Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-24007

Summary
Assigner-siemens
Assigner Org ID-cec7a2ec-15b4-4faf-bd53-b40f371f3a77
Published At-13 May, 2025 | 09:38
Updated At-13 May, 2025 | 15:42
Rejected At-
Credits

A vulnerability has been identified in SIRIUS 3RK3 Modular Safety System (MSS) (All versions), SIRIUS Safety Relays 3SK2 (All versions). Affected devices only provide weak password obfuscation. An attacker with network access could retrieve and de-obfuscate the safety password used for protection against inadvertent operating errors.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:siemens
Assigner Org ID:cec7a2ec-15b4-4faf-bd53-b40f371f3a77
Published At:13 May, 2025 | 09:38
Updated At:13 May, 2025 | 15:42
Rejected At:
▼CVE Numbering Authority (CNA)

A vulnerability has been identified in SIRIUS 3RK3 Modular Safety System (MSS) (All versions), SIRIUS Safety Relays 3SK2 (All versions). Affected devices only provide weak password obfuscation. An attacker with network access could retrieve and de-obfuscate the safety password used for protection against inadvertent operating errors.

Affected Products
Vendor
Siemens AGSiemens
Product
SIRIUS 3RK3 Modular Safety System (MSS)
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Vendor
Siemens AGSiemens
Product
SIRIUS Safety Relays 3SK2
Default Status
unknown
Versions
Affected
  • From 0 before * (custom)
Problem Types
TypeCWE IDDescription
CWECWE-327CWE-327: Use of a Broken or Risky Cryptographic Algorithm
Type: CWE
CWE ID: CWE-327
Description: CWE-327: Use of a Broken or Risky Cryptographic Algorithm
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
4.08.7HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Version: 4.0
Base score: 8.7
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://cert-portal.siemens.com/productcert/html/ssa-222768.html
N/A
Hyperlink: https://cert-portal.siemens.com/productcert/html/ssa-222768.html
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:productcert@siemens.com
Published At:13 May, 2025 | 10:15
Updated At:13 May, 2025 | 19:35

A vulnerability has been identified in SIRIUS 3RK3 Modular Safety System (MSS) (All versions), SIRIUS Safety Relays 3SK2 (All versions). Affected devices only provide weak password obfuscation. An attacker with network access could retrieve and de-obfuscate the safety password used for protection against inadvertent operating errors.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.08.7HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 4.0
Base score: 8.7
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-327Primaryproductcert@siemens.com
CWE ID: CWE-327
Type: Primary
Source: productcert@siemens.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://cert-portal.siemens.com/productcert/html/ssa-222768.htmlproductcert@siemens.com
N/A
Hyperlink: https://cert-portal.siemens.com/productcert/html/ssa-222768.html
Source: productcert@siemens.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

227Records found
CVE-2024-35210
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-5.1||MEDIUM
EPSS-0.13% / 33.78%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 11:15
Updated-11 Feb, 2025 | 11:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected web server is not enforcing HSTS. This could allow an attacker to perform downgrade attacks exposing confidential information.

Action-Not Available
Vendor-Siemens AG
Product-sinec_traffic_analyzerSINEC Traffic Analyzersinec_traffic_analyzer
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2022-32285
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.40% / 59.93%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 09:22
Updated-03 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.16.6), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.2.2), Mendix SAML Module (Mendix 9 compatible) (All versions < V3.2.3). The affected module is vulnerable to XML External Entity (XXE) attacks due to insufficient input sanitation. This may allow an attacker to disclose confidential data under certain circumstances.

Action-Not Available
Vendor-mendixSiemens AG
Product-samlMendix SAML Module (Mendix 8 compatible)Mendix SAML Module (Mendix 7 compatible)Mendix SAML Module (Mendix 9 compatible)
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2024-50310
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-0.22% / 44.71%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 12:49
Updated-13 Nov, 2024 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC CP 1543-1 V4.0 (6GK7543-1AX10-0XE0) (All versions >= V4.0.44 < V4.0.50). Affected devices do not properly handle authorization. This could allow an unauthenticated remote attacker to gain access to the filesystem.

Action-Not Available
Vendor-Siemens AG
Product-simatic_cp_1543-1simatic_cp_1543-1_firmwareSIMATIC CP 1543-1 V4.0simatic_cp_1543-1
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-41904
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-0.41% / 60.32%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 07:54
Updated-14 Aug, 2024 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application do not properly enforce restriction of excessive authentication attempts. This could allow an unauthenticated attacker to conduct brute force attacks against legitimate user credentials or keys.

Action-Not Available
Vendor-Siemens AG
Product-sinec_traffic_analyzerSINEC Traffic Analyzersinec_traffic_analyzer
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2023-52236
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-6.1||MEDIUM
EPSS-0.02% / 3.92%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 10:32
Updated-08 Jul, 2025 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in RUGGEDCOM i800 (All versions), RUGGEDCOM i801 (All versions), RUGGEDCOM i802 (All versions), RUGGEDCOM i803 (All versions), RUGGEDCOM M2100 (All versions), RUGGEDCOM M2200 (All versions), RUGGEDCOM M969 (All versions), RUGGEDCOM RMC30 (All versions), RUGGEDCOM RMC8388 V4.X (All versions), RUGGEDCOM RMC8388 V5.X (All versions < V5.10.0), RUGGEDCOM RP110 (All versions), RUGGEDCOM RS1600 (All versions), RUGGEDCOM RS1600F (All versions), RUGGEDCOM RS1600T (All versions), RUGGEDCOM RS400 (All versions), RUGGEDCOM RS401 (All versions), RUGGEDCOM RS416 (All versions), RUGGEDCOM RS416P (All versions), RUGGEDCOM RS416Pv2 V4.X (All versions), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.10.0), RUGGEDCOM RS416v2 V4.X (All versions), RUGGEDCOM RS416v2 V5.X (All versions < V5.10.0), RUGGEDCOM RS8000 (All versions), RUGGEDCOM RS8000A (All versions), RUGGEDCOM RS8000H (All versions), RUGGEDCOM RS8000T (All versions), RUGGEDCOM RS900 (All versions), RUGGEDCOM RS900 (32M) V4.X (All versions), RUGGEDCOM RS900 (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RS900G (All versions), RUGGEDCOM RS900G (32M) V4.X (All versions), RUGGEDCOM RS900G (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RS900GP (All versions), RUGGEDCOM RS900L (All versions), RUGGEDCOM RS900M-GETS-C01 (All versions), RUGGEDCOM RS900M-GETS-XX (All versions), RUGGEDCOM RS900M-STND-C01 (All versions), RUGGEDCOM RS900M-STND-XX (All versions), RUGGEDCOM RS900W (All versions), RUGGEDCOM RS910 (All versions), RUGGEDCOM RS910L (All versions), RUGGEDCOM RS910W (All versions), RUGGEDCOM RS920L (All versions), RUGGEDCOM RS920W (All versions), RUGGEDCOM RS930L (All versions), RUGGEDCOM RS930W (All versions), RUGGEDCOM RS940G (All versions), RUGGEDCOM RS969 (All versions), RUGGEDCOM RSG2100 (All versions), RUGGEDCOM RSG2100 (32M) V4.X (All versions), RUGGEDCOM RSG2100 (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RSG2100P (All versions), RUGGEDCOM RSG2100P (32M) V4.X (All versions), RUGGEDCOM RSG2100P (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RSG2200 (All versions), RUGGEDCOM RSG2288 V4.X (All versions), RUGGEDCOM RSG2288 V5.X (All versions < V5.10.0), RUGGEDCOM RSG2300 V4.X (All versions), RUGGEDCOM RSG2300 V5.X (All versions < V5.10.0), RUGGEDCOM RSG2300P V4.X (All versions), RUGGEDCOM RSG2300P V5.X (All versions < V5.10.0), RUGGEDCOM RSG2488 V4.X (All versions), RUGGEDCOM RSG2488 V5.X (All versions < V5.10.0), RUGGEDCOM RSG907R (All versions < V5.10.0), RUGGEDCOM RSG908C (All versions < V5.10.0), RUGGEDCOM RSG909R (All versions < V5.10.0), RUGGEDCOM RSG910C (All versions < V5.10.0), RUGGEDCOM RSG920P V4.X (All versions), RUGGEDCOM RSG920P V5.X (All versions < V5.10.0), RUGGEDCOM RSL910 (All versions < V5.10.0), RUGGEDCOM RST2228 (All versions < V5.10.0), RUGGEDCOM RST2228P (All versions < V5.10.0), RUGGEDCOM RST916C (All versions < V5.10.0), RUGGEDCOM RST916P (All versions < V5.10.0). The affected products support insecure cryptographic algorithms. An attacker could leverage these legacy algorithms to achieve a man-in-the-middle attack or impersonate communicating parties.

