Common Weakness Enumeration

CWE-1188

Allowed

Initialization of a Resource with an Insecure Default

Abstraction: Base · Status: Incomplete

The product initializes or sets a resource with a default that is intended to be changed by the product's installer, administrator, or maintainer, but the default is not secure.

402 vulnerabilities reference this CWE, most recent first.

GHSA-76FV-M4GP-Q47J

Vulnerability from github – Published: 2025-03-25 06:30 – Updated: 2025-03-25 18:30
VLAI
Details

Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted certificates for arbitrary hostnames unless the TLS client application calls mbedtls_ssl_set_hostname.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-27809"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1188"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-25T06:15:41Z",
    "severity": "MODERATE"
  },
  "details": "Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted certificates for arbitrary hostnames unless the TLS client application calls mbedtls_ssl_set_hostname.",
  "id": "GHSA-76fv-m4gp-q47j",
  "modified": "2025-03-25T18:30:54Z",
  "published": "2025-03-25T06:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27809"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Mbed-TLS/mbedtls/issues/466"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Mbed-TLS/mbedtls/releases"
    },
    {
      "type": "WEB",
      "url": "https://mastodon.social/@bagder/114219540623402700"
    },
    {
      "type": "WEB",
      "url": "https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-76H5-VM7X-9F4C

Vulnerability from github – Published: 2026-03-31 18:31 – Updated: 2026-03-31 18:31
VLAI
Details

NVIDIA Jetson for JetPack contains a vulnerability in the system initialization logic, where an unprivileged attacker could cause the initialization of a resource with an insecure default. A successful exploit of this vulnerability might lead to information disclosure of encrypted data, data tampering, and partial denial of service across devices sharing the same machine ID.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-24148"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1188"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-31T17:16:29Z",
    "severity": "HIGH"
  },
  "details": "NVIDIA Jetson for JetPack contains a vulnerability in the system initialization logic, where an unprivileged attacker could cause the initialization of a resource with an insecure default. A successful exploit of this vulnerability might lead to information disclosure of encrypted data, data tampering, and partial denial of service across devices sharing the same machine ID.",
  "id": "GHSA-76h5-vm7x-9f4c",
  "modified": "2026-03-31T18:31:31Z",
  "published": "2026-03-31T18:31:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24148"
    },
    {
      "type": "WEB",
      "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5797"
    },
    {
      "type": "WEB",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-24148"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7754-V5C4-C9PG

Vulnerability from github – Published: 2022-05-24 17:20 – Updated: 2022-05-24 17:20
VLAI
Details

Lansweeper 6.0.x through 7.2.x has a default installation in which the admin password is configured for the admin account, unless "Built-in admin" is manually unchecked. This allows command execution via the Add New Package and Scheduled Deployments features.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-14011"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1188",
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-06-15T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "Lansweeper 6.0.x through 7.2.x has a default installation in which the admin password is configured for the admin account, unless \"Built-in admin\" is manually unchecked. This allows command execution via the Add New Package and Scheduled Deployments features.",
  "id": "GHSA-7754-v5c4-c9pg",
  "modified": "2022-05-24T17:20:30Z",
  "published": "2022-05-24T17:20:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14011"
    },
    {
      "type": "WEB",
      "url": "https://pastebin.com/EUkMx94X"
    },
    {
      "type": "WEB",
      "url": "https://www.lansweeper.com/knowledgebase/restricting-access-to-the-web-console"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/158205/Lansweeper-7.2-Default-Account-Remote-Code-Execution.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-778M-X6M8-V6H8

Vulnerability from github – Published: 2025-12-12 06:31 – Updated: 2025-12-12 06:31
VLAI
Details

In GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to ver5.7.1, "External page display restriction" is set to "Do not limit" in the initial configuration. With this configuration, the user may be redirected to an arbitrary website when accessing a specially crafted URL.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-64781"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1188"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-12T05:16:11Z",
    "severity": "MODERATE"
  },
  "details": "In GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to ver5.7.1, \"External page display restriction\" is set to \"Do not limit\" in the initial configuration. With this configuration, the user may be redirected to an arbitrary website when accessing a specially crafted URL.",
  "id": "GHSA-778m-x6m8-v6h8",
  "modified": "2025-12-12T06:31:14Z",
  "published": "2025-12-12T06:31:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64781"
    },
    {
      "type": "WEB",
      "url": "https://groupsession.jp/info/info-news/security20251208"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN19940619"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-7844-V3MR-C966

Vulnerability from github – Published: 2022-05-24 17:04 – Updated: 2023-02-01 18:30
VLAI
Details

A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3, where enabling RabbitMQ manager by setting it with '-e rabbitmq_enable_manager=true' exposes the RabbitMQ management interface publicly, as expected. If the default admin user is still active, an attacker could guess the password and gain access to the system.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-19340"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1188"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-12-19T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3, where enabling RabbitMQ manager by setting it with \u0027-e rabbitmq_enable_manager=true\u0027 exposes the RabbitMQ management interface publicly, as expected. If the default admin user is still active, an attacker could guess the password and gain access to the system.",
  "id": "GHSA-7844-v3mr-c966",
  "modified": "2023-02-01T18:30:23Z",
  "published": "2022-05-24T17:04:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19340"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19340"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7853-GQQM-VCWX

Vulnerability from github – Published: 2026-04-08 00:16 – Updated: 2026-04-08 00:16
VLAI
Summary
openclaw-claude-bridge: sandbox is not effective - `--allowed-tools ""` does not restrict available tools
Details

Affected

openclaw-claude-bridge v1.1.0

Issue

v1.1.0 spawns the Claude Code CLI subprocess with --allowed-tools "" and the release notes + README claim this "disables all CLI tools" for sandboxing. This claim is incorrect.

Per the Claude Code CLI documentation, --allowed-tools (alias --allowedTools) is an auto-approve allowlist of tools that execute without permission prompts — NOT a restriction on which tools are available. The correct flag to restrict the available tool set is --tools:

--tools <tools...> Specify the list of available tools from the built-in set. Use "" to disable all tools, "default" to use all tools, or specify tool names (e.g. "Bash,Edit,Read").

Impact

  • All CLI tools (Read/Write/Bash/WebFetch/...) remain nominally available to the spawned subprocess.
  • Actual execution behavior in --print non-interactive mode depends on undocumented CLI defaults (may auto-deny, may error out, may hang).
  • Users who deploy the bridge behind any interface that forwards untrusted prompts (e.g., publicly exposed OpenClaw gateway, automated pipelines with web-fetched context, agents that consume tool results from other systems) may be relying on a sandbox that does not exist.

The README explicitly makes a security claim the code does not uphold, creating a false sense of safety for downstream operators. If the underlying CLI behavior changes in a future version to auto-allow tools in --print mode, prompt-injection attacks could trigger arbitrary Read/Write/Bash operations in the gateway's process context.

Patches

Fixed in v1.1.1 (commit 8a296f5) by switching to --tools "". The environment variable was also renamed from CLAUDE_ALLOWED_TOOLS to CLAUDE_TOOLS to match the flag.

Workarounds

Setting CLAUDE_ALLOWED_TOOLS on v1.1.0 has no mitigating effect. Upgrade to v1.1.1 or manually edit dist/cli-bridge.js to replace --allowed-tools with --tools.

References

  • Fix: https://github.com/SeaL773/openclaw-claude-bridge/commit/8a296f5
  • v1.1.1 notes: https://github.com/SeaL773/openclaw-claude-bridge/releases/tag/v1.1.1
  • Claude Code CLI reference: https://docs.claude.com/en/docs/claude-code/cli-reference

Credit

Found during a second-round code review.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.1.1"
      },
      "package": {
        "ecosystem": "npm",
        "name": "openclaw-claude-bridge"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-39398"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1188",
      "CWE-276"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-08T00:16:09Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "## Affected\n\nopenclaw-claude-bridge v1.1.0\n\n## Issue\n\nv1.1.0 spawns the Claude Code CLI subprocess with `--allowed-tools \"\"` and the release notes + README claim this **\"disables all CLI tools\"** for sandboxing. This claim is incorrect.\n\nPer the Claude Code CLI documentation, `--allowed-tools` (alias `--allowedTools`) is an **auto-approve allowlist** of tools that execute without permission prompts \u2014 NOT a restriction on which tools are available. The correct flag to restrict the available tool set is `--tools`:\n\n\u003e `--tools \u003ctools...\u003e`  Specify the list of available tools from the built-in set. **Use `\"\"` to disable all tools**, `\"default\"` to use all tools, or specify tool names (e.g. `\"Bash,Edit,Read\"`).\n\n## Impact\n\n- All CLI tools (Read/Write/Bash/WebFetch/...) remain nominally available to the spawned subprocess.\n- Actual execution behavior in `--print` non-interactive mode depends on undocumented CLI defaults (may auto-deny, may error out, may hang).\n- Users who deploy the bridge behind any interface that forwards untrusted prompts (e.g., publicly exposed OpenClaw gateway, automated pipelines with web-fetched context, agents that consume tool results from other systems) may be relying on a sandbox that does not exist.\n\nThe README explicitly makes a security claim the code does not uphold, creating a false sense of safety for downstream operators. If the underlying CLI behavior changes in a future version to auto-allow tools in `--print` mode, prompt-injection attacks could trigger arbitrary Read/Write/Bash operations in the gateway\u0027s process context.\n\n## Patches\n\nFixed in [v1.1.1](https://github.com/SeaL773/openclaw-claude-bridge/releases/tag/v1.1.1) (commit 8a296f5) by switching to `--tools \"\"`. The environment variable was also renamed from `CLAUDE_ALLOWED_TOOLS` to `CLAUDE_TOOLS` to match the flag.\n\n## Workarounds\n\nSetting `CLAUDE_ALLOWED_TOOLS` on v1.1.0 has no mitigating effect. Upgrade to v1.1.1 or manually edit `dist/cli-bridge.js` to replace `--allowed-tools` with `--tools`.\n\n## References\n\n- Fix: https://github.com/SeaL773/openclaw-claude-bridge/commit/8a296f5\n- v1.1.1 notes: https://github.com/SeaL773/openclaw-claude-bridge/releases/tag/v1.1.1\n- Claude Code CLI reference: https://docs.claude.com/en/docs/claude-code/cli-reference\n\n## Credit\n\nFound during a second-round code review.",
  "id": "GHSA-7853-gqqm-vcwx",
  "modified": "2026-04-08T00:16:09Z",
  "published": "2026-04-08T00:16:09Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/SeaL773/openclaw-claude-bridge/security/advisories/GHSA-7853-gqqm-vcwx"
    },
    {
      "type": "WEB",
      "url": "https://github.com/SeaL773/openclaw-claude-bridge/commit/8a296f5"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/SeaL773/openclaw-claude-bridge"
    },
    {
      "type": "WEB",
      "url": "https://github.com/SeaL773/openclaw-claude-bridge/releases/tag/v1.1.1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "openclaw-claude-bridge: sandbox is not effective - `--allowed-tools \"\"` does not restrict available tools"
}

GHSA-78GV-H544-MG8G

Vulnerability from github – Published: 2022-05-24 16:44 – Updated: 2024-04-04 00:23
VLAI
Details

doorGets 7.0 has a default administrator credential vulnerability. A remote attacker can use this vulnerability to gain administrator privileges for the creation and modification of articles via an H0XZlT44FcN1j9LTdFc5XRXhlF30UaGe1g3cZY6i1K9 access_token in a uri=blog&action=index&controller=blog action to /api/index.php.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-11618"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1188"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-04-30T20:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "doorGets 7.0 has a default administrator credential vulnerability. A remote attacker can use this vulnerability to gain administrator privileges for the creation and modification of articles via an H0XZlT44FcN1j9LTdFc5XRXhlF30UaGe1g3cZY6i1K9 access_token in a uri=blog\u0026action=index\u0026controller=blog action to /api/index.php.",
  "id": "GHSA-78gv-h544-mg8g",
  "modified": "2024-04-04T00:23:10Z",
  "published": "2022-05-24T16:44:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11618"
    },
    {
      "type": "WEB",
      "url": "https://github.com/itodaro/doorGets_cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-794F-5GFQ-XMMQ

Vulnerability from github – Published: 2024-09-03 15:30 – Updated: 2025-11-04 18:31
VLAI
Details

Firefox normally asks for confirmation before asking the operating system to find an application to handle a scheme that the browser does not support. It did not ask before doing so for the Usenet-related schemes news: and snews:. Since most operating systems don't have a trusted newsreader installed by default, an unscrupulous program that the user downloaded could register itself as a handler. The website that served the application download could then launch that application at will This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Firefox ESR < 115.15.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-8383"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1188"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-03T13:15:05Z",
    "severity": "HIGH"
  },
  "details": "Firefox normally asks for confirmation before asking the operating system to find an application to handle a scheme that the browser does not support. It did not ask before doing so for the Usenet-related schemes news: and snews:. Since most operating systems don\u0027t have a trusted newsreader installed by default, an unscrupulous program that the user downloaded could register itself as a handler. The website that served the application download could then launch that application at will This vulnerability affects Firefox \u003c 130, Firefox ESR \u003c 128.2, and Firefox ESR \u003c 115.15.",
  "id": "GHSA-794f-5gfq-xmmq",
  "modified": "2025-11-04T18:31:18Z",
  "published": "2024-09-03T15:30:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8383"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1908496"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00012.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00025.html"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-39"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-40"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-41"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-43"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2024-44"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-794X-8X6X-QPFC

Vulnerability from github – Published: 2025-07-04 21:30 – Updated: 2025-07-07 12:45
VLAI
Summary
Zipkin Server vulnerable to Insecure Resource Initialization through its /heapdump endpoint
Details

Zipkin through 3.5.1 has a /heapdump endpoint (associated with the use of Spring Boot Actuator), a similar issue to CVE-2025-48927.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "io.zipkin:zipkin-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "3.5.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-53602"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1188"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-07-07T12:45:39Z",
    "nvd_published_at": "2025-07-04T21:15:23Z",
    "severity": "MODERATE"
  },
  "details": "Zipkin through 3.5.1 has a /heapdump endpoint (associated with the use of Spring Boot Actuator), a similar issue to CVE-2025-48927.",
  "id": "GHSA-794x-8x6x-qpfc",
  "modified": "2025-07-07T12:45:39Z",
  "published": "2025-07-04T21:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53602"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openzipkin/zipkin/pull/3804"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openzipkin/zipkin/commit/3c7605dfdfab2dd341cf0ea121a56cefcd580d9e"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openzipkin/zipkin"
    },
    {
      "type": "WEB",
      "url": "https://zipkin.io"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Zipkin Server vulnerable to Insecure Resource Initialization through its /heapdump endpoint"
}

GHSA-796C-7JW3-FWPP

Vulnerability from github – Published: 2022-06-25 00:01 – Updated: 2022-06-25 00:01
VLAI
Details

In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2.4.7.57 password protection is not enabled by default and there is no information or prompt to enable password protection at login in case no password is set at the controller.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-31806"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1188"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-06-24T08:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2.4.7.57 password protection is not enabled by default and there is no information or prompt to enable password protection at login in case no password is set at the controller.",
  "id": "GHSA-796c-7jw3-fwpp",
  "modified": "2022-06-25T00:01:01Z",
  "published": "2022-06-25T00:01:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31806"
    },
    {
      "type": "WEB",
      "url": "https://customers.codesys.com/index.php?eID=dumpFile\u0026t=f\u0026f=17140\u0026token=6aa2c5c4a8b83b8b09936fefed5b0b11f9d2cc6c\u0026download="
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

CAPEC-665: Exploitation of Thunderbolt Protection Flaws

An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow.