ByteOS Network

Vulnerability Details :

CVE-2024-11308

Assigner-twcert

Assigner Org ID-cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e

Published At-18 Nov, 2024 | 05:59

Updated At-18 Nov, 2024 | 13:57

TRCore DVC - Use of Hard-coded Cryptographic Key

The DVC from TRCore encrypts files using a hardcoded key. Attackers can use this key to decrypt the files and restore the original content.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:twcert

Assigner Org ID:cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e

Published At:18 Nov, 2024 | 05:59

Updated At:18 Nov, 2024 | 13:57

▼CVE Numbering Authority (CNA)

TRCore DVC - Use of Hard-coded Cryptographic Key

The DVC from TRCore encrypts files using a hardcoded key. Attackers can use this key to decrypt the files and restore the original content.

Affected Products

Vendor

TRCore

Product

DVC

Default Status

unaffected

Versions

Affected

From 6.0 through 6.3 (custom)

Problem Types

Type	CWE ID	Description
CWE	CWE-321	CWE-321 Use of Hard-coded Cryptographic Key

Type: CWE

CWE ID: CWE-321

Description: CWE-321 Use of Hard-coded Cryptographic Key

Metrics

Version	Base score	Base severity	Vector
3.1	6.2	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Version: 3.1

Base score: 6.2

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Impacts

CAPEC ID	Description
CAPEC-191	CAPEC-191 Read Sensitive Constants Within an Executable

CAPEC ID: CAPEC-191

Description: CAPEC-191 Read Sensitive Constants Within an Executable

Solutions

Update to version 6.4 or later.

References

Hyperlink	Resource
https://www.twcert.org.tw/tw/cp-132-8240-562c3-1.html	third-party-advisory
https://www.twcert.org.tw/en/cp-139-8241-1af92-2.html	third-party-advisory

Hyperlink: https://www.twcert.org.tw/tw/cp-132-8240-562c3-1.html

Resource:

third-party-advisory

Hyperlink: https://www.twcert.org.tw/en/cp-139-8241-1af92-2.html

Resource:

third-party-advisory

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Affected Products

Vendor

trcore

Product

dvc

CPEs

cpe:2.3:a:trcore:dvc:*:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 6.0 through 6.3 (custom)

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:twcert@cert.org.tw

Published At:18 Nov, 2024 | 06:15

Updated At:20 Nov, 2024 | 15:17

The DVC from TRCore encrypts files using a hardcoded key. Attackers can use this key to decrypt the files and restore the original content.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Secondary	3.1	6.2	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Type: Primary

Version: 3.1

Base score: 5.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Type: Secondary

Version: 3.1

Base score: 6.2

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CPE Matches

trcore>>dvc>>Versions from 6.0(inclusive) to 6.4(exclusive)

cpe:2.3:a:trcore:dvc:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-Other	Primary	nvd@nist.gov
CWE-321	Secondary	twcert@cert.org.tw

CWE ID: NVD-CWE-Other

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-321

Type: Secondary

Source: twcert@cert.org.tw

References

Hyperlink	Source	Resource
https://www.twcert.org.tw/en/cp-139-8241-1af92-2.html	twcert@cert.org.tw	Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-8240-562c3-1.html	twcert@cert.org.tw	Third Party Advisory

Hyperlink: https://www.twcert.org.tw/en/cp-139-8241-1af92-2.html

Source: twcert@cert.org.tw

Resource:

Third Party Advisory

Hyperlink: https://www.twcert.org.tw/tw/cp-132-8240-562c3-1.html

Source: twcert@cert.org.tw

Resource:

Third Party Advisory

Similar CVEs

7Records found

CVE-2024-28989

Matching Score-4

Assigner-SolarWinds

View Details

Matching Score-4

Assigner-SolarWinds

CVSS Score-5.5||MEDIUM

EPSS-0.04% / 9.44%

7 Day CHG~0.00%

Published-11 Feb, 2025 | 07:13

Updated-25 Feb, 2025 | 17:36

SolarWinds Web Help Desk Cryptographic Key Management Vulnerability

SolarWinds Web Help Desk was found to have a hardcoded cryptographic key that could allow the disclosure of sensitive information from the software.

Vendor-SolarWinds Worldwide, LLC.

