Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-31193

Summary
Assigner-icscert
Assigner Org ID-7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At-22 May, 2023 | 19:28
Updated At-16 Jan, 2025 | 21:33
Rejected At-
Credits

Snap One OvrC Pro versions prior to 7.3 use HTTP connections when downloading a program from their servers. Because they do not use HTTPS, OvrC Pro devices are susceptible to exploitation.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:icscert
Assigner Org ID:7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At:22 May, 2023 | 19:28
Updated At:16 Jan, 2025 | 21:33
Rejected At:
▼CVE Numbering Authority (CNA)

Snap One OvrC Pro versions prior to 7.3 use HTTP connections when downloading a program from their servers. Because they do not use HTTPS, OvrC Pro devices are susceptible to exploitation.

Affected Products
Vendor
Snap One
Product
OvrC Cloud
Default Status
unaffected
Versions
Affected
  • From 0 before 7.3 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-319CWE-319 Cleartext Transmission of Sensitive Information
Type: CWE
CWE ID: CWE-319
Description: CWE-319 Cleartext Transmission of Sensitive Information
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Snap One has released the following updates/fixes for the affected products: * OvrC Pro v7.2 has been automatically pushed out to devices to update via OvrC cloud. * OvrC Pro v7.3 has been automatically pushed out to devices to update via OvrC cloud. * Disable UPnP. For more information, see Snap One’s Release Notes https://www.control4.com/docs/product/ovrc-software/release-notes/english/latest/ovrc-software-release-notes-rev-p.pdf .

Configurations
Workarounds
Exploits
Credits
finder
Uri Katz of Claroty reported these vulnerabilities to CISA.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-136-01
N/A
https://www.control4.com/docs/product/ovrc-software/release-notes/english/latest/ovrc-software-release-notes-rev-p.pdf
N/A
Hyperlink: https://www.cisa.gov/news-events/ics-advisories/icsa-23-136-01
Resource: N/A
Hyperlink: https://www.control4.com/docs/product/ovrc-software/release-notes/english/latest/ovrc-software-release-notes-rev-p.pdf
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-136-01
x_transferred
https://www.control4.com/docs/product/ovrc-software/release-notes/english/latest/ovrc-software-release-notes-rev-p.pdf
x_transferred
Hyperlink: https://www.cisa.gov/news-events/ics-advisories/icsa-23-136-01
Resource:
x_transferred
Hyperlink: https://www.control4.com/docs/product/ovrc-software/release-notes/english/latest/ovrc-software-release-notes-rev-p.pdf
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:ics-cert@hq.dhs.gov
Published At:22 May, 2023 | 20:15
Updated At:30 May, 2023 | 16:28

Snap One OvrC Pro versions prior to 7.3 use HTTP connections when downloading a program from their servers. Because they do not use HTTPS, OvrC Pro devices are susceptible to exploitation.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CPE Matches
snapone
snapone
>>orvc>>Versions before 7.3.0(exclusive)
cpe:2.3:a:snapone:orvc:*:*:*:*:*:pro:*:*
Weaknesses
CWE IDTypeSource
CWE-319Primaryics-cert@hq.dhs.gov
CWE ID: CWE-319
Type: Primary
Source: ics-cert@hq.dhs.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-136-01ics-cert@hq.dhs.gov
Third Party Advisory
US Government Resource
https://www.control4.com/docs/product/ovrc-software/release-notes/english/latest/ovrc-software-release-notes-rev-p.pdfics-cert@hq.dhs.gov
Release Notes
Hyperlink: https://www.cisa.gov/news-events/ics-advisories/icsa-23-136-01
Source: ics-cert@hq.dhs.gov
Resource:
Third Party Advisory
US Government Resource
Hyperlink: https://www.control4.com/docs/product/ovrc-software/release-notes/english/latest/ovrc-software-release-notes-rev-p.pdf
Source: ics-cert@hq.dhs.gov
Resource:
Release Notes

Change History

0
Information is not available yet

Similar CVEs

205Records found
CVE-2021-32966
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-3.7||LOW
EPSS-0.10% / 28.55%
||
7 Day CHG~0.00%
Published-25 May, 2022 | 13:29
Updated-16 Apr, 2025 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Philips Interoperability Solution XDS - Clear Text Transmission of Sensitive Information

Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are vulnerable to clear text transmission of sensitive information when configured to use LDAP via TLS and where the domain controller returns LDAP referrals, which may allow an attacker to remotely read LDAP system credentials.

Action-Not Available
Vendor-Philips
Product-interoperability_solution_xdsInteroperability Solution XDS
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2021-32982
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.12% / 30.50%
||
7 Day CHG~0.00%
Published-04 Apr, 2022 | 19:45
Updated-16 Apr, 2025 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Automation Direct CLICK PLC CPU Modules Cleartext Transmission of Sensitive Information

Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 passwords are sent as plaintext during unlocking and project transfers. An attacker who has network visibility can observe the password exchange.