Action-Not Available
Vendor-Siemens AG
Product-RUGGEDCOM RS900G (32M) V4.XRUGGEDCOM RS910WRUGGEDCOM RSG2288 V4.XRUGGEDCOM M2100RUGGEDCOM RSG2288 V5.XRUGGEDCOM RS400RUGGEDCOM RS8000RUGGEDCOM RS1600TRUGGEDCOM RSG910CRUGGEDCOM RS8000HRUGGEDCOM RST916CRUGGEDCOM i800RUGGEDCOM RS900LRUGGEDCOM RST916PRUGGEDCOM RSG920P V4.XRUGGEDCOM RS900M-GETS-C01RUGGEDCOM RSG2200RUGGEDCOM RS930WRUGGEDCOM RMC8388 V5.XRUGGEDCOM i802RUGGEDCOM RP110RUGGEDCOM RS416PRUGGEDCOM M969RUGGEDCOM RSG909RRUGGEDCOM RSG2100 (32M) V5.XRUGGEDCOM RS416Pv2 V4.XRUGGEDCOM RS920LRUGGEDCOM i803RUGGEDCOM RSG2300 V4.XRUGGEDCOM RMC8388 V4.XRUGGEDCOM RSG2100P (32M) V5.XRUGGEDCOM RSG2100P (32M) V4.XRUGGEDCOM RS900M-GETS-XXRUGGEDCOM RS910LRUGGEDCOM RS1600FRUGGEDCOM RS416v2 V4.XRUGGEDCOM RS900 (32M) V4.XRUGGEDCOM RST2228PRUGGEDCOM RSG2300P V4.XRUGGEDCOM RS1600RUGGEDCOM RSG920P V5.XRUGGEDCOM RS900WRUGGEDCOM M2200RUGGEDCOM RS8000TRUGGEDCOM i801RUGGEDCOM RS930LRUGGEDCOM RSG2100RUGGEDCOM RS900GRUGGEDCOM RS900GPRUGGEDCOM RSG2488 V4.XRUGGEDCOM RSL910RUGGEDCOM RS940GRUGGEDCOM RST2228RUGGEDCOM RSG2100 (32M) V4.XRUGGEDCOM RS900 (32M) V5.XRUGGEDCOM RS900RUGGEDCOM RS416RUGGEDCOM RS900M-STND-C01RUGGEDCOM RS900M-STND-XXRUGGEDCOM RS416Pv2 V5.XRUGGEDCOM RS910RUGGEDCOM RSG908CRUGGEDCOM RMC30RUGGEDCOM RSG2300 V5.XRUGGEDCOM RS900G (32M) V5.XRUGGEDCOM RSG2300P V5.XRUGGEDCOM RS416v2 V5.XRUGGEDCOM RS969RUGGEDCOM RSG907RRUGGEDCOM RSG2488 V5.XRUGGEDCOM RS8000ARUGGEDCOM RS920WRUGGEDCOM RSG2100PRUGGEDCOM RS401
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2020-28396
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.17% / 39.20%
||
7 Day CHG~0.00%
Published-14 Dec, 2020 | 21:05
Updated-04 Aug, 2024 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SICAM A8000 CP-8000 (All versions < V16), SICAM A8000 CP-8021 (All versions < V16), SICAM A8000 CP-8022 (All versions < V16). A web server misconfiguration of the affected device can cause insecure ciphers usage by a user´s browser. An attacker in a privileged position could decrypt the communication and compromise confidentiality and integrity of the transmitted information.

Action-Not Available
Vendor-Siemens AG
Product-sicam_a8000_cp-8000sicam_a8000_cp-8021_firmwaresicam_a8000_cp-8022sicam_a8000_cp-8000_firmwaresicam_a8000_cp-8021sicam_a8000_cp-8022_firmwareSICAM A8000 CP-8022SICAM A8000 CP-8021SICAM A8000 CP-8000
CWE ID-CWE-693
Protection Mechanism Failure
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2023-36749
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-7.4||HIGH
EPSS-0.08% / 25.11%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 09:07
Updated-27 Nov, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The webserver of the affected devices support insecure TLS 1.0 protocol. An attacker could achieve a man-in-the-middle attack and compromise confidentiality and integrity of data.

Action-Not Available
Vendor-Siemens AG
Product-ruggedcom_rox_mx5000reruggedcom_rox_rx1511ruggedcom_rox_rx1512_firmwareruggedcom_rox_rx1512ruggedcom_rox_mx5000_firmwareruggedcom_rox_rx1511_firmwareruggedcom_rox_rx1510ruggedcom_rox_rx1400_firmwareruggedcom_rox_rx1500_firmwareruggedcom_rox_rx1400ruggedcom_rox_rx1510_firmwareruggedcom_rox_rx1500ruggedcom_rox_rx1524_firmwareruggedcom_rox_rx5000ruggedcom_rox_rx1501ruggedcom_rox_rx1536ruggedcom_rox_mx5000ruggedcom_rox_rx1524ruggedcom_rox_rx1536_firmwareruggedcom_rox_mx5000re_firmwareruggedcom_rox_rx1501_firmwareruggedcom_rox_rx5000_firmwareRUGGEDCOM ROX MX5000RERUGGEDCOM ROX RX1511RUGGEDCOM ROX RX1536RUGGEDCOM ROX RX1400RUGGEDCOM ROX RX1501RUGGEDCOM ROX RX1500RUGGEDCOM ROX RX5000RUGGEDCOM ROX MX5000RUGGEDCOM ROX RX1524RUGGEDCOM ROX RX1510RUGGEDCOM ROX RX1512ruggedcom_rox_mx5000reruggedcom_rox_rx1524ruggedcom_rox_rx1400ruggedcom_rox_rx1501ruggedcom_rox_rx1500ruggedcom_rox_rx1511ruggedcom_rox_rx5000ruggedcom_rox_rx1512ruggedcom_rox_rx1536ruggedcom_rox_mx5000ruggedcom_rox_rx1510
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2025-41223
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-6.3||MEDIUM
EPSS-0.02% / 2.51%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 10:35
Updated-08 Jul, 2025 | 20:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in RUGGEDCOM i800 (All versions), RUGGEDCOM i801 (All versions), RUGGEDCOM i802 (All versions), RUGGEDCOM i803 (All versions), RUGGEDCOM M2100 (All versions), RUGGEDCOM M2200 (All versions), RUGGEDCOM M969 (All versions), RUGGEDCOM RMC30 (All versions), RUGGEDCOM RMC8388 V4.X (All versions), RUGGEDCOM RMC8388 V5.X (All versions < V5.10.0), RUGGEDCOM RP110 (All versions), RUGGEDCOM RS1600 (All versions), RUGGEDCOM RS1600F (All versions), RUGGEDCOM RS1600T (All versions), RUGGEDCOM RS400 (All versions), RUGGEDCOM RS401 (All versions), RUGGEDCOM RS416 (All versions), RUGGEDCOM RS416P (All versions), RUGGEDCOM RS416Pv2 V4.X (All versions), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.10.0), RUGGEDCOM RS416v2 V4.X (All versions), RUGGEDCOM RS416v2 V5.X (All versions < V5.10.0), RUGGEDCOM RS8000 (All versions), RUGGEDCOM RS8000A (All versions), RUGGEDCOM RS8000H (All versions), RUGGEDCOM RS8000T (All versions), RUGGEDCOM RS900 (All versions), RUGGEDCOM RS900 (32M) V4.X (All versions), RUGGEDCOM RS900 (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RS900G (All versions), RUGGEDCOM RS900G (32M) V4.X (All versions), RUGGEDCOM RS900G (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RS900GP (All versions), RUGGEDCOM RS900L (All versions), RUGGEDCOM RS900M-GETS-C01 (All versions), RUGGEDCOM RS900M-GETS-XX (All versions), RUGGEDCOM RS900M-STND-C01 (All versions), RUGGEDCOM RS900M-STND-XX (All versions), RUGGEDCOM RS900W (All versions), RUGGEDCOM RS910 (All versions), RUGGEDCOM RS910L (All versions), RUGGEDCOM RS910W (All versions), RUGGEDCOM RS920L (All versions), RUGGEDCOM RS920W (All versions), RUGGEDCOM RS930L (All versions), RUGGEDCOM RS930W (All versions), RUGGEDCOM RS940G (All versions), RUGGEDCOM RS969 (All versions), RUGGEDCOM RSG2100 (All versions), RUGGEDCOM RSG2100 (32M) V4.X (All versions), RUGGEDCOM RSG2100 (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RSG2100P (All versions), RUGGEDCOM RSG2100P (32M) V4.X (All versions), RUGGEDCOM RSG2100P (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RSG2200 (All versions), RUGGEDCOM RSG2288 V4.X (All versions), RUGGEDCOM RSG2288 V5.X (All versions < V5.10.0), RUGGEDCOM RSG2300 V4.X (All versions), RUGGEDCOM RSG2300 V5.X (All versions < V5.10.0), RUGGEDCOM RSG2300P V4.X (All versions), RUGGEDCOM RSG2300P V5.X (All versions < V5.10.0), RUGGEDCOM RSG2488 V4.X (All versions), RUGGEDCOM RSG2488 V5.X (All versions < V5.10.0), RUGGEDCOM RSG907R (All versions < V5.10.0), RUGGEDCOM RSG908C (All versions < V5.10.0), RUGGEDCOM RSG909R (All versions < V5.10.0), RUGGEDCOM RSG910C (All versions < V5.10.0), RUGGEDCOM RSG920P V4.X (All versions), RUGGEDCOM RSG920P V5.X (All versions < V5.10.0), RUGGEDCOM RSL910 (All versions < V5.10.0), RUGGEDCOM RST2228 (All versions < V5.10.0), RUGGEDCOM RST2228P (All versions < V5.10.0), RUGGEDCOM RST916C (All versions < V5.10.0), RUGGEDCOM RST916P (All versions < V5.10.0). The affected devices support the TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 cipher suite, which uses CBC (Cipher Block Chaining) mode that is known to be vulnerable to timing attacks. This could allow an attacker to compromise the integrity and confidentiality of encrypted communications.

Action-Not Available
Vendor-Siemens AG
Product-RUGGEDCOM RS900G (32M) V4.XRUGGEDCOM RS910WRUGGEDCOM RSG2288 V4.XRUGGEDCOM M2100RUGGEDCOM RSG2288 V5.XRUGGEDCOM RS400RUGGEDCOM RS8000RUGGEDCOM RS1600TRUGGEDCOM RSG910CRUGGEDCOM RS8000HRUGGEDCOM RST916CRUGGEDCOM i800RUGGEDCOM RS900LRUGGEDCOM RST916PRUGGEDCOM RSG920P V4.XRUGGEDCOM RS900M-GETS-C01RUGGEDCOM RSG2200RUGGEDCOM RS930WRUGGEDCOM RMC8388 V5.XRUGGEDCOM i802RUGGEDCOM RP110RUGGEDCOM RS416PRUGGEDCOM M969RUGGEDCOM RSG909RRUGGEDCOM RSG2100 (32M) V5.XRUGGEDCOM RS416Pv2 V4.XRUGGEDCOM RS920LRUGGEDCOM i803RUGGEDCOM RSG2300 V4.XRUGGEDCOM RMC8388 V4.XRUGGEDCOM RSG2100P (32M) V5.XRUGGEDCOM RSG2100P (32M) V4.XRUGGEDCOM RS900M-GETS-XXRUGGEDCOM RS910LRUGGEDCOM RS1600FRUGGEDCOM RS416v2 V4.XRUGGEDCOM RS900 (32M) V4.XRUGGEDCOM RST2228PRUGGEDCOM RSG2300P V4.XRUGGEDCOM RS1600RUGGEDCOM RSG920P V5.XRUGGEDCOM RS900WRUGGEDCOM M2200RUGGEDCOM RS8000TRUGGEDCOM i801RUGGEDCOM RS930LRUGGEDCOM RSG2100RUGGEDCOM RS900GRUGGEDCOM RS900GPRUGGEDCOM RSG2488 V4.XRUGGEDCOM RSL910RUGGEDCOM RS940GRUGGEDCOM RST2228RUGGEDCOM RSG2100 (32M) V4.XRUGGEDCOM RS900 (32M) V5.XRUGGEDCOM RS900RUGGEDCOM RS416RUGGEDCOM RS900M-STND-C01RUGGEDCOM RS900M-STND-XXRUGGEDCOM RS416Pv2 V5.XRUGGEDCOM RS910RUGGEDCOM RSG908CRUGGEDCOM RMC30RUGGEDCOM RSG2300 V5.XRUGGEDCOM RS900G (32M) V5.XRUGGEDCOM RSG2300P V5.XRUGGEDCOM RS416v2 V5.XRUGGEDCOM RS969RUGGEDCOM RSG907RRUGGEDCOM RSG2488 V5.XRUGGEDCOM RS8000ARUGGEDCOM RS920WRUGGEDCOM RSG2100PRUGGEDCOM RS401
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2019-18340
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 18.14%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0), Control Center Server (CCS) (All versions >= V1.5.0), SiNVR/SiVMS Video Server (All versions < V5.0.0), SiNVR/SiVMS Video Server (All versions >= V5.0.0). Both the SiVMS/SiNVR Video Server and the Control Center Server (CCS) store user and device passwords by applying weak cryptography. A local attacker could exploit this vulnerability to extract the passwords from the user database and/or the device configuration files to conduct further attacks.

Action-Not Available
Vendor-Siemens AG
Product-sinvr_3_video_serversinvr_3_central_control_serverControl Center Server (CCS)SiNVR/SiVMS Video Server
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2022-46140
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-7.1||HIGH
EPSS-0.09% / 25.83%
||
7 Day CHG~0.00%
Published-13 Dec, 2022 | 00:00
Updated-21 Apr, 2025 | 13:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Affected devices use a weak encryption scheme to encrypt the debug zip file. This could allow an authenticated attacker to decrypt the contents of the file and retrieve debug information about the system.

Action-Not Available
Vendor-Siemens AG
Product-scalance_xb205-3ldscalance_xb216_firmwarescalance_xp216_firmwarescalance_xr324wg_firmwarescalance_xc224-4c_g_firmwarescalance_w1788-2_m12scalance_w786-1_rj45_firmwarescalance_wam766-1scalance_xr324wgscalance_m826-2_shdsl-routerscalance_wam766-1_ecc_firmwarescalance_xr524-8c_firmwarescalance_w748-1_m12_firmwarescalance_w738-1_m12scalance_sc646-2cscalance_m804pb_firmwarescalance_xp216eec_firmwarescalance_w774-1_rj45scalance_sc636-2cscalance_xc208_eecscalance_w788-2_m12_eecscalance_xc206-2sfp_eecscalance_m812-1_adsl-router_firmwarescalance_xc224-4c_g_eecscalance_wam766-1_eccscalance_xp208eecscalance_w778-1_m12scalance_xb205-3ruggedcom_rm1224_lte\(4g\)_eu_firmwarescalance_wum766-1_6ghz_firmwarescalance_xc206-2sfp_g_firmwarescalance_xc216eec_firmwarescalance_xr528-6m_firmwarescalance_w1748-1_m12scalance_m804pbscalance_xc224_firmwarescalance_mum856-1scalance_m874-3scalance_xm416-4c_firmwarescalance_xc206-2sfp_gscalance_xf204-2bca_dnascalance_xm416-4cscalance_xp216scalance_w1788-1_m12_firmwaresiplus_net_scalance_xc208scalance_wam763-1scalance_xf204_dna_firmwarescalance_xp216poe_eec_firmwarescalance_xc206-2g_poe_eecscalance_w1788-1_m12scalance_xb213-3_firmwarescalance_w721-1_rj45scalance_sc632-2cscalance_wum763-1scalance_m874-3_firmwarescalance_xc216-4c_gscalance_w738-1_m12_firmwarescalance_wum766-1scalance_xc206-2g_poescalance_w761-1_rj45_firmwarescalance_s615_eecscalance_xc216-4c_firmwarescalance_xc216-4c_g_firmwarescalance_xm408-8c_firmwarescalance_xp208poe_eecscalance_w788-2_m12_eec_firmwarescalance_w761-1_rj45siplus_net_scalance_xc206-2sfpscalance_xc216-3g_poe_firmwarescalance_xb213-3ldscalance_xc224-4c_g_eec_firmwarescalance_xr524-8cscalance_m816-1_adsl-routerscalance_xc208_poe_firmwarescalance_w722-1_rj45_firmwarescalance_xf204siplus_net_scalance_xc206-2_firmwarescalance_s615_eec_firmwarescalance_sc626-2cscalance_xc206-2sfp_g_eecscalance_w786-2_rj45scalance_xb213-3scalance_xr326-2c_poe_firmwarescalance_xr328-4c_wgscalance_xc206-2_firmwarescalance_w1788-2_eec_m12_firmwarescalance_s615siplus_net_scalance_xc216-4cscalance_xc208_firmwarescalance_xc208scalance_m874-2_firmwarescalance_xc224scalance_w1788-2ia_m12scalance_xf204-2bca_dna_firmwarescalance_xc224-4c_gscalance_xr552-12m_firmwarescalance_xb208scalance_xc216-4c_g_eecscalance_xc206-2sfp_g_eec_firmwaresiplus_net_scalance_xc206-2scalance_m874-2scalance_sc646-2c_firmwarescalance_sc642-2c_firmwarescalance_xp216poe_eecscalance_w734-1_rj45_firmwarescalance_xc206-2sfp_firmwarescalance_w786-2_sfpruggedcom_rm1224_lte\(4g\)_euscalance_w774-1_m12_rj45_firmwarescalance_wum763-1_firmwarescalance_m812-1_adsl-routerscalance_xp208poe_eec_firmwarescalance_xc206-2g_poe_eec_firmwaresiplus_net_scalance_xc206-2sfp_firmwarescalance_xc216-4cscalance_wum766-1_firmwarescalance_xr326-2c_poescalance_xr328-4c_wg_firmwarescalance_xr552-12mruggedcom_rm1224_lte\(4g\)_namsiplus_net_scalance_xc208_firmwarescalance_sc626-2c_firmwarescalance_sc632-2c_firmwarescalance_xf204-2ba_firmwarescalance_w786-2_rj45_firmwarescalance_w778-1_m12_firmwarescalance_xm408-4c_firmwarescalance_xr526-8c_firmwarescalance_w778-1_m12_eec_firmwarescalance_w734-1_rj45scalance_xb208_firmwarescalance_xc206-2sfpscalance_xb205-3_firmwarescalance_xc206-2g_poe_firmwarescalance_xr528-6mscalance_w1788-2_m12_firmwarescalance_w1748-1_m12_firmwarescalance_w788-2_m12scalance_m816-1_adsl-router_firmwarescalance_sc636-2c_firmwaresiplus_net_scalance_xc216-4c_firmwarescalance_s615_firmwarescalance_wam766-1_6ghz_firmwarescalance_xb205-3ld_firmwareruggedcom_rm1224_lte\(4g\)_nam_firmwarescalance_m876-3scalance_mum853-1_firmwarescalance_w774-1_m12_rj45scalance_w1788-2_eec_m12scalance_sc622-2cscalance_wam766-1_firmwarescalance_w788-1_m12scalance_wam763-1_firmwarescalance_xp208_firmwarescalance_w774-1_m12_eecscalance_xb213-3ld_firmwarescalance_xc216-4c_g_eec_firmwarescalance_w774-1_m12_eec_firmwarescalance_wam766-1_6ghzscalance_xc216scalance_xc208_poescalance_xb216scalance_m876-3_firmwarescalance_mum853-1scalance_w748-1_m12scalance_w774-1_rj45_firmwarescalance_xp208scalance_xr526-8cscalance_xf204-2bascalance_m826-2_shdsl-router_firmwarescalance_w1788-2ia_m12_firmwarescalance_xc206-2sfp_eec_firmwarescalance_xm408-8cscalance_xp208eec_firmwarescalance_xp216eecscalance_w721-1_rj45_firmwarescalance_w786-2_sfp_firmwarescalance_m876-4scalance_xf204_dnascalance_m876-4_firmwarescalance_xc208_eec_firmwarescalance_w778-1_m12_eecscalance_w788-2_m12_firmwarescalance_w786-2ia_rj45scalance_xc216_firmwarescalance_sc622-2c_firmwarescalance_xm408-4cscalance_xr326-2c_firmwarescalance_xr326-2cscalance_sc642-2cscalance_w788-1_rj45_firmwarescalance_xc206-2scalance_xf204_firmwarescalance_w788-1_m12_firmwarescalance_w786-2ia_rj45_firmwarescalance_xc216-3g_poescalance_xc216eecscalance_mum856-1_firmwarescalance_w722-1_rj45scalance_wum766-1_6ghzscalance_w786-1_rj45scalance_w788-1_rj45SCALANCE W774-1 RJ45SCALANCE M876-4 (NAM)SCALANCE W1788-2IA M12SCALANCE XB213-3 (ST, E/IP)SCALANCE XR524-8C, 24VSCALANCE XB213-3 (ST, PN)SCALANCE XC216EECRUGGEDCOM RM1224 LTE(4G) NAMSCALANCE XB205-3 (ST, PN)SCALANCE XC208SCALANCE XB213-3LD (SC, PN)SCALANCE XC206-2G PoESCALANCE XR328-4C WG (28xGE, DC 24V)SCALANCE XB205-3LD (SC, PN)SCALANCE M876-3SCALANCE W734-1 RJ45 (USA)SCALANCE MUM856-1 (RoW)SCALANCE XR324WG (24 X FE, DC 24V)SCALANCE XR528-6M (2HR2)SCALANCE XR528-6M (L3 int.)SCALANCE XB216 (E/IP)SCALANCE XC216-4CSCALANCE XB208 (E/IP)SCALANCE XR324WG (24 x FE, AC 230V)SCALANCE XC206-2 (SC)SCALANCE W778-1 M12 EECSCALANCE XR524-8C, 1x230VSCALANCE W788-1 M12SCALANCE XP208SCALANCE XR552-12M (2HR2)SCALANCE S615 EEC LAN-RouterSCALANCE XF204-2BA DNASCALANCE XB205-3LD (SC, E/IP)SCALANCE XF204-2BASCALANCE WUM763-1SIPLUS NET SCALANCE XC216-4CSCALANCE W788-2 M12 EECSCALANCE W786-2 RJ45SCALANCE XB213-3 (SC, PN)SCALANCE W1788-2 EEC M12SCALANCE XC206-2SFPSCALANCE XP216POE EECSCALANCE XM408-4C (L3 int.)SCALANCE W1788-2 M12SCALANCE W786-1 RJ45SCALANCE XP208EECSCALANCE MUM856-1 (EU)SCALANCE WAM766-1 (US)SCALANCE SC646-2CSCALANCE M826-2 SHDSL-RouterSCALANCE W786-2 SFPSCALANCE WUM766-1SCALANCE XR524-8C, 24V (L3 int.)SCALANCE XR552-12M (2HR2, L3 int.)SCALANCE XC206-2 (ST/BFOC)SCALANCE W722-1 RJ45SCALANCE S615 LAN-RouterSCALANCE XM416-4CSCALANCE W788-1 RJ45SCALANCE XR526-8C, 24V (L3 int.)SCALANCE XR528-6MSCALANCE XR528-6M (2HR2, L3 int.)SCALANCE XC216-4C GSCALANCE M874-2SCALANCE XR526-8C, 2x230VSCALANCE W1748-1 M12SCALANCE XP216 (Ethernet/IP)SCALANCE W774-1 M12 EECSCALANCE WAM766-1 EECSCALANCE XR328-4C WG (24xFE,4xGE,AC230V)SCALANCE XC224-4C GSCALANCE XC208G PoE (54 V DC)SCALANCE XC206-2G PoE EEC (54 V DC)SCALANCE XP208 (Ethernet/IP)SCALANCE M876-3 (ROK)SCALANCE XB216 (PN)SCALANCE XC216-4C G (EIP Def.)SCALANCE M876-4SCALANCE XR526-8C, 24VSCALANCE W734-1 RJ45SCALANCE SC636-2CSCALANCE W788-2 RJ45SCALANCE XM408-4CSCALANCE XC208G PoESCALANCE XR524-8C, 1x230V (L3 int.)SCALANCE W778-1 M12SCALANCE W748-1 RJ45SCALANCE XM408-8C (L3 int.)SCALANCE XB213-3LD (SC, E/IP)SCALANCE XC216SCALANCE XC208G EECSCALANCE XC208G (EIP def.)SCALANCE XC208GSCALANCE XR526-8C, 2x230V (L3 int.)SCALANCE XP216EECSCALANCE XC206-2G PoE (54 V DC)SCALANCE XM416-4C (L3 int.)RUGGEDCOM RM1224 LTE(4G) EUSCALANCE XC206-2SFP GSCALANCE W774-1 RJ45 (USA)SCALANCE MUM853-1 (EU)SCALANCE WAM766-1SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V)SCALANCE W778-1 M12 EEC (USA)SCALANCE W1788-1 M12SCALANCE W738-1 M12SCALANCE M876-4 (EU)SCALANCE XR524-8C, 2x230VSCALANCE XR526-8C, 1x230V (L3 int.)SCALANCE M804PBSCALANCE XC216-3G PoE (54 V DC)SCALANCE XR326-2C PoE WG (without UL)SCALANCE XB205-3 (SC, PN)SCALANCE WUM766-1 (USA)SCALANCE XC206-2SFP EECSCALANCE W721-1 RJ45SCALANCE XC206-2SFP G (EIP DEF.)SCALANCE SC632-2CSCALANCE XP208PoE EECSCALANCE W786-2IA RJ45SCALANCE XF204SCALANCE XF204 DNASCALANCE XB213-3 (SC, E/IP)SCALANCE XR524-8C, 2x230V (L3 int.)SCALANCE XB208 (PN)SCALANCE XC224SCALANCE XR326-2C PoE WGSCALANCE M874-3SCALANCE XB205-3 (ST, E/IP)SCALANCE XC208EECSCALANCE WAM763-1SCALANCE XR328-4C WG (24XFE, 4XGE, 24V)SIPLUS NET SCALANCE XC206-2SCALANCE XM408-8CSCALANCE W748-1 M12SCALANCE SC642-2CSCALANCE XR552-12MSCALANCE XR526-8C, 1x230VSCALANCE XR328-4C WG (28xGE, AC 230V)SIPLUS NET SCALANCE XC208SCALANCE M812-1 ADSL-RouterSCALANCE XC206-2SFP G EECSCALANCE XC224-4C G EECSCALANCE WAM766-1 EEC (US)SCALANCE W761-1 RJ45SCALANCE XC216-3G PoESCALANCE M816-1 ADSL-RouterSCALANCE XC216-4C G EECSIPLUS NET SCALANCE XC206-2SFPSCALANCE XP216SCALANCE XC224-4C G (EIP Def.)SCALANCE SC622-2CSCALANCE SC626-2CSCALANCE W788-2 M12
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2019-10929
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-5.9||MEDIUM
EPSS-0.14% / 34.59%
||
7 Day CHG~0.00%
Published-13 Aug, 2019 | 18:55
Updated-04 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC CP 1626 (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V20.8), SIMATIC HMI Panel (incl. SIPLUS variants) (All versions), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.4.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.8.1), SIMATIC S7-1500 Software Controller (All versions < V20.8), SIMATIC S7-PLCSIM Advanced (All versions < V3.0), SIMATIC STEP 7 (TIA Portal) (All versions < V16), SIMATIC WinCC (TIA Portal) (All versions < V16), SIMATIC WinCC OA (All versions < V3.16 P013), SIMATIC WinCC Runtime Advanced (All versions < V16), SIMATIC WinCC Runtime Professional (All versions < V16), TIM 1531 IRC (incl. SIPLUS NET variants) (All versions < V2.1). Affected devices contain a message protection bypass vulnerability due to certain properties in the calculation used for integrity protection. This could allow an attacker in a Man-in-the-Middle position to modify network traffic sent on port 102/tcp to the affected devices.

