Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-0860

Summary
Assigner-icscert
Assigner Org ID-7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At-14 Mar, 2024 | 20:54
Updated At-12 Aug, 2024 | 20:30
Rejected At-
Credits

Cleartext Transmission of Sensitive Information in Softing edgeConnector and edgeAggregator

The affected product is vulnerable to a cleartext transmission of sensitive information vulnerability, which may allow an attacker to capture packets to craft their own requests.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
ā–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:icscert
Assigner Org ID:7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At:14 Mar, 2024 | 20:54
Updated At:12 Aug, 2024 | 20:30
Rejected At:
ā–¼CVE Numbering Authority (CNA)
Cleartext Transmission of Sensitive Information in Softing edgeConnector and edgeAggregator

The affected product is vulnerable to a cleartext transmission of sensitive information vulnerability, which may allow an attacker to capture packets to craft their own requests.

Affected Products
Vendor
Softing
Product
edgeConnector
Default Status
unaffected
Versions
Affected
  • Version 3.60
Vendor
Softing
Product
edgeAggregator
Default Status
unaffected
Versions
Affected
  • Version 3.60
Problem Types
TypeCWE IDDescription
CWECWE-319CWE-319 Cleartext Transmission of Sensitive Information
Type: CWE
CWE ID: CWE-319
Description: CWE-319 Cleartext Transmission of Sensitive Information
Metrics
VersionBase scoreBase severityVector
3.18.0HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 8.0
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Update Softing edgeConnector and edgeAggregator to v3.70 or greater.

Configurations
Workarounds
Exploits
Credits
finder
Pan ZhenPeng (@Peterpan0927) and Li JianTao (@CurseRed) of STAR Labs SG Pte. Ltd. (@starlabs_sg) working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA. Claroty Team82 working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-13
government-resource
Hyperlink: https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-13
Resource:
government-resource
ā–¼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-13
government-resource
x_transferred
Hyperlink: https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-13
Resource:
government-resource
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Vendor
softing
Product
edgeconnector
CPEs
  • cpe:2.3:a:softing:edgeconnector:3.60:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • 3.60
Vendor
softing
Product
edgeaggregator
CPEs
  • cpe:2.3:a:softing:edgeaggregator:3.60:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • 3.60
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
ā–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:ics-cert@hq.dhs.gov
Published At:14 Mar, 2024 | 21:15
Updated At:23 Jan, 2025 | 19:56

The affected product is vulnerable to a cleartext transmission of sensitive information vulnerability, which may allow an attacker to capture packets to craft their own requests.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.0HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 8.0
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CPE Matches
softing
softing
>>edgeaggregator>>3.60
cpe:2.3:a:softing:edgeaggregator:3.60:*:*:*:*:*:*:*
softing
softing
>>edgeconnector>>3.60
cpe:2.3:a:softing:edgeconnector:3.60:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-319Secondaryics-cert@hq.dhs.gov
CWE ID: CWE-319
Type: Secondary
Source: ics-cert@hq.dhs.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-13ics-cert@hq.dhs.gov
Third Party Advisory
US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-13af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
US Government Resource
Hyperlink: https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-13
Source: ics-cert@hq.dhs.gov
Resource:
Third Party Advisory
US Government Resource
Hyperlink: https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-13
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
US Government Resource

Change History

0
Information is not available yet

Similar CVEs

223Records found
CVE-2022-3261
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.04% / 13.41%
||
7 Day CHG~0.00%
Published-15 Sep, 2023 | 20:20
Updated-25 Sep, 2024 | 13:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Plain-text passwords saved in /var/log/messages

A flaw was found in OpenStack. Multiple components show plain-text passwords in /var/log/messages during the OpenStack overcloud update run, leading to a disclosure of sensitive information problem.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-openstack_platformRed Hat OpenStack Platform 16.2openstack
CWE ID-CWE-256
Plaintext Storage of a Password
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2022-30993
Matching Score-4
Assigner-Acronis International GmbH
ShareView Details
Matching Score-4
Assigner-Acronis International GmbH
CVSS Score-7.5||HIGH
EPSS-0.15% / 35.29%
||
7 Day CHG~0.00%
Published-18 May, 2022 | 19:42
Updated-17 Sep, 2024 | 04:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cleartext transmission of sensitive information

Cleartext transmission of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240

Action-Not Available
Vendor-Acronis (Acronis International GmbH)Linux Kernel Organization, IncMicrosoft Corporation
Product-cyber_protectwindowslinux_kernelAcronis Cyber Protect 15
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2022-30994
Matching Score-4
Assigner-Acronis International GmbH
ShareView Details
Matching Score-4
Assigner-Acronis International GmbH
CVSS Score-7.5||HIGH
EPSS-0.15% / 35.29%
||
7 Day CHG~0.00%
Published-18 May, 2022 | 19:41
Updated-17 Sep, 2024 | 02:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cleartext transmission of sensitive information

Cleartext transmission of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 29240

Action-Not Available
Vendor-Acronis (Acronis International GmbH)Linux Kernel Organization, IncMicrosoft Corporation
Product-cyber_protectwindowslinux_kernelAcronis Cyber Protect 15
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2022-29874
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-8.8||HIGH
EPSS-0.33% / 56.26%
||
7 Day CHG-0.01%
Published-10 May, 2022 | 09:47
Updated-09 Dec, 2025 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SICAM T (All versions < V3.0). Affected devices do not encrypt web traffic with clients but communicate in cleartext via HTTP. This could allow an unauthenticated attacker to capture the traffic and interfere with the functionality of the device.

Action-Not Available
Vendor-Siemens AG
Product-7kg8551-0aa12-0aa0_firmware7kg8550-0aa10-2aa07kg8501-0aa31-2aa07kg8500-0aa30-2aa07kg8551-0aa32-2aa07kg8551-0aa01-0aa0_firmware7kg8551-0aa12-2aa0_firmware7kg8550-0aa30-2aa07kg8501-0aa32-0aa07kg8551-0aa02-0aa07kg8501-0aa31-0aa07kg8501-0aa12-0aa0_firmware7kg8500-0aa30-0aa0_firmware7kg8501-0aa01-2aa0_firmware7kg8551-0aa12-0aa07kg8501-0aa02-0aa0_firmware7kg8551-0aa31-2aa0_firmware7kg8551-0aa32-0aa07kg8551-0aa02-2aa0_firmware7kg8501-0aa11-0aa07kg8551-0aa01-2aa07kg8500-0aa00-2aa07kg8551-0aa31-0aa0_firmware7kg8501-0aa01-0aa0_firmware7kg8551-0aa11-2aa0_firmware7kg8500-0aa30-0aa07kg8501-0aa11-0aa0_firmware7kg8500-0aa10-0aa07kg8550-0aa00-0aa07kg8500-0aa00-2aa0_firmware7kg8501-0aa32-2aa07kg8500-0aa00-0aa0_firmware7kg8501-0aa31-2aa0_firmware7kg8550-0aa30-2aa0_firmware7kg8551-0aa02-0aa0_firmware7kg8550-0aa00-2aa0_firmware7kg8501-0aa12-2aa07kg8551-0aa11-0aa07kg8501-0aa12-2aa0_firmware7kg8550-0aa30-0aa07kg8501-0aa11-2aa0_firmware7kg8501-0aa02-0aa07kg8551-0aa31-2aa07kg8551-0aa31-0aa07kg8500-0aa10-0aa0_firmware7kg8551-0aa12-2aa07kg8551-0aa11-2aa07kg8501-0aa11-2aa07kg8501-0aa32-2aa0_firmware7kg8500-0aa00-0aa07kg8551-0aa01-2aa0_firmware7kg8551-0aa32-2aa0_firmware7kg8550-0aa00-2aa07kg8550-0aa30-0aa0_firmware7kg8500-0aa30-2aa0_firmware7kg8551-0aa01-0aa07kg8550-0aa10-0aa07kg8500-0aa10-2aa07kg8501-0aa12-0aa07kg8550-0aa00-0aa0_firmware7kg8500-0aa10-2aa0_firmware7kg8501-0aa02-2aa07kg8551-0aa11-0aa0_firmware7kg8550-0aa10-0aa0_firmware7kg8551-0aa02-2aa07kg8551-0aa32-0aa0_firmware7kg8501-0aa01-2aa07kg8501-0aa02-2aa0_firmware7kg8501-0aa32-0aa0_firmware7kg8501-0aa31-0aa0_firmware7kg8501-0aa01-0aa07kg8550-0aa10-2aa0_firmwareSICAM T
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2022-29945
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4||MEDIUM
EPSS-0.18% / 38.68%
||
7 Day CHG~0.00%
Published-29 Apr, 2022 | 19:39
Updated-03 Aug, 2024 | 06:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DJI drone devices sold in 2017 through 2022 broadcast unencrypted information about the drone operator's physical location via the AeroScope protocol.

Action-Not Available
Vendor-djin/a
Product-mavic_3fpv_firmwarezenmuse_x5szenmuse_x7_firmwaremini_2mini_sefhantom_4_proair_2mavic_3_firmwareair_2_firmwarefpvzenmuse_x5s_firmwaremini_se_firmwareinspire_2rc_pro_firmwarerc_promini_2_firmwareair_2s_firmwareair_2sinspire_2_firmwarezenmuse_x7fhantom_4_pro_firmwaren/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2025-27457
Matching Score-4
Assigner-SICK AG
ShareView Details
Matching Score-4
Assigner-SICK AG
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 36.08%
||
7 Day CHG~0.00%
Published-03 Jul, 2025 | 11:32
Updated-06 Feb, 2026 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE-2025-27457

All communication between the VNC server and client(s) is unencrypted. This allows an attacker to intercept the traffic and obtain sensitive data.

Action-Not Available
Vendor-endressEndress+Hauser
Product-meac300-fnade4meac300-fnade4_firmwareEndress+Hauser MEAC300-FNADE4
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2020-27554
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.14% / 33.07%
||
7 Day CHG~0.00%
Published-17 Nov, 2020 | 14:21
Updated-04 Aug, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cleartext Transmission of Sensitive Information vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 exists which could leak sensitive information transmitted between the mobile app and the camera device.

Action-Not Available
Vendor-basetechn/a
Product-ge-131_bt-1837836_firmwarege-131_bt-1837836n/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2020-27185
Matching Score-4
Assigner-Kaspersky
ShareView Details
Matching Score-4
Assigner-Kaspersky
CVSS Score-7.5||HIGH
EPSS-0.20% / 42.04%
||
7 Day CHG~0.00%
Published-14 May, 2021 | 12:06
Updated-04 Aug, 2024 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cleartext transmission of sensitive information via Moxa Service in NPort IA5000A series serial devices. Successfully exploiting the vulnerability could enable attackers to read authentication data, device configuration, and other sensitive data transmitted over Moxa Service.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-nport_ia5150a_firmwarenport_ia5450a_firmwarenport_ia5250anport_ia5150anport_ia5250a_firmwarenport_ia5450aNPort IA5000A Series with Moxa Service enabled
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2020-25645
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.39% / 60.38%
||
7 Day CHG~0.00%
Published-13 Oct, 2020 | 19:52
Updated-04 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.

Action-Not Available
Vendor-n/aNetApp, Inc.Canonical Ltd.Linux Kernel Organization, IncopenSUSEDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxlinux_kernelhci_compute_node_biossolidfire_\&_hci_management_nodesolidfire_\&_hci_storage_nodehci_compute_nodeleapkernel
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2020-25169
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.11% / 29.61%
||
7 Day CHG~0.00%
Published-26 Jan, 2021 | 12:46
Updated-16 Sep, 2024 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reolink P2P Cameras

The affected Reolink P2P products do not sufficiently protect data transferred between the local device and Reolink servers. This can allow an attacker to access sensitive information, such as camera feeds.

Action-Not Available
Vendor-Reolink Innovation Limited
Product-rlc-510arlc-520arlc-423s_firmwarerln8-410rlc-422_firmwarerlc-510a_firmwarerlc-410rlc-423srlc-423_firmwarerlc-423rln8-410_firmwarerlc-520a_firmwarerlc-422rlc-410_firmwareRLN-X10 seriesRLC-4XX seriesRLC-5XX series
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2020-25155
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.11% / 29.61%
||
7 Day CHG~0.00%
Published-13 Nov, 2020 | 15:32
Updated-04 Aug, 2024 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The affected product transmits unencrypted sensitive information, which may allow an attacker to access this information on the NIO 50 (all versions).

Action-Not Available
Vendor-nexcomn/a
Product-nio_50_firmwarenio_50NIO 50
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2020-25190
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.09% / 25.92%
||
7 Day CHG~0.00%
Published-23 Dec, 2020 | 14:07
Updated-16 Sep, 2024 | 21:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MOXA NPort IAW5000A-I/O Series

The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower stores and transmits the credentials of third-party services in cleartext.

Action-Not Available
Vendor-Moxa Inc.
Product-nport_iaw5000a-i\/onport_iaw5000a-i\/o_firmwareNPort IAW5000A-I/O
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2020-2232
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-7.5||HIGH
EPSS-0.06% / 19.73%
||
7 Day CHG~0.00%
Published-12 Aug, 2020 | 13:25
Updated-04 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Email Extension Plugin 2.72 and 2.73 transmits and displays the SMTP password in plain text as part of the global Jenkins configuration form, potentially resulting in its exposure.

Action-Not Available
Vendor-Jenkins
Product-email_extensionJenkins Email Extension Plugin
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2020-1749
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.15% / 35.90%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 14:35
Updated-04 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.

Action-Not Available
Vendor-Linux KernelLinux Kernel Organization, IncRed Hat, Inc.
Product-linux_kernelenterprise_linuxenterprise_mrgkernel
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2020-1902
Matching Score-4
Assigner-Meta Platforms, Inc.
ShareView Details
Matching Score-4
Assigner-Meta Platforms, Inc.
CVSS Score-7.5||HIGH
EPSS-0.19% / 40.19%
||
7 Day CHG~0.00%
Published-06 Oct, 2020 | 17:35
Updated-04 Aug, 2024 | 06:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A user running a quick search on a highly forwarded message on WhatsApp for Android from v2.20.108 to v2.20.140 or WhatsApp Business for Android from v2.20.35 to v2.20.49 could have been sent to the Google service over plain HTTP.