Product-web_help_desk Web Help Desk

CWE ID-CWE-321

Use of Hard-coded Cryptographic Key

CWE ID-CWE-798

Use of Hard-coded Credentials

CVE-2025-2810

Matching Score-4

Assigner-CERT@VDE

View Details

Matching Score-4

Assigner-CERT@VDE

CVSS Score-5.5||MEDIUM

EPSS-0.01% / 1.33%

7 Day CHG~0.00%

Published-05 Aug, 2025 | 08:06

Updated-05 Aug, 2025 | 14:34

Draeger: ICMHelper is vulnerable to use of Hard-coded Cryptographic Key

A low privileged local attacker can abuse the affected service by using a hardcoded cryptographic key.

Vendor-Draeger

Product-Draeger ICMHelper

CWE ID-CWE-321

Use of Hard-coded Cryptographic Key

CVE-2022-34386

Matching Score-4

Assigner-Dell

View Details

Matching Score-4

Assigner-Dell

CVSS Score-5.5||MEDIUM

EPSS-0.07% / 20.38%

7 Day CHG~0.00%

Published-10 Feb, 2023 | 20:11

Updated-26 Mar, 2025 | 15:43

Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain cryptographic weakness vulnerability. An authenticated non-admin user could potentially exploit the issue and obtain sensitive information.

Vendor-Dell Inc.

Product-supportassist_for_business_pcs supportassist_for_home_pcs SupportAssist Client Consumer

CWE ID-CWE-321

Use of Hard-coded Cryptographic Key

CWE ID-CWE-798

Use of Hard-coded Credentials

CVE-2020-25233

Matching Score-4

Assigner-Siemens

View Details

Matching Score-4

Assigner-Siemens

CVSS Score-5.5||MEDIUM

EPSS-0.06% / 19.80%

7 Day CHG~0.00%

Published-14 Dec, 2020 | 21:05

Updated-04 Aug, 2024 | 15:33

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). The firmware update of affected devices contains the private RSA key that is used as a basis for encryption of communication with the device.

Vendor-Siemens AG

Product-logo\!_8_bm logo\!_8_bm_firmware LOGO! 8 BM (incl. SIPLUS variants)

CWE ID-CWE-321

Use of Hard-coded Cryptographic Key

CVE-2020-25231

Matching Score-4

Assigner-Siemens

View Details

Matching Score-4

Assigner-Siemens

CVSS Score-5.5||MEDIUM

EPSS-0.06% / 19.80%

7 Day CHG~0.00%

Published-14 Dec, 2020 | 21:05

Updated-04 Aug, 2024 | 15:33

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3), LOGO! Soft Comfort (All versions < V8.3). The encryption of program data for the affected devices uses a static key. An attacker could use this key to extract confidential information from protected program files.

Vendor-Siemens AG

Product-logo\!_soft_comfort logo\!_8_bm logo\!_8_bm_firmware LOGO! 8 BM (incl. SIPLUS variants)LOGO! Soft Comfort

CWE ID-CWE-321

Use of Hard-coded Cryptographic Key

CWE ID-CWE-798

Use of Hard-coded Credentials

CVE-2021-43552

Matching Score-4

Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)

View Details

Matching Score-4

Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)

CVSS Score-6.1||MEDIUM

EPSS-0.07% / 21.18%

7 Day CHG~0.00%

Published-27 Dec, 2021 | 18:48

Updated-17 Sep, 2024 | 00:16

Philips Patient Information Center iX (PIC iX) and Efficia CM Series Use of Hard-coded Cryptographic Key

The use of a hard-coded cryptographic key significantly increases the possibility encrypted data may be recovered from the Patient Information Center iX (PIC iX) Versions B.02, C.02, and C.03.

Vendor-Philips

Product-patient_information_center_ix Patient Information Center iX (PIC iX)

CWE ID-CWE-321

Use of Hard-coded Cryptographic Key

CVE-2021-27481

Matching Score-4

Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)

View Details

Matching Score-4

Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)

CVSS Score-5.5||MEDIUM

EPSS-0.03% / 7.03%

7 Day CHG~0.00%

Published-16 Jun, 2021 | 11:59

Updated-03 Aug, 2024 | 20:48

ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products utilize an encryption key in the data exchange process, which is hardcoded. This could allow an attacker to gain access to sensitive information.

Vendor-zoll n/a

Product-defibrillator_dashboard ZOLL Defibrillator Dashboard

CWE ID-CWE-321

Use of Hard-coded Cryptographic Key

CWE ID-CWE-798

Use of Hard-coded Credentials

CVE-2024-11308

Credits

TRCore DVC - Use of Hard-coded Cryptographic Key

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Affected

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs