Common Weakness Enumeration

CWE-1392

Allowed

Use of Default Credentials

Abstraction: Base · Status: Incomplete

The product uses default credentials (such as passwords or cryptographic keys) for potentially critical functionality.

191 vulnerabilities reference this CWE, most recent first.

CVE-2025-1160 (GCVE-0-2025-1160)

Vulnerability from cvelistv5 – Published: 2025-02-10 22:31 – Updated: 2025-02-18 18:10
VLAI
Title
SourceCodester Employee Management System index.php default credentials
Summary
A vulnerability was found in SourceCodester Employee Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php. The manipulation of the argument username/password leads to use of default credentials. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Credits
jmx0hxq (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-1160",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-11T14:53:11.215673Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-18T18:10:11.555Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Employee Management System",
          "vendor": "SourceCodester",
          "versions": [
            {
              "status": "affected",
              "version": "1.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "jmx0hxq (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in SourceCodester Employee Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php. The manipulation of the argument username/password leads to use of default credentials. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
        },
        {
          "lang": "de",
          "value": "Eine kritische Schwachstelle wurde in SourceCodester Employee Management System 1.0 ausgemacht. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei index.php. Dank der Manipulation des Arguments username/password mit unbekannten Daten kann eine use of default credentials-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 7.5,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1392",
              "description": "Use of Default Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-10T22:31:04.690Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-295064 | SourceCodester Employee Management System index.php default credentials",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.295064"
        },
        {
          "name": "VDB-295064 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.295064"
        },
        {
          "name": "Submit #493860 | SourceCodester Employee Management System 1.0 Use of Default Password",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.493860"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://gist.github.com/jmx0hxq/0e9cde14b6e9190a7451cd72d7b23bfd"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.sourcecodester.com/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-02-10T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-02-10T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-02-10T09:09:20.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "SourceCodester Employee Management System index.php default credentials"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-1160",
    "datePublished": "2025-02-10T22:31:04.690Z",
    "dateReserved": "2025-02-10T08:04:17.261Z",
    "dateUpdated": "2025-02-18T18:10:11.555Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-0482 (GCVE-0-2025-0482)

Vulnerability from cvelistv5 – Published: 2025-01-15 19:31 – Updated: 2025-01-15 20:19
VLAI
Title
Fanli2012 native-php-cms user_recoverpwd.php default credentials
Summary
A vulnerability, which was classified as critical, was found in Fanli2012 native-php-cms 1.0. This affects an unknown part of the file /fladmin/user_recoverpwd.php. The manipulation leads to use of default credentials. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Credits
LVZC (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-0482",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-15T20:19:42.766996Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-15T20:19:48.835Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/Fanli2012/native-php-cms/issues/4#issue-2769866348"
          },
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/Fanli2012/native-php-cms/issues/4"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "native-php-cms",
          "vendor": "Fanli2012",
          "versions": [
            {
              "status": "affected",
              "version": "1.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "LVZC (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability, which was classified as critical, was found in Fanli2012 native-php-cms 1.0. This affects an unknown part of the file /fladmin/user_recoverpwd.php. The manipulation leads to use of default credentials. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
        },
        {
          "lang": "de",
          "value": "Es wurde eine kritische Schwachstelle in Fanli2012 native-php-cms 1.0 gefunden. Es geht dabei um eine nicht klar definierte Funktion der Datei /fladmin/user_recoverpwd.php. Durch das Beeinflussen mit unbekannten Daten kann eine use of default credentials-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 7.5,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1392",
              "description": "Use of Default Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-15T19:31:04.741Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-291927 | Fanli2012 native-php-cms user_recoverpwd.php default credentials",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/?id.291927"
        },
        {
          "name": "VDB-291927 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.291927"
        },
        {
          "name": "Submit #475237 | Fanli2012 native-php-cms 1.0 logic vulnerability",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.475237"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/Fanli2012/native-php-cms/issues/4"
        },
        {
          "tags": [
            "exploit",
            "issue-tracking"
          ],
          "url": "https://github.com/Fanli2012/native-php-cms/issues/4#issue-2769866348"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-01-15T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-01-15T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-01-15T13:49:50.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Fanli2012 native-php-cms user_recoverpwd.php default credentials"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-0482",
    "datePublished": "2025-01-15T19:31:04.741Z",
    "dateReserved": "2025-01-15T12:43:31.701Z",
    "dateUpdated": "2025-01-15T20:19:48.835Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-54015 (GCVE-0-2024-54015)

