4
Assigner-Gridware Cybersecurity
CVSS Score-8.8||HIGH
EPSS-0.49% / 38.05%
||
7 Day CHG~0.00%
Published-04 Mar, 2026 | 07:58
Updated-17 Mar, 2026 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Hardcoded and Insecure Credentials for "Admin" Account providing Telnet Access on IDC SFX2100 Satellite Receiver

International Datacasting Corporation (IDC) SFX Series SuperFlex(SFX2100) SatelliteReceiver contains hardcoded and insecure credentials for the `admin` account. A remote unauthenticated attacker can use these undocumented credentials to access the satellite system directly via the Telnet service, leading to potential system compromise.

Action-Not Available
Vendor-datacastInternational Datacasting Corporation (IDC)
Product-sfx2100_firmwaresfx2100SFX2100 Series SuperFlex SatelliteReceiver
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-27162
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-26.85% / 97.77%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 18:37
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded user / tattoo@home credentials for an ISP.

Action-Not Available
Vendor-fiberhomen/a
Product-hg6245dhg6245d_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-27141
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-15.80% / 96.45%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 18:40
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on FiberHome HG6245D devices through RP2613. Credentials in /fhconf/umconfig.txt are obfuscated via XOR with the hardcoded *j7a(L#yZ98sSd5HfSgGjMj8;Ss;d)(*&^#@$a2s0i3g key. (The webs binary has details on how XOR is used.)

Action-Not Available
Vendor-fiberhomen/a
Product-hg6245dhg6245d_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-27167
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-14.59% / 96.20%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 18:36
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on FiberHome HG6245D devices through RP2613. There is a password of four hexadecimal characters for the admin account. These characters are generated in init_3bb_password in libci_adaptation_layer.so.

Action-Not Available
Vendor-fiberhomen/a
Product-hg6245dhg6245d_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-47558
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-9.4||CRITICAL
EPSS-0.52% / 39.95%
||
7 Day CHG~0.00%
Published-19 Sep, 2023 | 12:58
Updated-03 Aug, 2024 | 14:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Access Control in Ormazabal products

Devices ekorCCP and ekorRCI are vulnerable due to access to the FTP service using default credentials. Exploitation of this vulnerability can allow an attacker to modify critical files that could allow the creation of new users, delete or modify existing users, modify configuration files, install rootkits or backdoors.

Action-Not Available
Vendor-ormazabalOrmazabalormazabal
Product-ekorccp_firmwareekorrciekorrci_firmwareekorccpekorRCIekorCCPekorrciekorccp
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-27172
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-19.84% / 97.07%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 18:35
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on FiberHome HG6245D devices through RP2613. A hardcoded GEPON password for root is defined inside /etc/init.d/system-config.sh.

Action-Not Available
Vendor-fiberhomen/a
Product-hg6245dhg6245d_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-27156
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-14.54% / 96.19%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 18:38
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains credentials for an ISP that equal the last part of the MAC address of the br0 interface.

Action-Not Available
Vendor-fiberhomen/a
Product-hg6245dhg6245d_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-48113
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.94% / 56.19%
||
7 Day CHG~0.00%
Published-02 Feb, 2023 | 00:00
Updated-26 Mar, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in TOTOLINK N200RE_v5 firmware V9.3.5u.6139 allows unauthenticated attackers to access the telnet service via a crafted POST request. Attackers are also able to leverage this vulnerability to login as root via hardcoded credentials.

Action-Not Available
Vendor-n/aTOTOLINK
Product-n200re-v5n200re-v5_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-48539
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.34% / 25.75%
||
7 Day CHG~0.00%
Published-24 Oct, 2024 | 00:00
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Neye3C v4.5.2.0 was discovered to contain a hardcoded encryption key in the firmware update mechanism.

Action-Not Available
Vendor-n/anetdvr
Product-n/aneye3c
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-27143
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-15.99% / 96.48%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 18:40
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded user / user1234 credentials for an ISP.

Action-Not Available
Vendor-fiberhomen/a
Product-hg6245dhg6245d_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-26611
Matching Score-4
Assigner-KrCERT/CC
ShareView Details
Matching Score-4
Assigner-KrCERT/CC
CVSS Score-8.1||HIGH
EPSS-1.13% / 62.12%
||
7 Day CHG~0.00%
Published-26 Nov, 2021 | 16:31
Updated-03 Aug, 2024 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HejHome IP Camera use of hard-coded credentials vulnerability

HejHome GKW-IC052 IP Camera contained a hard-coded credentials vulnerability. This issue allows remote attackers to operate the IP Camera.(reboot, factory reset, snapshot etc..)

Action-Not Available
Vendor-hejGoqual
Product-hejhome_gkw-ic052_firmwarehejhome_gkw-ic052GKW-IC052
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-33219
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.15% / 79.75%
||
7 Day CHG~0.00%
Published-07 Jul, 2021 | 14:23
Updated-03 Aug, 2024 | 23:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded Web Application Administrator Passwords for the admin and nplus1user accounts.

Action-Not Available
Vendor-commscopen/a
Product-ruckus_iot_controllern/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-27161
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-17.14% / 96.69%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 18:37
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / 1234 credentials for an ISP.

Action-Not Available
Vendor-fiberhomen/a
Product-hg6245dhg6245d_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-27145
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-23.63% / 97.51%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 18:40
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / lnadmin credentials for an ISP.

Action-Not Available
Vendor-fiberhomen/a
Product-hg6245dhg6245d_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2017-20039
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-9.8||CRITICAL
EPSS-1.14% / 62.34%
||
7 Day CHG~0.00%
Published-11 Jun, 2022 | 10:00
Updated-15 Apr, 2025 | 14:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SICUNET Access Controller hard-coded password

A vulnerability was found in SICUNET Access Controller 0.32-05z. It has been classified as very critical. This affects an unknown part. The manipulation leads to weak authentication. It is possible to initiate the attack remotely.

Action-Not Available
Vendor-sicunetSICUNET
Product-access_controlAccess Controller
CWE ID-CWE-259
Use of Hard-coded Password
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2005-0496
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.94% / 85.30%
||
7 Day CHG~0.00%
Published-21 Feb, 2005 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Arkeia Network Backup Client 5.x contains hard-coded credentials that effectively serve as a back door, which allows remote attackers to access the file system and possibly execute arbitrary commands.

Action-Not Available
Vendor-arkeian/a
Product-network_backupn/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2026-28778
Matching Score-4
Assigner-Gridware Cybersecurity
ShareView Details
Matching Score-4
Assigner-Gridware Cybersecurity
CVSS Score-7.9||HIGH
EPSS-0.85% / 53.33%
||
7 Day CHG~0.00%
Published-04 Mar, 2026 | 07:49
Updated-17 Mar, 2026 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Hardcoded FTP Credentials and LPE(via Insecure Permissions) for `xd` Local Account on IDC SFX2100

International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver contains undocumented, hardcoded/insecure credentials for the `xd` user account. A remote unauthenticated attacker can log in via FTP using these credentials. Because the `xd` user has write permissions to their home directory where root-executed binaries and symlinks (such as those invoked by `xdstartstop`) are stored, the attacker can overwrite these files or manipulate symlinks to achieve arbitrary code execution as the root user.

Action-Not Available
Vendor-datacastInternational Datacasting Corporation (IDC)
Product-sfx2100_firmwaresfx2100IDC SFX2100 SuperFlex Satellite Receiver
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2026-28776
Matching Score-4
Assigner-Gridware Cybersecurity
ShareView Details
Matching Score-4
Assigner-Gridware Cybersecurity
CVSS Score-7.8||HIGH
EPSS-0.48% / 37.41%
||
7 Day CHG~0.00%
Published-04 Mar, 2026 | 07:34
Updated-17 Mar, 2026 | 16:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Hardcoded and Insecure Credentials for "monitor" account with SSH Access On IDC SFX2100 Satellite Receiver

International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver contains hardcoded credentials for the `monitor` account. A remote unauthenticated attacker can use these trivial, undocumented credentials to access the system via SSH. While initially dropped into a restricted shell, the attacker can trivially break out to achieve standard shell functionality.

Action-Not Available
Vendor-datacastInternational Datacasting Corporation (IDC)
Product-sfx2100_firmwaresfx2100IDC SFX2100 SuperFlex Satellite Receiver
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2026-7786
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-0.41% / 33.06%
||
7 Day CHG-0.11%
Published-29 May, 2026 | 17:11
Updated-16 Jun, 2026 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter Use of Hard-coded Credentials

Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter device firmware contains plaintext administrative credentials embedded in the firmware image. These credentials can be extracted through firmware analysis and used to authenticate to device services.

Action-Not Available
Vendor-Jinan USR IOT Technology Limited (PUSR)
Product-USR-W610 RS232/485 to Wi-Fi/Ethernet Converter
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2026-26218
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-0.37% / 28.39%
||
7 Day CHG~0.00%
Published-12 Feb, 2026 | 18:38
Updated-05 Mar, 2026 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
newbee-mall Default Seeded Administrator Credentials Allow Account Takeover

newbee-mall includes pre-seeded administrator accounts in its database initialization script. These accounts are provisioned with a predictable default password. Deployments that initialize or reset the database using the provided schema and fail to change the default administrative credentials may allow unauthenticated attackers to log in as an administrator and gain full administrative control of the application.

Action-Not Available
Vendor-newbee-mall_projectnewbee-ltd
Product-newbee-mallnewbee-mall
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-27147
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-17.14% / 96.69%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 18:39
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / admin credentials for an ISP.

Action-Not Available
Vendor-fiberhomen/a
Product-hg6245dhg6245d_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-27160
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-17.14% / 96.69%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 18:37
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded user / 888888 credentials for an ISP.

Action-Not Available
Vendor-fiberhomen/a
Product-hg6245dhg6245d_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-27146
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-20.49% / 97.17%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 18:40
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / CUadmin credentials for an ISP.

Action-Not Available
Vendor-fiberhomen/a
Product-hg6245dhg6245d_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-27159
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-23.63% / 97.51%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 18:37
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded useradmin / 888888 credentials for an ISP.