Action-Not Available
Vendor-AutomationDirect
Product-c0-12dd1e-d_firmwarec0-10dd1e-dc0-12dd1e-1-dc0-11dd1e-dc0-11dre-d_firmwarec0-12are-1-dc0-11dd2e-d_firmwarec0-10dd1e-d_firmwarec0-11dd2e-dc0-12dre-2-dc0-12are-d_firmwarec0-12dd2e-d_firmwarec0-12dre-dc0-12are-2-dc0-10dre-d_firmwarec0-12dd1e-dc0-11dre-dc0-10dre-dc0-11are-dc0-12dd2e-dc0-12dd1e-2-d_firmwarec0-12dd1e-1-d_firmwarec0-12dre-d_firmwarec0-12are-2-d_firmwarec0-12dd2e-2-d_firmwarec0-12dd2e-1-d_firmwarec0-11dd1e-d_firmwarec0-12dd1e-2-dc0-12dd2e-1-dc0-10dd2e-dc0-12dre-2-d_firmwarec0-11are-d_firmwarec0-10are-d_firmwarec0-10dd2e-d_firmwarec0-12dd2e-2-dc0-12are-1-d_firmwarec0-12dre-1-d_firmwarec0-12dre-1-dc0-10are-dc0-12are-dCLICK PLC CPU Modules: C0-1x CPUs
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2021-32934
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.1||CRITICAL
EPSS-0.11% / 29.60%
||
7 Day CHG~0.00%
Published-19 May, 2022 | 17:20
Updated-16 Apr, 2025 | 16:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ThroughTek P2P SDK - Cleartext Transmission of Sensitive Information

The affected ThroughTek P2P products (SDKs using versions before 3.1.5, any versions with nossl tag, device firmware not using AuthKey for IOTC conneciton, firmware using AVAPI module without enabling DTLS mechanism, and firmware using P2PTunnel or RDT module) do not sufficiently protect data transferred between the local device and ThroughTek servers. This can allow an attacker to access sensitive information, such as camera feeds.

Action-Not Available
Vendor-throughtekThroughTek
Product-kalay_p2p_software_development_kitP2P SDK
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2021-31898
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.00% / 0.03%
||
7 Day CHG~0.00%
Published-11 May, 2021 | 12:18
Updated-03 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains WebStorm before 2021.1, HTTP requests were used instead of HTTPS.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-webstormn/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2008-4390
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-7.5||HIGH
EPSS-3.84% / 87.91%
||
7 Day CHG~0.00%
Published-09 Dec, 2008 | 00:00
Updated-07 Aug, 2024 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Cisco Linksys WVC54GC wireless video camera before firmware 1.25 sends cleartext configuration data in response to a Setup Wizard remote-management command, which allows remote attackers to obtain sensitive information such as passwords by sniffing the network.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-linksys_wvc54gclinksys_wvc54gc_firmwaren/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2021-33022
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.11% / 29.21%
||
7 Day CHG~0.00%
Published-01 Apr, 2022 | 22:17
Updated-16 Apr, 2025 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Philips Vue PACS Cleartext Transmission of Sensitive Information

Philips Vue PACS versions 12.2.x.x and prior transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

Action-Not Available
Vendor-Philips
Product-myvuevue_motionspeechvue_pacsVue MotionVue PACSVue SpeechVue MyVue
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2025-1060
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-8.7||HIGH
EPSS-0.09% / 25.51%
||
7 Day CHG~0.00%
Published-13 Feb, 2025 | 05:53
Updated-13 Feb, 2025 | 15:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists that could result in the exposure of data when network traffic is being sniffed by an attacker.

Action-Not Available
Vendor-Schneider Electric SE
Product-ASCO 5350 Eight Channel Remote AnnunciatorASCO 5310 Single-Channel Remote Annunciator
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2008-3289
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.73% / 72.27%
||
7 Day CHG~0.00%
Published-24 Jul, 2008 | 17:00
Updated-07 Aug, 2024 | 09:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EMC Dantz Retrospect Backup Client 7.5.116 sends the password hash in cleartext at an unspecified point, which allows remote attackers to obtain sensitive information via a crafted packet.

Action-Not Available
Vendor-storcentricn/a
Product-retrospect_backup_clientn/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2021-31671
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.26% / 48.67%
||
7 Day CHG+0.01%
Published-27 Apr, 2021 | 02:43
Updated-03 Aug, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

pgsync before 0.6.7 is affected by Information Disclosure of sensitive information. Syncing the schema with the --schema-first and --schema-only options is mishandled. For example, the sslmode connection parameter may be lost, which means that SSL would not be used.