Action-Not Available
Vendor-Siemens AG
Product-simatic_et_200sp_open_controller_cpu_1515sp_pc2_firmwaresimatic_s7-1200_cpu_1214csimatic_winccsimatic_s7-1500_cpu_1511csimatic_wincc_open_architecturesimatic_s7-1200_cpu_1212csimatic_s7-1500simatic_cp_1626simatic_wincc_runtimesimatic_tim_1531_irc_firmwaresimatic_s7-1500_cpu_1511c_firmwaresimatic_s7-1200_cpu_1217csimatic_hmi_panel_firmwaresimatic_s7-1500_cpu_1512c_firmwaresimatic_s7-1200_cpu_1215c_firmwaresimatic_hmi_panelsimatic_step_7simatic_s7-1200_cpu_1212c_firmwaresimatic_s7-1200_cpu_1217c_firmwaresimatic_tim_1531_ircsimatic_s7-1200_cpu_1215csimatic_s7-1200_cpu_1211csimatic_s7-1500_cpu_1518simatic_et_200sp_open_controller_cpu_1515sp_pc_firmwaresimatic_net_pcsimatic_s7-1500_cpu_1512csimatic_cp_1626_firmwaresimatic_s7-1200_cpu_1214c_firmwaresimatic_s7-plcsim_advancedsimatic_s7-1500_cpu_1518_firmwaresimatic_et_200sp_open_controller_cpu_1515sp_pcsimatic_s7-1200_cpu_1211c_firmwaresimatic_et_200sp_open_controller_cpu_1515sp_pc2SIMATIC NET PC Software V14SIMATIC WinCC Runtime AdvancedSIMATIC NET PC Software V15TIM 1531 IRC (incl. SIPLUS NET variants)SIMATIC WinCC OASIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)SIMATIC S7-1200 CPU family (incl. SIPLUS variants)SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)SIMATIC CP 1626SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)SIMATIC STEP 7 (TIA Portal)SIMATIC HMI Panel (incl. SIPLUS variants)SIMATIC S7-1500 Software ControllerSIMATIC WinCC (TIA Portal)SIMATIC WinCC Runtime ProfessionalSIMATIC S7-PLCSIM Advanced
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2024-41986
Matching Score-6
Assigner-Siemens
ShareView Details
Matching Score-6
Assigner-Siemens
CVSS Score-6.1||MEDIUM
EPSS-0.01% / 0.36%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 11:16
Updated-12 Aug, 2025 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application support insecure TLS 1.0 and 1.1 protocol. An attacker could achieve a man-in-the-middle attack and compromise confidentiality and integrity of data.

Action-Not Available
Vendor-Siemens AG
Product-SmartClient modules Opcenter QL Home (SC)SOA CockpitSOA Audit
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2022-34310
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.05% / 14.13%
||
7 Day CHG~0.00%
Published-12 Feb, 2024 | 17:46
Updated-24 Apr, 2025 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM CICS TX information disclosure

IBM CICS TX Standard and Advanced 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229441.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-linux_kernelcics_txCICS TX StandardCICS TX Advanced
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2021-22170
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.07% / 20.68%
||
7 Day CHG~0.00%
Published-06 Dec, 2021 | 17:35
Updated-03 Aug, 2024 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows an attacker to decrypt some of the database's encrypted content

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2019-16208
Matching Score-4
Assigner-Brocade Communications Systems, LLC
ShareView Details
Matching Score-4
Assigner-Brocade Communications Systems, LLC
CVSS Score-7.5||HIGH
EPSS-0.08% / 24.55%
||
7 Day CHG~0.00%
Published-08 Nov, 2019 | 17:03
Updated-05 Aug, 2024 | 01:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Password-based encryption (PBE) algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several services (Radius, TACAS, etc.).

Action-Not Available
Vendor-Brocade Communications Systems, Inc. (Broadcom Inc.)Broadcom Inc.
Product-brocade_sannavBrocade SANnav
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2022-34444
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-5.9||MEDIUM
EPSS-0.08% / 24.31%
||
7 Day CHG~0.00%
Published-10 Feb, 2023 | 20:38
Updated-26 Mar, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, versions 9.2.0.x through 9.4.0.x contain an information vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to cause data leak.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFS
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2022-34319
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.04% / 10.01%
||
7 Day CHG~0.00%
Published-14 Nov, 2022 | 17:23
Updated-29 Apr, 2025 | 19:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM CICS TX information disclosure

IBM CICS TX 11.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229463.

Action-Not Available
Vendor-IBM Corporation
Product-cics_txCICS TX
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2022-34309
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.03% / 7.89%
||
7 Day CHG~0.00%
Published-12 Feb, 2024 | 19:06
Updated-03 Aug, 2024 | 09:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM CICS TX information disclosure

IBM CICS TX Standard and Advanced 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229440.

Action-Not Available
Vendor-IBM Corporation
Product-cics_txCICS TX AdvancedCICS TX Standard
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2022-34361
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.03% / 6.62%
||
7 Day CHG~0.00%
Published-06 Dec, 2022 | 17:52
Updated-23 Apr, 2025 | 13:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Sterling Secure Proxy information disclosure

IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 230522.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-linux_kernelsterling_secure_proxylinux_on_ibm_zwindowsaixSterling Secure Proxy
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2021-20419
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.10% / 28.45%
||
7 Day CHG~0.00%
Published-24 May, 2021 | 13:55
Updated-16 Sep, 2024 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium 11.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196280.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-linux_kernelsecurity_guardiumSecurity Guardium
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2023-5627
Matching Score-4
Assigner-Moxa Inc.
ShareView Details
Matching Score-4
Assigner-Moxa Inc.
CVSS Score-7.5||HIGH
EPSS-0.08% / 23.56%
||
7 Day CHG~0.00%
Published-01 Nov, 2023 | 15:04
Updated-05 Sep, 2024 | 15:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect Implementation of Authentication Algorithm Vulnerability

A vulnerability has been identified in NPort 6000 Series, making the authentication mechanism vulnerable. This vulnerability arises from the incorrect implementation of sensitive information protection, potentially allowing malicious users to gain unauthorized access to the web service.

Action-Not Available
Vendor-Moxa Inc.
Product-nport_6610-32_firmwarenport_6650-32-hv-t_firmwarenport_6450_firmwarenport_6650-8_firmwarenport_6650-16-t_firmwarenport_6250-s-sc_firmwarenport_6150nport_6610-8-48vnport_6650-16-hv-tnport_6650-32-hv-tnport_6650-8-tnport_6250nport_6610-16_firmwarenport_6450-t_firmwarenport_6250_firmwarenport_6610-16-48vnport_6150_firmwarenport_6250-s-sc-tnport_6650-8-hv-tnport_6250-m-sc-t_firmwarenport_6650-16-tnport_6650-32-48v_firmwarenport_6650-32-48vnport_6450nport_6610-8_firmwarenport_6610-32-48v_firmwarenport_6650-16-hv-t_firmwarenport_6450-tnport_6150-t_firmwarenport_6250-tnport_6250-s-sc-t_firmwarenport_6250-s-scnport_6610-32-48vnport_6610-32nport_6250-t_firmwarenport_6650-8-48vnport_6650-8-hv-t_firmwarenport_6610-16-48v_firmwarenport_6650-16-48v_firmwarenport_6250-m-sc_firmwarenport_6610-8nport_6150-tnport_6650-16nport_6650-8nport_6650-16_firmwarenport_6610-16nport_6650-32_firmwarenport_6650-8-48v_firmwarenport_6650-8-t_firmwarenport_6650-16-48vnport_6650-32nport_6250-m-sc-tnport_6610-8-48v_firmwarenport_6250-m-scNPort 6000 Seriesnport_6000
CWE ID-CWE-303
Incorrect Implementation of Authentication Algorithm
CWE ID-CWE-257
Storing Passwords in a Recoverable Format
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CWE ID-CWE-287
Improper Authentication
CVE-2024-32852
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-5.9||MEDIUM
EPSS-0.24% / 46.32%
||
7 Day CHG~0.00%
Published-02 Jul, 2024 | 06:57
Updated-02 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.0 contain use of a broken or risky cryptographic algorithm vulnerability. An unprivileged network malicious attacker could potentially exploit this vulnerability, leading to data leaks.

Action-Not Available
Vendor-Dell Inc.
Product-powerscale_onefsPowerScale OneFSpowerscale_onefs
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2023-50937
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.03% / 7.11%
||
7 Day CHG~0.00%
Published-02 Feb, 2024 | 00:10
Updated-02 Aug, 2024 | 22:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM PowerSC information disclosure

IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 275117.

Action-Not Available
Vendor-IBM Corporation
Product-powerscPowerSCpowersc
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2022-33160
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-3.7||LOW
EPSS-0.03% / 7.50%
||
7 Day CHG~0.00%
Published-06 Oct, 2023 | 21:09
Updated-19 Sep, 2024 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Directory Suite information disclosure

IBM Security Directory Suite 8.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 228568.

Action-Not Available
Vendor-IBM Corporation
Product-security_directory_suite_vaSecurity Directory Suite
CWE ID-CWE-757
Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2021-20566
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.09% / 25.87%
||
7 Day CHG~0.00%
Published-16 Jun, 2021 | 16:15
Updated-16 Sep, 2024 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Resilient SOAR V38.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 199238.

Action-Not Available
Vendor-Red Hat, Inc.IBM Corporation
Product-resilient_security_orchestration_automation_and_responselinuxResilient SOAR
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2020-9491
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-2.83% / 85.62%
||
7 Day CHG~0.00%
Published-01 Oct, 2020 | 19:57
Updated-04 Aug, 2024 | 10:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Apache NiFi 1.2.0 to 1.11.4, the NiFi UI and API were protected by mandating TLS v1.2, as well as listening connections established by processors like ListenHTTP, HandleHttpRequest, etc. However intracluster communication such as cluster request replication, Site-to-Site, and load balanced queues continued to support TLS v1.0 or v1.1.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-nifiApache NiFi
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2022-28622
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-7.5||HIGH
EPSS-0.26% / 48.89%
||
7 Day CHG~0.00%
Published-27 Jun, 2022 | 18:51
Updated-03 Aug, 2024 | 05:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential security vulnerability has been identified in HPE StoreOnce Software. The SSH server supports weak key exchange algorithms which could lead to remote unauthorized access. HPE has made the following software update to resolve the vulnerability in HPE StoreOnce Software 4.3.2.

Action-Not Available
Vendor-n/aHewlett Packard Enterprise (HPE)
Product-storeonce_3640_firmwarestoreonce_3640HPE StoreOnce Software
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2020-9528
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.18% / 39.35%
||
7 Day CHG~0.00%
Published-10 Aug, 2020 | 15:25
Updated-04 Aug, 2024 | 10:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Firmware developed by Shenzhen Hichip Vision Technology (V6 through V20), as used by many different vendors in millions of Internet of Things devices, suffers from cryptographic issues that allow remote attackers to access user session data, as demonstrated by eavesdropping on user video/audio streams, capturing credentials, and compromising devices. This affects products marketed under the following brand names: Accfly, Alptop, Anlink, Besdersec, BOAVISION, COOAU, CPVAN, Ctronics, D3D Security, Dericam, Elex System, Elite Security, ENSTER, ePGes, Escam, FLOUREON, GENBOLT, Hongjingtian (HJT), ICAMI, Iegeek, Jecurity, Jennov, KKMoon, LEFTEK, Loosafe, Luowice, Nesuniq, Nettoly, ProElite, QZT, Royallite, SDETER, SV3C, SY2L, Tenvis, ThinkValue, TOMLOV, TPTEK, WGCC, and ZILINK.

Action-Not Available
Vendor-hichipn/a
Product-shenzhen_hichip_vision_technology_firmwaren/a
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2025-8260
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-2.3||LOW
EPSS-0.01% / 1.98%
||
7 Day CHG~0.00%
Published-28 Jul, 2025 | 06:02
Updated-31 Jul, 2025 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vaelsys MD4 Hash vgrid_server.php weak hash

A vulnerability has been found in Vaelsys 4.1.0 and classified as problematic. This vulnerability affects unknown code of the file /grid/vgrid_server.php of the component MD4 Hash Handler. The manipulation of the argument xajaxargs leads to use of weak hash. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-vaelsysn/a
Product-vaelsysVaelsys
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CWE ID-CWE-328
Use of Weak Hash
CVE-2022-28382
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.40% / 60.10%
||
7 Day CHG~0.00%
Published-08 Jun, 2022 | 00:00
Updated-03 Aug, 2024 | 05:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Verbatim drives through 2022-03-31. Due to the use of an insecure encryption AES mode (Electronic Codebook, aka ECB), an attacker may be able to extract information even from encrypted data, for example by observing repeating byte patterns. The firmware of the USB-to-SATA bridge controller INIC-3637EN uses AES-256 with the ECB mode. This operation mode of block ciphers (e.g., AES) always encrypts identical plaintext data, in this case blocks of 16 bytes, to identical ciphertext data. For some data, for instance bitmap images, the lack of the cryptographic property called diffusion, within ECB, can leak sensitive information even in encrypted data. Thus, the use of the ECB operation mode can put the confidentiality of specific information at risk, even in an encrypted form. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number #49428, Store 'n' Go Secure Portable HDD GD25LK01-3637-C VER4.0, Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1, and Fingerprint Secure Portable Hard Drive Part Number #53650.