Action-Not Available
Vendor-WhatsApp LLCFacebook
Product-whatsappwhatsapp_businessWhatsApp for AndroidWhatsApp Business for Android
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2020-12398
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.26% / 49.57%
||
7 Day CHG~0.00%
Published-09 Jul, 2020 | 14:45
Updated-04 Aug, 2024 | 11:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection. This vulnerability affects Thunderbird < 68.9.0.

Action-Not Available
Vendor-Mozilla CorporationCanonical Ltd.
Product-ubuntu_linuxthunderbirdThunderbird
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2020-12037
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.07% / 21.48%
||
7 Day CHG~0.00%
Published-29 Jun, 2020 | 13:49
Updated-04 Aug, 2024 | 11:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption (e.g., TLS/SSL) when configured to send treatment data to a PDMS (Patient Data Management System) or an EMR (Electronic Medical Record) system. An attacker could observe sensitive data sent from the device.

Action-Not Available
Vendor-n/aBaxter International, Inc.
Product-prismaflexprismaxprismax_firmwareprismaflex_firmwareBaxter PrismaFlex and PrisMax
CWE ID-CWE-259
Use of Hard-coded Password
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2020-10624
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.11% / 29.61%
||
7 Day CHG~0.00%
Published-26 Jun, 2020 | 16:22
Updated-04 Aug, 2024 | 11:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R140, R150, and R151) exposes a session token on the network.

Action-Not Available
Vendor-n/aHoneywell International Inc.
Product-controledge_plccontroledge_rtucontroledge_plc_firmwarecontroledge_rtu_firmwareControlEdge RTUControlEdge PLC
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2022-38122
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-7.5||HIGH
EPSS-0.36% / 58.23%
||
7 Day CHG~0.00%
Published-10 Nov, 2022 | 02:20
Updated-01 May, 2025 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
POWERCOM CO., LTD. UPSMON PRO - Cleartext Transmission of Sensitive Information

UPSMON PRO transmits sensitive data in cleartext over HTTP protocol. An unauthenticated remote attacker can exploit this vulnerability to access sensitive data.

Action-Not Available
Vendor-upspowercomPOWERCOM CO., LTD.
Product-upsmon_proUPSMON PRO
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2021-39342
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 32.23%
||
7 Day CHG~0.00%
Published-29 Sep, 2021 | 19:39
Updated-31 Mar, 2025 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Credova_Financial <= 1.4.8 Sensitive Information Disclosure

The Credova_Financial WordPress plugin discloses a site's associated Credova API account username and password in plaintext via an AJAX action whenever a site user goes to checkout on a page that has the Credova Financing option enabled. This affects versions up to, and including, 1.4.8.

Action-Not Available
Vendor-credovaCredova Financial
Product-financialCredova_Financial
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2024-10718
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 22.51%
||
7 Day CHG~0.00%
Published-20 Mar, 2025 | 10:10
Updated-27 Jun, 2025 | 15:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cookie without Secure attribute in phpipam/phpipam

In phpipam/phpipam version 1.5.1, the Secure attribute for sensitive cookies in HTTPS sessions is not set. This could cause the user agent to send those cookies in plaintext over an HTTP session, potentially exposing sensitive information. The issue is fixed in version 1.7.0.

Action-Not Available
Vendor-phpipamphpipam
Product-phpipamphpipam/phpipam
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CWE ID-CWE-614
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
CVE-2022-45546
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.13% / 32.06%
||
7 Day CHG~0.00%
Published-15 Feb, 2023 | 00:00
Updated-19 Mar, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Information Disclosure in Authentication Component of ScreenCheck BadgeMaker 2.6.2.0 application allows internal attacker to obtain credentials for authentication via network sniffing.

Action-Not Available
Vendor-screencheckn/a
Product-badgemakern/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2022-31204
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.12% / 30.65%
||
7 Day CHG~0.00%
Published-26 Jul, 2022 | 21:28
Updated-03 Aug, 2024 | 07:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords. They feature a UM Protection setting that allows users or system integrators to configure a password in order to restrict sensitive engineering operations (such as project/logic uploads and downloads). This password is set using the OMRON FINS command Program Area Protect and unset using the command Program Area Protect Clear, both of which are transmitted in cleartext.

Action-Not Available
Vendor-omronn/a
Product-sysmac_cp1e_firmwaresysmac_cp1lsysmac_cj2m_firmwaresysmac_cj2hsysmac_cp1esysmac_cj2h_firmwaresysmac_cp1h_firmwaresysmac_cp1hsysmac_cp1l_firmwarecp1w-cif41_firmwarecx-programmercp1w-cif41sysmac_cj2msysmac_cs1_firmwaresysmac_cs1n/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found