Action-Not Available
Vendor-pgsync_projectn/a
Product-pgsyncn/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2025-7731
Matching Score-4
Assigner-Mitsubishi Electric Corporation
ShareView Details
Matching Score-4
Assigner-Mitsubishi Electric Corporation
CVSS Score-7.5||HIGH
EPSS-0.02% / 4.74%
||
7 Day CHG~0.00%
Published-01 Sep, 2025 | 03:57
Updated-02 Sep, 2025 | 19:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Information Disclosure Vulnerability in MELSEC iQ-F Series CPU module

Cleartext Transmission of Sensitive Information vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote unauthenticated attacker to obtain credential information by intercepting SLMP communication messages, and read or write the device values of the product and stop the operations of programs by using the obtained credential information.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-MELSEC iQ-F Series FX5U-32MT/ESSMELSEC iQ-F Series FX5U-32MT/DSMELSEC iQ-F Series FX5U-32MT/DSSMELSEC iQ-F Series FX5S-80MT/DSSMELSEC iQ-F Series FX5U-64MR/DSMELSEC iQ-F Series FX5UJ-60MR/ESMELSEC iQ-F Series FX5UJ-60MR/DSMELSEC iQ-F Series FX5UJ-40MT/ES-AMELSEC iQ-F Series FX5S-40MT/ESMELSEC iQ-F Series FX5S-60MT/ESSMELSEC iQ-F Series FX5S-80MT/DSMELSEC iQ-F Series FX5S-30MT/DSMELSEC iQ-F Series FX5U-32MR/DSMELSEC iQ-F Series FX5UJ-24MR/DSMELSEC iQ-F Series FX5S-30MT/ESMELSEC iQ-F Series FX5UJ-24MT/DSMELSEC iQ-F Series FX5UJ-40MT/DSMELSEC iQ-F Series FX5UJ-60MT/DSSMELSEC iQ-F Series FX5UJ-24MT/DSSMELSEC iQ-F Series FX5U-80MT/DSMELSEC iQ-F Series FX5UJ-60MT/DSMELSEC iQ-F Series FX5U-64MT/ESMELSEC iQ-F Series FX5UJ-24MT/ESMELSEC iQ-F Series FX5S-60MT/ESMELSEC iQ-F Series FX5S-80MT/ESSMELSEC iQ-F Series FX5U-64MT/ESSMELSEC iQ-F Series FX5UC-64MT/DMELSEC iQ-F Series FX5U-64MT/DSSMELSEC iQ-F Series FX5UJ-60MT/ESMELSEC iQ-F Series FX5UC-64MT/DSSMELSEC iQ-F Series FX5S-30MR/ESMELSEC iQ-F Series FX5U-80MT/DSSMELSEC iQ-F Series FX5UC-32MT/DS-TSMELSEC iQ-F Series FX5UJ-40MT/ESMELSEC iQ-F Series FX5S-80MT/ESMELSEC iQ-F Series FX5S-60MT/DSMELSEC iQ-F Series FX5U-80MT/ESMELSEC iQ-F Series FX5S-30MT/ESSMELSEC iQ-F Series FX5U-64MT/DSMELSEC iQ-F Series FX5UJ-24MR/ES-AMELSEC iQ-F Series FX5UJ-40MR/DSMELSEC iQ-F Series FX5UJ-40MT/ESSMELSEC iQ-F Series FX5UJ-40MR/ESMELSEC iQ-F Series FX5S-60MR/DSMELSEC iQ-F Series FX5UJ-24MR/ESMELSEC iQ-F Series FX5UJ-40MR/ES-AMELSEC iQ-F Series FX5S-40MT/ESSMELSEC iQ-F Series FX5S-60MR/ESMELSEC iQ-F Series FX5U-80MT/ESSMELSEC iQ-F Series FX5UC-32MT/DSS-TSMELSEC iQ-F Series FX5UC-32MT/DSSMELSEC iQ-F Series FX5U-32MT/ESMELSEC iQ-F Series FX5U-80MR/ESMELSEC iQ-F Series FX5UC-32MT/DMELSEC iQ-F Series FX5S-40MR/ESMELSEC iQ-F Series FX5S-30MT/DSSMELSEC iQ-F Series FX5S-80MR/ESMELSEC iQ-F Series FX5UJ-60MR/ES-AMELSEC iQ-F Series FX5S-30MR/DSMELSEC iQ-F Series FX5S-40MT/DSSMELSEC iQ-F Series FX5U-80MR/DSMELSEC iQ-F Series FX5UJ-60MT/ES-AMELSEC iQ-F Series FX5S-40MT/DSMELSEC iQ-F Series FX5S-60MT/DSSMELSEC iQ-F Series FX5U-64MR/ESMELSEC iQ-F Series FX5UJ-40MT/DSSMELSEC iQ-F Series FX5S-40MR/DSMELSEC iQ-F Series FX5S-80MR/DSMELSEC iQ-F Series FX5UC-32MR/DS-TSMELSEC iQ-F Series FX5UC-96MT/DSSMELSEC iQ-F Series FX5UJ-60MT/ESSMELSEC iQ-F Series FX5UC-96MT/DMELSEC iQ-F Series FX5UJ-24MT/ESSMELSEC iQ-F Series FX5UJ-24MT/ES-AMELSEC iQ-F Series FX5U-32MR/ES
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2008-0374
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.75% / 82.24%
||
7 Day CHG~0.00%
Published-22 Jan, 2008 | 19:00
Updated-07 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OKI C5510MFP Printer CU H2.15, PU 01.03.01, System F/W 1.01, and Web Page 1.00 sends the configuration of the printer in cleartext, which allows remote attackers to obtain the administrative password by connecting to TCP port 5548 or 7777.

Action-Not Available
Vendor-okin/a
Product-c5510mfpc5510mfp_firmwaren/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2025-69272
Matching Score-4
Assigner-CA Technologies - A Broadcom Company
ShareView Details
Matching Score-4
Assigner-CA Technologies - A Broadcom Company
CVSS Score-5.3||MEDIUM
EPSS-0.02% / 3.75%
||
7 Day CHG~0.00%
Published-12 Jan, 2026 | 04:33
Updated-14 Jan, 2026 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Spectrum password returned in clear

Cleartext Transmission of Sensitive Information vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Sniffing Attacks.This issue affects DX NetOps Spectrum: 21.2.1 and earlier.

Action-Not Available
Vendor-Microsoft CorporationLinux Kernel Organization, IncBroadcom Inc.
Product-linux_kernelwindowsdx_netops_spectrumDX NetOps Spectrum
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2025-66573
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-0.09% / 26.18%
||
7 Day CHG~0.00%
Published-04 Dec, 2025 | 20:45
Updated-23 Dec, 2025 | 00:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Solstice Pod API Session Key Extraction via API Endpoint

Solstice Pod API (version 5.5, 6.2) contains an unauthenticated API endpoint (`/api/config`) that exposes sensitive information such as the session key, server version, product details, and display name. Unauthorized users can extract live session information by accessing this endpoint without authentication.

Action-Not Available
Vendor-mersivemersive
Product-solstice_podsolstice_pod_firmwareSolstice Pod API Session Key Extraction via API Endpoint
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2019-16274
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.18% / 39.93%
||
7 Day CHG~0.00%
Published-06 Jan, 2020 | 19:52
Updated-05 Aug, 2024 | 01:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DTEN D5 before 1.3 and D7 before 1.3 devices transfer customer data files via unencrypted HTTP.

Action-Not Available
Vendor-dtenn/a
Product-d7d5_firmwared5d7_firmwaren/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2025-67159
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.02% / 5.85%
||
7 Day CHG+0.01%
Published-02 Jan, 2026 | 00:00
Updated-30 Jan, 2026 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vatilon v1.12.37-20240124 was discovered to transmit user credentials in plaintext.

Action-Not Available
Vendor-vatilonn/a
Product-pa4_firmwarepa4n/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2021-29397
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.18% / 39.39%
||
7 Day CHG~0.00%
Published-04 Feb, 2022 | 18:52
Updated-03 Aug, 2024 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cleartext Transmission of Sensitive Information in /northstar/Admin/login.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote local user to intercept users credentials transmitted in cleartext over HTTP.

Action-Not Available
Vendor-globalnorthstarn/a
Product-northstar_club_managementn/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2022-41636
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.1||CRITICAL
EPSS-0.12% / 30.52%
||
7 Day CHG~0.00%
Published-28 Oct, 2022 | 17:12
Updated-16 Apr, 2025 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Communication traffic involving "Ethernet Q Commands" service of Haas Controller version 100.20.000.1110 is transmitted in cleartext. This allows an attacker to obtain sensitive information being passed to and from the controller.

Action-Not Available
Vendor-haascncHaas
Product-haas_controllerHaas CNC Controller
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2024-49819
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.1||MEDIUM
EPSS-0.02% / 5.36%
||
7 Day CHG~0.00%
Published-17 Dec, 2024 | 17:41
Updated-10 Jan, 2025 | 17:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Guardium Key Lifecycle Manager information disclosure

IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that can be sniffed by unauthorized actors.

Action-Not Available
Vendor-IBM Corporation
Product-security_guardium_key_lifecycle_managerSecurity Guardium Key Lifecycle Manager
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2024-49387
Matching Score-4
Assigner-Acronis International GmbH
ShareView Details
Matching Score-4
Assigner-Acronis International GmbH
CVSS Score-5.4||MEDIUM
EPSS-0.15% / 36.28%
||
7 Day CHG~0.00%
Published-15 Oct, 2024 | 10:34
Updated-04 Feb, 2025 | 17:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cleartext transmission of sensitive information in acep-collector service. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.

Action-Not Available
Vendor-Microsoft CorporationAcronis (Acronis International GmbH)Linux Kernel Organization, Inc
Product-linux_kernelcyber_protectwindowsAcronis Cyber Protect 16
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2024-48894
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-5.9||MEDIUM
EPSS-0.04% / 12.61%
||
7 Day CHG~0.00%
Published-01 Dec, 2025 | 15:25
Updated-05 Dec, 2025 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cleartext transmission vulnerability exists in the WEBVIEW-M functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can sniff network traffic to trigger this vulnerability.

Action-Not Available
Vendor-socomecSocomec
Product-diris_m-70diris_m-70_firmwareDIRIS Digiware M-70
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2025-63364
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.03% / 6.74%
||
7 Day CHG~0.00%
Published-04 Dec, 2025 | 00:00
Updated-16 Dec, 2025 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway Firmware V3.1.1.0: HW 4.3.2.1: Webpage V7.04T.07.002880.0301 was discovered to transmit Administrator credentials in plaintext.

Action-Not Available
Vendor-wavesharen/a
Product-rs232\/485_to_wifi_eth_\(b\)rs232\/485_to_wifi_eth_\(b\)_firmwaren/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2024-43187
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.06% / 17.67%
||
7 Day CHG~0.00%
Published-04 Feb, 2025 | 20:37
Updated-15 Dec, 2025 | 20:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Verify Access information disclosure

IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

Action-Not Available
Vendor-IBM Corporation
Product-security_verify_access_dockersecurity_verify_accessSecurity Verify Access ApplianceSecurity Verify Access Container
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2025-62578
Matching Score-4
Assigner-Delta Electronics, Inc.
ShareView Details
Matching Score-4
Assigner-Delta Electronics, Inc.
CVSS Score-7.2||HIGH
EPSS-0.02% / 3.10%
||
7 Day CHG~0.00%
Published-26 Dec, 2025 | 06:05
Updated-08 Jan, 2026 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DVP-12SE - Modbus/TCP Cleartext Transmission of Sensitive Information

DVP-12SE - Modbus/TCP Cleartext Transmission of Sensitive Information

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-dvp-12se_firmwaredvp-12seDVP-12SE
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2014-5380
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-18.98% / 95.16%
||
7 Day CHG~0.00%
Published-13 Jan, 2020 | 12:55
Updated-06 Aug, 2024 | 11:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Grand MA 300 allows retrieval of the access PIN from sniffed data.

Action-Not Available
Vendor-grandingn/a
Product-grand_ma300grand_ma300_firmwaren/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2025-62765
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.7||HIGH
EPSS-0.02% / 4.52%
||
7 Day CHG~0.00%
Published-14 Nov, 2025 | 23:27
Updated-18 Nov, 2025 | 14:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
General Industrial Controls Lynx+ Gateway Cleartext Transmission of Sensitive Information

General Industrial Controls Lynx+ Gateway is vulnerable to a cleartext transmission vulnerability that could allow an attacker to observe network traffic to obtain sensitive information, including plaintext credentials.

Action-Not Available
Vendor-General Industrial Controls
Product-Lynx+ Gateway
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2022-3261
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.04% / 11.83%
||
7 Day CHG~0.00%
Published-15 Sep, 2023 | 20:20
Updated-25 Sep, 2024 | 13:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Plain-text passwords saved in /var/log/messages

A flaw was found in OpenStack. Multiple components show plain-text passwords in /var/log/messages during the OpenStack overcloud update run, leading to a disclosure of sensitive information problem.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-openstack_platformRed Hat OpenStack Platform 16.2openstack
CWE ID-CWE-256
Plaintext Storage of a Password
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2022-30994
Matching Score-4
Assigner-Acronis International GmbH
ShareView Details
Matching Score-4
Assigner-Acronis International GmbH
CVSS Score-7.5||HIGH
EPSS-0.15% / 35.72%
||
7 Day CHG~0.00%
Published-18 May, 2022 | 19:41
Updated-17 Sep, 2024 | 02:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cleartext transmission of sensitive information

Cleartext transmission of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 29240

Action-Not Available
Vendor-Acronis (Acronis International GmbH)Linux Kernel Organization, IncMicrosoft Corporation
Product-cyber_protectwindowslinux_kernelAcronis Cyber Protect 15
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2022-31204
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.12% / 31.28%
||
7 Day CHG-0.06%
Published-26 Jul, 2022 | 21:28
Updated-03 Aug, 2024 | 07:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords. They feature a UM Protection setting that allows users or system integrators to configure a password in order to restrict sensitive engineering operations (such as project/logic uploads and downloads). This password is set using the OMRON FINS command Program Area Protect and unset using the command Program Area Protect Clear, both of which are transmitted in cleartext.

Action-Not Available
Vendor-omronn/a
Product-sysmac_cp1e_firmwaresysmac_cp1lsysmac_cj2m_firmwaresysmac_cj2hsysmac_cp1esysmac_cj2h_firmwaresysmac_cp1h_firmwaresysmac_cp1hsysmac_cp1l_firmwarecp1w-cif41_firmwarecx-programmercp1w-cif41sysmac_cj2msysmac_cs1_firmwaresysmac_cs1n/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2022-40693
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-5.9||MEDIUM
EPSS-0.22% / 44.28%
||
7 Day CHG+0.10%
Published-07 Feb, 2023 | 16:52
Updated-16 Feb, 2023 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cleartext transmission vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted network sniffing can lead to a disclosure of sensitive information. An attacker can sniff network traffic to trigger this vulnerability.

Action-Not Available
Vendor-Moxa Inc.
Product-sds-3008-t_firmwaresds-3008sds-3008_firmwaresds-3008-tSDS-3008 Series Industrial Ethernet Switch
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2024-0860
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8||HIGH
EPSS-0.03% / 8.46%
||
7 Day CHG~0.00%
Published-14 Mar, 2024 | 20:54
Updated-23 Jan, 2025 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cleartext Transmission of Sensitive Information in Softing edgeConnector and edgeAggregator

The affected product is vulnerable to a cleartext transmission of sensitive information vulnerability, which may allow an attacker to capture packets to craft their own requests.

Action-Not Available
Vendor-softingSoftingsofting
Product-edgeaggregatoredgeconnectoredgeAggregatoredgeConnectoredgeconnectoredgeaggregator
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2022-29874
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-8.8||HIGH
EPSS-0.35% / 56.66%
||
7 Day CHG~0.00%
Published-10 May, 2022 | 09:47
Updated-09 Dec, 2025 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SICAM T (All versions < V3.0). Affected devices do not encrypt web traffic with clients but communicate in cleartext via HTTP. This could allow an unauthenticated attacker to capture the traffic and interfere with the functionality of the device.

Action-Not Available
Vendor-Siemens AG
Product-7kg8551-0aa12-0aa0_firmware7kg8550-0aa10-2aa07kg8501-0aa31-2aa07kg8500-0aa30-2aa07kg8551-0aa32-2aa07kg8551-0aa01-0aa0_firmware7kg8551-0aa12-2aa0_firmware7kg8550-0aa30-2aa07kg8501-0aa32-0aa07kg8551-0aa02-0aa07kg8501-0aa31-0aa07kg8501-0aa12-0aa0_firmware7kg8500-0aa30-0aa0_firmware7kg8501-0aa01-2aa0_firmware7kg8551-0aa12-0aa07kg8501-0aa02-0aa0_firmware7kg8551-0aa31-2aa0_firmware7kg8551-0aa32-0aa07kg8551-0aa02-2aa0_firmware7kg8501-0aa11-0aa07kg8551-0aa01-2aa07kg8500-0aa00-2aa07kg8551-0aa31-0aa0_firmware7kg8501-0aa01-0aa0_firmware7kg8551-0aa11-2aa0_firmware7kg8500-0aa30-0aa07kg8501-0aa11-0aa0_firmware7kg8500-0aa10-0aa07kg8550-0aa00-0aa07kg8500-0aa00-2aa0_firmware7kg8501-0aa32-2aa07kg8500-0aa00-0aa0_firmware7kg8501-0aa31-2aa0_firmware7kg8550-0aa30-2aa0_firmware7kg8551-0aa02-0aa0_firmware7kg8550-0aa00-2aa0_firmware7kg8501-0aa12-2aa07kg8551-0aa11-0aa07kg8501-0aa12-2aa0_firmware7kg8550-0aa30-0aa07kg8501-0aa11-2aa0_firmware7kg8501-0aa02-0aa07kg8551-0aa31-2aa07kg8551-0aa31-0aa07kg8500-0aa10-0aa0_firmware7kg8551-0aa12-2aa07kg8551-0aa11-2aa07kg8501-0aa11-2aa07kg8501-0aa32-2aa0_firmware7kg8500-0aa00-0aa07kg8551-0aa01-2aa0_firmware7kg8551-0aa32-2aa0_firmware7kg8550-0aa00-2aa07kg8550-0aa30-0aa0_firmware7kg8500-0aa30-2aa0_firmware7kg8551-0aa01-0aa07kg8550-0aa10-0aa07kg8500-0aa10-2aa07kg8501-0aa12-0aa07kg8550-0aa00-0aa0_firmware7kg8500-0aa10-2aa0_firmware7kg8501-0aa02-2aa07kg8551-0aa11-0aa0_firmware7kg8550-0aa10-0aa0_firmware7kg8551-0aa02-2aa07kg8551-0aa32-0aa0_firmware7kg8501-0aa01-2aa07kg8501-0aa02-2aa0_firmware7kg8501-0aa32-0aa0_firmware7kg8501-0aa31-0aa0_firmware7kg8501-0aa01-0aa07kg8550-0aa10-2aa0_firmwareSICAM T
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2022-29945
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4||MEDIUM
EPSS-0.22% / 44.10%
||
7 Day CHG~0.00%
Published-29 Apr, 2022 | 19:39
Updated-03 Aug, 2024 | 06:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DJI drone devices sold in 2017 through 2022 broadcast unencrypted information about the drone operator's physical location via the AeroScope protocol.

Action-Not Available
Vendor-djin/a
Product-mavic_3fpv_firmwarezenmuse_x5szenmuse_x7_firmwaremini_2mini_sefhantom_4_proair_2mavic_3_firmwareair_2_firmwarefpvzenmuse_x5s_firmwaremini_se_firmwareinspire_2rc_pro_firmwarerc_promini_2_firmwareair_2s_firmwareair_2sinspire_2_firmwarezenmuse_x7fhantom_4_pro_firmwaren/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2005-3140
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.47% / 64.05%
||
7 Day CHG~0.00%
Published-05 Oct, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Procom NetFORCE 800 4.02 M10 Build 20 and possibly other versions sends the NIS password map (passwd.nis) as a file attachment in diagnostic e-mail messages, which allows remote attackers to obtain the cleartext NIS password hashes.

Action-Not Available
Vendor-procomn/a
Product-netforce_800netforce_800_firmwaren/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2024-4161
Matching Score-4
Assigner-Brocade Communications Systems, LLC
ShareView Details
Matching Score-4
Assigner-Brocade Communications Systems, LLC
CVSS Score-8.6||HIGH
EPSS-0.20% / 42.36%
||
7 Day CHG~0.00%
Published-25 Apr, 2024 | 02:32
Updated-06 Feb, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Syslog traffic sent in clear-text

In Brocade SANnav, before Brocade SANnav v2.3.0, syslog traffic received clear text. This could allow an unauthenticated, remote attacker to capture sensitive information.

Action-Not Available
Vendor-Brocade Communications Systems, Inc. (Broadcom Inc.)Broadcom Inc.
Product-brocade_sannavBrocade SANnavbrocade_sannav
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2021-27422
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.10% / 26.96%
||
7 Day CHG~0.00%
Published-23 Mar, 2022 | 19:46
Updated-16 Apr, 2025 | 16:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GE UR family exposure of sensitive information to an unauthorized actor

GE UR firmware versions prior to version 8.1x web server interface is supported on UR over HTTP protocol. It allows sensitive information exposure without authentication.

Action-Not Available
Vendor-geGE
Product-multilin_l90_firmwaremultilin_b90_firmwaremultilin_b30_firmwaremultilin_c60multilin_b90multilin_t35_firmwaremultilin_c30multilin_c30_firmwaremultilin_f60_firmwaremultilin_n60multilin_t35multilin_c60_firmwaremultilin_l30_firmwaremultilin_c70multilin_c95_firmwaremultilin_c70_firmwaremultilin_g30_firmwaremultilin_c95multilin_n60_firmwaremultilin_l60multilin_m60_firmwaremultilin_t60multilin_t60_firmwaremultilin_g60_firmwaremultilin_l90multilin_g60multilin_f60multilin_m60multilin_g30multilin_f35_firmwaremultilin_l30multilin_d30_firmwaremultilin_d60_firmwaremultilin_d60multilin_b30multilin_l60_firmwaremultilin_f35multilin_d30UR family
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2022-26077
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.5||HIGH
EPSS-0.16% / 36.39%
||
7 Day CHG~0.00%
Published-25 May, 2022 | 20:15
Updated-15 Apr, 2025 | 19:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cleartext transmission of sensitive information vulnerability exists in the OAS Engine configuration communications functionality of Open Automation Software OAS Platform V16.00.0112. A targeted network sniffing attack can lead to a disclosure of sensitive information. An attacker can sniff network traffic to trigger this vulnerability.

Action-Not Available
Vendor-openautomationsoftwareOpen Automation Software
Product-oas_platformOAS Platform
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2024-38891
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.08% / 23.34%
||
7 Day CHG~0.00%
Published-02 Aug, 2024 | 00:00
Updated-20 Aug, 2024 | 16:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Sniffing Network Traffic attack due to the cleartext transmission of sensitive information.

Action-Not Available
Vendor-horizoncloudn/ahorizoncloud
Product-catereasen/acaterease
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2022-2485
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.6||CRITICAL
EPSS-0.11% / 29.07%
||
7 Day CHG~0.00%
Published-31 Aug, 2022 | 15:59
Updated-16 Apr, 2025 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AutomationDirect Stride Field I/O Cleartext Transmission of Sensitive Information

Any attempt (good or bad) to log into AutomationDirect Stride Field I/O with a web browser may result in the device responding with its password in the communication packets.

Action-Not Available
Vendor-AutomationDirect
Product-sio-mb16nd3_firmwaresio-mb08ads-1sio-mb04thmssio-mb04thms_firmwaresio-mb04rtds_firmwaresio-mb04rtdssio-mb04ads_firmwaresio-mb04das_firmwaresio-mb04dassio-mb08ads-2sio-mb16cdd2_firmwaresio-mb16cdd2sio-mb04adssio-mb08thms_firmwaresio-mb12cdrsio-mb08ads-1_firmwaresio-mb16nd3sio-mb08ads-2_firmwaresio-mb12cdr_firmwaresio-mb08thmsSIO- MB04ADSSIO-MB12CDRSIO-MB16CDD2SIO-MB04THMSSIO-MB08THMSSIO-MB04ADSSIO-MB16ND3SIO-MB08ADS-2SIO-MB08ADS-1SIO-MB04DASSIO-MB04RTDS
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2023-51740
Matching Score-4
Assigner-Indian Computer Emergency Response Team (CERT-In)
ShareView Details
Matching Score-4
Assigner-Indian Computer Emergency Response Team (CERT-In)
CVSS Score-7.5||HIGH
EPSS-0.04% / 12.25%
||
7 Day CHG~0.00%
Published-17 Jan, 2024 | 07:25
Updated-13 Nov, 2024 | 19:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cleartext Submission of Password vulnerability in Skyworth Router

This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to transmission of authentication credentials in plaintext over the network. A remote attacker could exploit this vulnerability by eavesdropping on the victim’s network traffic to extract username and password from the web interface (Login Page) of the vulnerable targeted system.

Action-Not Available
Vendor-skyworthdigitalHathway
Product-cm5100cm5100_firmwareSkyworth Router CM5100
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2023-51390
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.00%
||
7 Day CHG~0.00%
Published-20 Dec, 2023 | 23:27
Updated-02 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Information Disclosure Vulnerability in Journalpump

journalpump is a daemon that takes log messages from journald and pumps them to a given output. A logging vulnerability was found in journalpump which logs out the configuration of a service integration in plaintext to the supplied logging pipeline, including credential information contained in the configuration if any. The problem has been patched in journalpump 2.5.0.

Action-Not Available
Vendor-Aiven
Product-journalpumpjournalpump
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-215
Insertion of Sensitive Information Into Debugging Code
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2023-51741
Matching Score-4
Assigner-Indian Computer Emergency Response Team (CERT-In)
ShareView Details
Matching Score-4
Assigner-Indian Computer Emergency Response Team (CERT-In)
CVSS Score-7.5||HIGH
EPSS-0.05% / 13.88%
||
7 Day CHG~0.00%
Published-17 Jan, 2024 | 07:26
Updated-17 Jun, 2025 | 21:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cleartext Submission of Password vulnerability in Skyworth Router

This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to transmission of authentication credentials in plaintext over the network. A remote attacker could exploit this vulnerability by eavesdropping on the victim’s network traffic to extract username and password from the web interface (Password Reset Page) of the vulnerable targeted system.

Action-Not Available
Vendor-skyworthdigitalHathway
Product-cm5100cm5100_firmwareSkyworth Router CM5100
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2023-50614
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.04% / 13.07%
||
7 Day CHG~0.00%
Published-18 Jan, 2024 | 00:00
Updated-02 Jun, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue discovereed in EBYTE E880-IR01-V1.1 allows an attacker to obtain sensitive information via crafted POST request to /cgi-bin/luci.

Action-Not Available
Vendor-cdebyten/a
Product-e880-ir01e880-ir01_firmwaren/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2024-36558
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.06% / 17.48%
||
7 Day CHG~0.00%
Published-06 Feb, 2025 | 00:00
Updated-19 Mar, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Forever KidsWatch Call Me KW-50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h suffers from Cleartext Transmission of Sensitive Information due to lack of encryption in device-server communication.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2024-37393
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-82.33% / 99.19%
||
7 Day CHG~0.00%
Published-10 Jun, 2024 | 00:00
Updated-02 Aug, 2024 | 03:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-supplied input. An unauthenticated remote attacker could exfiltrate data from Active Directory through blind LDAP injection attacks against the DESKTOP service exposed on the /secserver HTTP endpoint. This may include ms-Mcs-AdmPwd, which has a cleartext password for the Local Administrator Password Solution (LAPS) feature.

Action-Not Available
Vendor-securenvoyn/asecurenvoy
Product-multi-factor_authentication_solutionsn/amfa
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2017-7252
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.09% / 25.51%
||
7 Day CHG~0.00%
Published-03 Nov, 2023 | 00:00
Updated-12 Sep, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

bcrypt password hashing in Botan before 2.1.0 does not correctly handle passwords with a length between 57 and 72 characters, which makes it easier for attackers to determine the cleartext password.

Action-Not Available
Vendor-botan_projectn/a
Product-botann/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2024-37163
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.20% / 42.38%
||
7 Day CHG~0.00%
Published-07 Jun, 2024 | 16:09
Updated-13 Nov, 2024 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SkyScrape Secure API Requests

SkyScrape is a GUI Dashboard for AWS Infrastructure and Managing Resources and Usage Costs. SkyScrape's API requests are currently unsecured HTTP requests, leading to potential vulnerabilities for the user's temporary credentials and data. This affects version 1.0.0.

Action-Not Available
Vendor-opensourcelabsoslabs-beta
Product-skyscraperSkyScraper
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2023-46383
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.19% / 40.53%
||
7 Day CHG~0.00%
Published-30 Nov, 2023 | 00:00
Updated-04 Nov, 2025 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LOYTEC electronics GmbH LINX Configurator (all versions) uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the password and gain full control of Loytec device configuration.

Action-Not Available
Vendor-loytecn/a
Product-l-inx_configuratorn/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2023-46385
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.14% / 33.34%
||
7 Day CHG~0.00%
Published-30 Nov, 2023 | 00:00
Updated-04 Nov, 2025 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LOYTEC electronics GmbH LINX Configurator (all versions) is vulnerable to Insecure Permissions. An admin credential is passed as a value of URL parameters without encryption, so it allows remote attackers to steal the password and gain full control of Loytec device configuration.

Action-Not Available
Vendor-loytecn/a
Product-l-inx_configuratorn/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2024-36426
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.13% / 33.05%
||
7 Day CHG~0.00%
Published-27 May, 2024 | 00:00
Updated-18 Mar, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In TARGIT Decision Suite 23.2.15007.0 before Autumn 2023, the session token is part of the URL and may be sent in a cleartext HTTP session.

Action-Not Available
Vendor-n/atargit
Product-n/adecision_suite_23.2.15007.0
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2025-54156
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.1||CRITICAL
EPSS-0.01% / 2.79%
||
7 Day CHG~0.00%
Published-18 Aug, 2025 | 21:21
Updated-17 Oct, 2025 | 17:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Santesoft Sante PACS Server Cleartext Transmission of Sensitive Information

The Sante PACS Server Web Portal sends credential information without encryption.

Action-Not Available
Vendor-Santesoft LTD
Product-sante_pacs_serverSante PACS Server
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CWE ID-CWE-522
Insufficiently Protected Credentials
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found