Action-Not Available
Vendor-fiberhomen/a
Product-hg6245dhg6245d_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-44097
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.76% / 50.62%
||
7 Day CHG~0.00%
Published-30 Nov, 2022 | 00:00
Updated-24 Apr, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Book Store Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel.

Action-Not Available
Vendor-book_store_management_system_projectn/a
Product-book_store_management_systemn/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-27144
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-21.94% / 97.34%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 18:40
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded f~i!b@e#r$h%o^m*esuperadmin / s(f)u_h+g|u credentials for an ISP.

Action-Not Available
Vendor-fiberhomen/a
Product-hg6245dhg6245d_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-27151
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-23.63% / 97.51%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 18:39
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded rootmet / m3tr0r00t credentials for an ISP.

Action-Not Available
Vendor-fiberhomen/a
Product-hg6245dhg6245d_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-27228
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.60% / 72.69%
||
7 Day CHG~0.00%
Published-22 Feb, 2021 | 16:16
Updated-03 Aug, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Shinobi through ocean version 1. lib/auth.js has Incorrect Access Control. Valid API Keys are held in an internal JS Object. Therefore an attacker can use JS Proto Method names (such as constructor or hasOwnProperty) to convince the System that the supplied API Key exists in the underlying JS object, and consequently achieve complete access to User/Admin/Super API functions, as demonstrated by a /super/constructor/accounts/list URI.

Action-Not Available
Vendor-shinobin/a
Product-shinobi_pron/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-45444
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-10||CRITICAL
EPSS-0.94% / 56.41%
||
7 Day CHG~0.00%
Published-18 Jan, 2023 | 00:41
Updated-07 Nov, 2023 | 03:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE-2022-45444

Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 contains hard-coded passwords for select users in the application’s database. This could allow a remote attacker to login to the database with unrestricted access.

Action-Not Available
Vendor-sewioSewio
Product-real-time_location_system_studioRTLS Studio
CWE ID-CWE-259
Use of Hard-coded Password
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2018-18007
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.92% / 77.20%
||
7 Day CHG~0.00%
Published-21 Dec, 2018 | 23:00
Updated-05 Aug, 2024 | 11:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

atbox.htm on D-Link DSL-2770L devices allows remote unauthenticated attackers to discover admin credentials.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dsl-2770ldsl-2770l_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2026-25803
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.36% / 28.10%
||
7 Day CHG~0.00%
Published-06 Feb, 2026 | 22:52
Updated-17 Mar, 2026 | 20:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
3DP-MANAGER Uses Hard-coded Credentials

3DP-MANAGER is an inbound generator for 3x-ui. In version 2.0.1 and prior, the application automatically creates an administrative account with known default credentials (admin/admin) upon the first initialization. Attackers with network access to the application's login interface can gain full administrative control, managing VPN tunnels and system settings. This issue will be patched in version 2.0.2.

Action-Not Available
Vendor-denpiligrimdenpiligrim
Product-3dp-manager3dp-manager
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-4333
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-9.8||CRITICAL
EPSS-0.85% / 53.41%
||
7 Day CHG+0.03%
Published-01 Jun, 2023 | 05:36
Updated-10 Jan, 2025 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sprecher: Sprecon maintenance access with hardcoded credentials

Hardcoded Credentials in multiple SPRECON-E CPU variants of Sprecher Automation allows an remote attacker to take over the device. These accounts should be deactivated according to Sprecher's hardening guidelines.

Action-Not Available
Vendor-sprecher-automationSprecher Automation
Product-sprecon-e-tc_ax-3110_firmwaresprecon-e-t3sprecon-e-p_ds6-0_firmwaresprecon-e_cp-2330sprecon-e-c_firmwaresprecon-e-p_dq6-1sprecon-e-csprecon-e_cp-2131_firmwaresprecon-e-p_dl6-1_firmwaresprecon-e-p_ds6-0sprecon-e_cp-2330_firmwaresprecon-e-t3_firmwaresprecon-e-p_dl6-1sprecon-e-p_dq6-1_firmwaresprecon-e-tc_ax-3110sprecon-e_ap-2200_firmwaresprecon-e_ap-2200sprecon-e_cp-2131SPRECON-E CPU PU243xSPRECON-E CPU SPRECON-EDIRSPRECON-E CPU PU244xSPRECON-E CPU MC33/34
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-48126
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 31.11%
||
7 Day CHG~0.00%
Published-15 Jan, 2025 | 00:00
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HI-SCAN 6040i Hitrax HX-03-19-I was discovered to contain hardcoded credentials for access to vendor support and service access.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2026-23781
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.28% / 19.98%
||
7 Day CHG~0.00%
Published-10 Apr, 2026 | 00:00
Updated-27 Apr, 2026 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A set of default debug user credentials is hardcoded in cleartext within the application package. If left unchanged, these credentials can be easily obtained and may allow unauthorized access to the MFT API debug interface.

Action-Not Available
Vendor-bmcn/a
Product-control-m\/managed_file_transfern/a
CWE ID-CWE-798
Use of Hard-coded Credentials
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 11
  • 12
  • Next
Details not found