Action-Not Available
Vendor-verbatimn/a
Product-executive_fingerprint_secure_ssd_firmwarekeypad_secure_usb_3.2_gen_1_firmwarestore_\'n\'_go_secure_portable_hdd_firmwarekeypad_secure_usb_3.2_gen_1fingerprint_secure_portable_hard_drive_firmwarestore_\'n\'_go_secure_portable_hddfingerprint_secure_portable_hard_driveexecutive_fingerprint_secure_ssdn/a
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2022-28166
Matching Score-4
Assigner-Brocade Communications Systems, LLC
ShareView Details
Matching Score-4
Assigner-Brocade Communications Systems, LLC
CVSS Score-7.5||HIGH
EPSS-0.14% / 34.76%
||
7 Day CHG~0.00%
Published-27 Jun, 2022 | 17:51
Updated-03 Aug, 2024 | 05:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Brocade SANnav version before SANN2.2.0.2 and Brocade SANNav before 2.1.1.8, the implementation of TLS/SSL Server Supports the Use of Static Key Ciphers (ssl-static-key-ciphers) on ports 443 & 18082.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-sannavBrocade SANnav
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2020-6984
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.20% / 42.72%
||
7 Day CHG~0.00%
Published-16 Mar, 2020 | 15:41
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic function utilized to protect the password in MicroLogix is discoverable.

Action-Not Available
Vendor-n/aRockwell Automation, Inc.
Product-micrologix_1400_a_firmwaremicrologix_1100rslogix_500micrologix_1100_firmwaremicrologix_1400micrologix_1400_b_firmwareRockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2022-29249
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.14% / 34.71%
||
7 Day CHG~0.00%
Published-24 May, 2022 | 15:15
Updated-23 Apr, 2025 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reversible One-Way Hash and Use of a Broken or Risky Cryptographic Algorithm in io.github.javaezlib.JavaEZ

JavaEZ is a library that adds new functions to make Java easier. A weakness in JavaEZ 1.6 allows force decryption of locked text by unauthorized actors. The issue is NOT critical for non-secure applications, however may be critical in a situation where the highest levels of security are required. This issue ONLY affects v1.6 and does not affect anything pre-1.6. The vulnerability has been patched in release 1.7. Currently, there is no way to fix the issue without upgrading.

Action-Not Available
Vendor-javaez_projectJavaEZLib
Product-javaezJavaEZ
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CWE ID-CWE-328
Use of Weak Hash
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2020-6987
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.15% / 35.94%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 19:00
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the affected products use a weak cryptographic algorithm, which may allow confidential information to be disclosed.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-pt-7828-r-24pt-7528-12msc-12tx-4gsfp-wv-wv_firmwarept-7528-20mst-4tx-4gsfp-wv-wv_firmwarept-7528-16msc-8tx-4gsfp-hv-hvpt-7528-8mst-16tx-4gsfp-hv_firmwarept-7528-12mst-12tx-4gsfp-hv_firmwarept-7528-8ssc-16tx-4gsfp-hv-hv_firmwarept-7528-12mst-12tx-4gsfp-hv-hvpt-7528-8mst-16tx-4gsfp-hv-hv_firmwarept-7828-r-24-24pt-7528-12msc-12tx-4gsfp-hvpt-7528-8msc-16tx-4gsfp-wv-wvpt-7528-12mst-12tx-4gsfp-hvpt-7828-f-hv-hv_firmwarept-7528-20msc-4tx-4gsfp-wvpt-7528-16mst-8tx-4gsfp-wvpt-7528-12msc-12tx-4gsfp-wv_firmwarept-7828-r-24-24_firmwarept-7528-20msc-4tx-4gsfp-wv-wvpt-7828-r-hv-hv_firmwarept-7528-20mst-4tx-4gsfp-hvpt-7528-16msc-8tx-4gsfp-hv_firmwarept-7528-12msc-12tx-4gsfp-hv-hv_firmwarept-7528-8mst-16tx-4gsfp-wv-wv_firmwarept-7528-20mst-4tx-4gsfp-wv-wvpt-7528-8msc-16tx-4gsfp-hv_firmwarept-7828-f-24-hv_firmwarept-7828-f-48-hvpt-7828-r-48-hv_firmwarept-7828-f-24-24_firmwarept-7528-8msc-16tx-4gsfp-hv-hv_firmwarept-7528-8mst-16tx-4gsfp-wv-wvpt-7828-f-48-hv_firmwarept-7528-16msc-8tx-4gsfp-wvpt-7528-8ssc-16tx-4gsfp-wv-wvpt-7528-24tx-wv-wv_firmwarept-7528-20msc-4tx-4gsfp-wv_firmwarept-7828-r-24-hvpt-7828-f-hv-hvpt-7828-r-48-48_firmwarept-7828-f-hv_firmwarept-7528-24tx-wv-hvpt-7528-24tx-wv_firmwarept-7528-12msc-12tx-4gsfp-hv-hvpt-7528-24tx-wvpt-7528-16msc-8tx-4gsfp-wv_firmwarept-7828-r-48_firmwarept-7828-r-hv-hvpt-7528-16msc-8tx-4gsfp-wv-wvpt-7828-f-48_firmwarept-7528-8ssc-16tx-4gsfp-hv-hvpt-7528-12mst-12tx-4gsfp-wv-wv_firmwarept-7828-r-hv_firmwarept-7528-20mst-4tx-4gsfp-hv-hv_firmwarept-7528-8ssc-16tx-4gsfp-wv-wv_firmwarept-7828-f-24pt-7528-24tx-wv-hv_firmwarept-7528-8mst-16tx-4gsfp-hvpt-7528-24tx-hv-hv_firmwarept-7528-16mst-8tx-4gsfp-hv-hvpt-7528-16mst-8tx-4gsfp-hv-hv_firmwarept-7828-f-24_firmwarept-7528-8msc-16tx-4gsfp-hv-hvpt-7828-r-48pt-7528-16mst-8tx-4gsfp-wv-wv_firmwarept-7528-12msc-12tx-4gsfp-hv_firmwarept-7528-16msc-8tx-4gsfp-hv-hv_firmwarept-7528-8msc-16tx-4gsfp-wvpt-7528-20msc-4tx-4gsfp-hv-hv_firmwarept-7828-r-24-hv_firmwarept-7828-r-48-48pt-7528-20msc-4tx-4gsfp-hv_firmwarept-7528-8mst-16tx-4gsfp-wvpt-7528-20msc-4tx-4gsfp-wv-wv_firmwarept-7828-r-hvpt-7528-8mst-16tx-4gsfp-wv_firmwarept-7828-f-48-48_firmwarept-7828-r-48-hvpt-7528-20msc-4tx-4gsfp-hv-hvpt-7528-8msc-16tx-4gsfp-wv-wv_firmwarept-7528-16mst-8tx-4gsfp-wv_firmwarept-7528-12mst-12tx-4gsfp-wv_firmwarept-7528-12msc-12tx-4gsfp-wv-wvpt-7528-24tx-hv_firmwarept-7528-20mst-4tx-4gsfp-wv_firmwarept-7528-8msc-16tx-4gsfp-hvpt-7828-f-48-48pt-7528-16msc-8tx-4gsfp-wv-wv_firmwarept-7528-16mst-8tx-4gsfp-wv-wvpt-7528-8mst-16tx-4gsfp-hv-hvpt-7528-16mst-8tx-4gsfp-hv_firmwarept-7528-12mst-12tx-4gsfp-wv-wvpt-7528-20msc-4tx-4gsfp-hvpt-7528-16msc-8tx-4gsfp-hvpt-7528-24tx-wv-wvpt-7528-16mst-8tx-4gsfp-hvpt-7828-r-24_firmwarept-7528-20mst-4tx-4gsfp-hv_firmwarept-7528-20mst-4tx-4gsfp-hv-hvpt-7528-12mst-12tx-4gsfp-hv-hv_firmwarept-7528-24tx-hvpt-7528-8msc-16tx-4gsfp-wv_firmwarept-7828-f-hvpt-7528-24tx-hv-hvpt-7528-20mst-4tx-4gsfp-wvpt-7828-f-24-hvpt-7528-12mst-12tx-4gsfp-wvpt-7828-f-48pt-7528-12msc-12tx-4gsfp-wvpt-7828-f-24-24Moxa PT-7528 series firmware, Version 4.0 or lower, PT-7828 series firmware, Version 3.9 or lower
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2020-7511
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.15% / 36.26%
||
7 Day CHG~0.00%
Published-16 Jun, 2020 | 19:45
Updated-04 Aug, 2024 | 09:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to acquire a password by brute force.

Action-Not Available
Vendor-n/a
Product-easergy_t300easergy_t300_firmwareEasergy T300 (Firmware version 1.5.2 and older)
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2023-50481
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.08% / 24.33%
||
7 Day CHG~0.00%
Published-21 Dec, 2023 | 00:00
Updated-02 Aug, 2024 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in blinksocks version 3.3.8, allows remote attackers to obtain sensitive information via weak encryption algorithms in the component /presets/ssr-auth-chain.js.

Action-Not Available
Vendor-blinksocksn/a
Product-blinksocksn/a
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2022-24296
Matching Score-4
Assigner-Mitsubishi Electric Corporation
ShareView Details
Matching Score-4
Assigner-Mitsubishi Electric Corporation
CVSS Score-7.5||HIGH
EPSS-0.24% / 46.95%
||
7 Day CHG~0.00%
Published-08 Jun, 2022 | 14:11
Updated-03 Aug, 2024 | 04:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use of a Broken or Risky Cryptographic Algorithm vulnerability in Air Conditioning System G-150AD Ver. 3.21 and prior, Air Conditioning System AG-150A-A Ver. 3.21 and prior, Air Conditioning System AG-150A-J Ver. 3.21 and prior, Air Conditioning System GB-50AD Ver. 3.21 and prior, Air Conditioning System GB-50ADA-A Ver. 3.21 and prior, Air Conditioning System GB-50ADA-J Ver. 3.21 and prior, Air Conditioning System EB-50GU-A Ver. 7.10 and prior, Air Conditioning System EB-50GU-J Ver. 7.10 and prior, Air Conditioning System AE-200J Ver. 7.97 and prior, Air Conditioning System AE-200A Ver. 7.97 and prior, Air Conditioning System AE-200E Ver. 7.97 and prior, Air Conditioning System AE-50J Ver. 7.97 and prior, Air Conditioning System AE-50A Ver. 7.97 and prior, Air Conditioning System AE-50E Ver. 7.97 and prior, Air Conditioning System EW-50J Ver. 7.97 and prior, Air Conditioning System EW-50A Ver. 7.97 and prior, Air Conditioning System EW-50E Ver. 7.97 and prior, Air Conditioning System TE-200A Ver. 7.97 and prior, Air Conditioning System TE-50A Ver. 7.97 and prior and Air Conditioning System TW-50A Ver. 7.97 and prior allows a remote unauthenticated attacker to cause a disclosure of encrypted message of the air conditioning systems by sniffing encrypted communications.

Action-Not Available
Vendor-n/aMitsubishi Electric Corporation
Product-ae-200a_firmwareae-50agb-50aae-200ete-200atw-50aae-50jag-150a-j_firmwareae-50eae-50j_firmwareeb-50gu-aae-50a_firmwareew-50jeb-50gu-j_firmwarete-200a_firmwaregb-50a_firmwareew-50e_firmwarete-50a_firmwaregb-50ada-jtw-50a_firmwareae-200e_firmwareew-50aeb-50gu-jag-150a-a_firmwareew-50a_firmwareae-200j_firmwareew-50eeb-50gu-a_firmwaregb-50ada-a_firmwareg-150adae-200ate-50aag-150a-jg-150ad_firmwareag-150a-agb-50ada-j_firmwareae-50e_firmwareew-50j_firmwaregb-50ada-aae-200jAir Conditioning System G-150AD; Air Conditioning System AG-150A-A; Air Conditioning System AG-150A-J; Air Conditioning System GB-50AD; Air Conditioning System GB-50ADA-A; Air Conditioning System GB-50ADA-J; Air Conditioning System EB-50GU-A; Air Conditioning System EB-50GU-J; Air Conditioning System AE-200J; Air Conditioning System AE-200A; Air Conditioning System AE-200E; Air Conditioning System AE-50J; Air Conditioning System AE-50A; Air Conditioning System AE-50E; Air Conditioning System EW-50J; Air Conditioning System EW-50A; Air Conditioning System EW-50E; Air Conditioning System TE-200A; Air Conditioning System TE-50A; Air Conditioning System TW-50A
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2023-49259
Matching Score-4
Assigner-CERT.PL
ShareView Details
Matching Score-4
Assigner-CERT.PL
CVSS Score-7.5||HIGH
EPSS-0.04% / 13.03%
||
7 Day CHG~0.00%
Published-12 Jan, 2024 | 14:25
Updated-20 Jun, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Bruteforcing authentication cookie for a given user

The authentication cookies are generated using an algorithm based on the username, hardcoded secret and the up-time, and can be guessed in a reasonable time.

Action-Not Available
Vendor-hongdianHongdian
Product-h8951-4g-esph8951-4g-esp_firmwareH8951-4G-ESP
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CWE ID-CWE-341
Predictable from Observable State
CVE-2023-51838
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.05% / 13.74%
||
7 Day CHG~0.00%
Published-02 Feb, 2024 | 00:00
Updated-16 Jun, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Ylianst MeshCentral 1.1.16 suffers from Use of a Broken or Risky Cryptographic Algorithm.

Action-Not Available
Vendor-meshcentraln/a
Product-meshcentraln/a
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2023-50939
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.03% / 7.11%
||
7 Day CHG~0.00%
Published-01 Feb, 2024 | 23:53
Updated-02 Aug, 2024 | 22:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM PowerSC information Disclosure

IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 275129.

Action-Not Available
Vendor-IBM Corporation
Product-powerscPowerSCpowersc
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2020-4613
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 30.35%
||
7 Day CHG~0.00%
Published-22 Sep, 2020 | 13:55
Updated-16 Sep, 2024 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 184925.

Action-Not Available
Vendor-IBM Corporation
Product-data_risk_managerData Risk Manager
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2020-4379
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 30.35%
||
7 Day CHG~0.00%
Published-27 May, 2020 | 13:15
Updated-16 Sep, 2024 | 22:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 179158.

Action-Not Available
Vendor-IBM Corporation
Product-spectrum_scaleSpectrum Scale
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2020-4254
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 30.35%
||
7 Day CHG~0.00%
Published-16 Oct, 2020 | 16:40
Updated-17 Sep, 2024 | 04:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium Big Data Intelligence 1.0 (SonarG) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 175560.

Action-Not Available
Vendor-IBM Corporation
Product-security_guardium_big_data_intelligenceSecurity Guardium Big Data Intelligence
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2020-4596
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 30.35%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 18:10
Updated-17 Sep, 2024 | 02:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 184812.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-security_guardium_insightslinux_kernelSecurity Guardium Insights
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2020-4174
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 30.35%
||
7 Day CHG~0.00%
Published-27 Aug, 2020 | 12:40
Updated-17 Sep, 2024 | 04:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium Insights 2.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 174683.

Action-Not Available
Vendor-IBM Corporation
Product-security_guardium_insightsSecurity Guardium Insights
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2020-4349
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 30.35%
||
7 Day CHG~0.00%
Published-27 May, 2020 | 13:15
Updated-16 Sep, 2024 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 178423.

Action-Not Available
Vendor-IBM Corporation
Product-spectrum_scaleSpectrum Scale
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2020-4874
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.04% / 10.25%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 16:47
Updated-07 Jan, 2025 | 18:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Cognos Controller information disclosure

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 190837.

Action-Not Available
Vendor-IBM Corporation
Product-cognos_controllerCognos Controller
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2020-4452
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 30.35%
||
7 Day CHG~0.00%
Published-29 Jun, 2020 | 13:30
Updated-16 Sep, 2024 | 16:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM API Connect V2018.4.1.0 through 2018.4.1.11 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 181324.

Action-Not Available
Vendor-IBM Corporation
Product-api_connectAPI Connect
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2020-4898
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 30.35%
||
7 Day CHG~0.00%
Published-07 Jan, 2021 | 17:40
Updated-16 Sep, 2024 | 17:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Emptoris Strategic Supply Management 10.1.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 190989.

Action-Not Available
Vendor-IBM Corporation
Product-emptoris_strategic_supply_managementEmptoris Strategic Supply Management
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2022-22559
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.15% / 36.26%
||
7 Day CHG~0.00%
Published-12 Apr, 2022 | 17:50
Updated-16 Sep, 2024 | 16:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, version 9.3.0, contains a use of a broken or risky cryptographic algorithm. An unprivileged network attacker could exploit this vulnerability, leading to the potential for information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found