Vulnerability from cvelistv5 – Published: 2025-02-11 10:28 – Updated: 2025-08-12 11:16
VLAI
Summary
A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.90), SIPROTEC 5 6MD85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 6MD86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 6MD89 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 6MD89 (CP300) V9.6x (All versions < V9.68), SIPROTEC 5 6MU85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7KE85 (CP300) (All versions >= V8.80 < V10.0), SIPROTEC 5 7SA82 (CP150) (All versions < V9.90), SIPROTEC 5 7SA86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SA87 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SD82 (CP150) (All versions < V9.90), SIPROTEC 5 7SD86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SD87 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.90), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.90), SIPROTEC 5 7SJ85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SJ86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SK82 (CP150) (All versions < V9.90), SIPROTEC 5 7SK85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SL82 (CP150) (All versions < V9.90), SIPROTEC 5 7SL86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SL87 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SS85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7ST85 (CP300) (All versions >= V8.80 < V10.0), SIPROTEC 5 7ST85 (CP300) V9.6x (All versions < V9.68), SIPROTEC 5 7ST86 (CP300) (All versions < V10.0), SIPROTEC 5 7ST86 (CP300) V9.8x (All versions < V9.83), SIPROTEC 5 7SX82 (CP150) (All versions < V9.90), SIPROTEC 5 7SX85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SY82 (CP150) (All versions < V9.90), SIPROTEC 5 7UM85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7UT82 (CP150) (All versions < V9.90), SIPROTEC 5 7UT85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7UT86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7UT87 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7VE85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7VK87 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7VU85 (CP300) (All versions < V9.90), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.2) (All versions < V9.90), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.2) V9.6 (All versions < V9.68), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.2) V9.8 (All versions < V9.83), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 2) (All versions < V9.90), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 2) V9.6 (All versions < V9.68), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 2) V9.8 (All versions < V9.83), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions >= V8.80 < V9.90), SIPROTEC 5 Communication Module ETH-BD-2FO V9.6 (All versions < V9.68), SIPROTEC 5 Communication Module ETH-BD-2FO V9.8 (All versions < V9.83), SIPROTEC 5 Compact 7SX800 (CP050) (All versions >= V9.50 < V9.90). Affected devices do not properly validate SNMP GET requests. This could allow an unauthenticated, remote attacker to retrieve sensitive information of the affected devices with SNMPv2 GET requests using default credentials.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Siemens SIPROTEC 5 6MD84 (CP300) Affected: 0 , < V9.90 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 6MD85 (CP300) Affected: V8.80 , < V9.90 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 6MD86 (CP300) Affected: V8.80 , < V9.90 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 6MD89 (CP300) Affected: V8.80 , < V9.90 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 6MD89 (CP300) V9.6x Affected: 0 , < V9.68 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 6MU85 (CP300) Affected: V8.80 , < V9.90 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7KE85 (CP300) Affected: V8.80 , < V10.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SA82 (CP150) Affected: 0 , < V9.90 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SA86 (CP300) Affected: V8.80 , < V9.90 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SA87 (CP300) Affected: V8.80 , < V9.90 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SD82 (CP150) Affected: 0 , < V9.90 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SD86 (CP300) Affected: V8.80 , < V9.90 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SD87 (CP300) Affected: V8.80 , < V9.90 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SJ81 (CP150) Affected: 0 , < V9.90 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SJ82 (CP150) Affected: 0 , < V9.90 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SJ85 (CP300) Affected: V8.80 , < V9.90 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SJ86 (CP300) Affected: V8.80 , < V9.90 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SK82 (CP150) Affected: 0 , < V9.90 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SK85 (CP300) Affected: V8.80 , < V9.90 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SL82 (CP150) Affected: 0 , < V9.90 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SL86 (CP300) Affected: V8.80 , < V9.90 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SL87 (CP300) Affected: V8.80 , < V9.90 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SS85 (CP300) Affected: V8.80 , < V9.90 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7ST85 (CP300) Affected: V8.80 , < V10.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7ST85 (CP300) V9.6x Affected: 0 , < V9.68 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7ST86 (CP300) Affected: 0 , < V10.0 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7ST86 (CP300) V9.8x Affected: 0 , < V9.83 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SX82 (CP150) Affected: 0 , < V9.90 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SX85 (CP300) Affected: V8.80 , < V9.90 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7SY82 (CP150) Affected: 0 , < V9.90 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7UM85 (CP300) Affected: V8.80 , < V9.90 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7UT82 (CP150) Affected: 0 , < V9.90 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7UT85 (CP300) Affected: V8.80 , < V9.90 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7UT86 (CP300) Affected: V8.80 , < V9.90 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7UT87 (CP300) Affected: V8.80 , < V9.90 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7VE85 (CP300) Affected: V8.80 , < V9.90 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7VK87 (CP300) Affected: V8.80 , < V9.90 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 7VU85 (CP300) Affected: 0 , < V9.90 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.2) Affected: 0 , < V9.90 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.2) V9.6 Affected: 0 , < V9.68 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.2) V9.8 Affected: 0 , < V9.83 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 2) Affected: 0 , < V9.90 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 2) V9.6 Affected: 0 , < V9.68 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 2) V9.8 Affected: 0 , < V9.83 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 Communication Module ETH-BD-2FO Affected: V8.80 , < V9.90 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 Communication Module ETH-BD-2FO V9.6 Affected: 0 , < V9.68 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 Communication Module ETH-BD-2FO V9.8 Affected: 0 , < V9.83 (custom)
Create a notification for this product.
Siemens SIPROTEC 5 Compact 7SX800 (CP050) Affected: V9.50 , < V9.90 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-54015",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-11T14:31:44.397617Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-11T14:32:02.503Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 6MD84 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.90",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 6MD85 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.90",
              "status": "affected",
              "version": "V8.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 6MD86 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.90",
              "status": "affected",
              "version": "V8.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 6MD89 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.90",
              "status": "affected",
              "version": "V8.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 6MD89 (CP300) V9.6x",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.68",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 6MU85 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.90",
              "status": "affected",
              "version": "V8.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7KE85 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V10.0",
              "status": "affected",
              "version": "V8.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SA82 (CP150)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.90",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SA86 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.90",
              "status": "affected",
              "version": "V8.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SA87 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.90",
              "status": "affected",
              "version": "V8.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SD82 (CP150)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.90",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SD86 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.90",
              "status": "affected",
              "version": "V8.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SD87 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.90",
              "status": "affected",
              "version": "V8.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SJ81 (CP150)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.90",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SJ82 (CP150)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.90",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SJ85 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.90",
              "status": "affected",
              "version": "V8.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SJ86 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.90",
              "status": "affected",
              "version": "V8.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SK82 (CP150)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.90",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SK85 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.90",
              "status": "affected",
              "version": "V8.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SL82 (CP150)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.90",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SL86 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.90",
              "status": "affected",
              "version": "V8.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SL87 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.90",
              "status": "affected",
              "version": "V8.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SS85 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.90",
              "status": "affected",
              "version": "V8.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7ST85 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V10.0",
              "status": "affected",
              "version": "V8.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7ST85 (CP300) V9.6x",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.68",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7ST86 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V10.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7ST86 (CP300) V9.8x",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.83",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SX82 (CP150)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.90",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SX85 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.90",
              "status": "affected",
              "version": "V8.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SY82 (CP150)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.90",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7UM85 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.90",
              "status": "affected",
              "version": "V8.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7UT82 (CP150)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.90",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7UT85 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.90",
              "status": "affected",
              "version": "V8.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7UT86 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.90",
              "status": "affected",
              "version": "V8.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7UT87 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.90",
              "status": "affected",
              "version": "V8.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7VE85 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.90",
              "status": "affected",
              "version": "V8.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7VK87 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.90",
              "status": "affected",
              "version": "V8.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7VU85 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.90",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.2)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.90",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.2) V9.6",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.68",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.2) V9.8",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.83",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 2)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.90",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 2) V9.6",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.68",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 2) V9.8",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.83",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 Communication Module ETH-BD-2FO",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.90",
              "status": "affected",
              "version": "V8.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 Communication Module ETH-BD-2FO V9.6",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.68",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 Communication Module ETH-BD-2FO V9.8",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.83",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 Compact 7SX800 (CP050)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.90",
              "status": "affected",
              "version": "V9.50",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions \u003c V9.90), SIPROTEC 5 6MD85 (CP300) (All versions \u003e= V8.80 \u003c V9.90), SIPROTEC 5 6MD86 (CP300) (All versions \u003e= V8.80 \u003c V9.90), SIPROTEC 5 6MD89 (CP300) (All versions \u003e= V8.80 \u003c V9.90), SIPROTEC 5 6MD89 (CP300) V9.6x (All versions \u003c V9.68), SIPROTEC 5 6MU85 (CP300) (All versions \u003e= V8.80 \u003c V9.90), SIPROTEC 5 7KE85 (CP300) (All versions \u003e= V8.80 \u003c V10.0), SIPROTEC 5 7SA82 (CP150) (All versions \u003c V9.90), SIPROTEC 5 7SA86 (CP300) (All versions \u003e= V8.80 \u003c V9.90), SIPROTEC 5 7SA87 (CP300) (All versions \u003e= V8.80 \u003c V9.90), SIPROTEC 5 7SD82 (CP150) (All versions \u003c V9.90), SIPROTEC 5 7SD86 (CP300) (All versions \u003e= V8.80 \u003c V9.90), SIPROTEC 5 7SD87 (CP300) (All versions \u003e= V8.80 \u003c V9.90), SIPROTEC 5 7SJ81 (CP150) (All versions \u003c V9.90), SIPROTEC 5 7SJ82 (CP150) (All versions \u003c V9.90), SIPROTEC 5 7SJ85 (CP300) (All versions \u003e= V8.80 \u003c V9.90), SIPROTEC 5 7SJ86 (CP300) (All versions \u003e= V8.80 \u003c V9.90), SIPROTEC 5 7SK82 (CP150) (All versions \u003c V9.90), SIPROTEC 5 7SK85 (CP300) (All versions \u003e= V8.80 \u003c V9.90), SIPROTEC 5 7SL82 (CP150) (All versions \u003c V9.90), SIPROTEC 5 7SL86 (CP300) (All versions \u003e= V8.80 \u003c V9.90), SIPROTEC 5 7SL87 (CP300) (All versions \u003e= V8.80 \u003c V9.90), SIPROTEC 5 7SS85 (CP300) (All versions \u003e= V8.80 \u003c V9.90), SIPROTEC 5 7ST85 (CP300) (All versions \u003e= V8.80 \u003c V10.0), SIPROTEC 5 7ST85 (CP300) V9.6x (All versions \u003c V9.68), SIPROTEC 5 7ST86 (CP300) (All versions \u003c V10.0), SIPROTEC 5 7ST86 (CP300) V9.8x (All versions \u003c V9.83), SIPROTEC 5 7SX82 (CP150) (All versions \u003c V9.90), SIPROTEC 5 7SX85 (CP300) (All versions \u003e= V8.80 \u003c V9.90), SIPROTEC 5 7SY82 (CP150) (All versions \u003c V9.90), SIPROTEC 5 7UM85 (CP300) (All versions \u003e= V8.80 \u003c V9.90), SIPROTEC 5 7UT82 (CP150) (All versions \u003c V9.90), SIPROTEC 5 7UT85 (CP300) (All versions \u003e= V8.80 \u003c V9.90), SIPROTEC 5 7UT86 (CP300) (All versions \u003e= V8.80 \u003c V9.90), SIPROTEC 5 7UT87 (CP300) (All versions \u003e= V8.80 \u003c V9.90), SIPROTEC 5 7VE85 (CP300) (All versions \u003e= V8.80 \u003c V9.90), SIPROTEC 5 7VK87 (CP300) (All versions \u003e= V8.80 \u003c V9.90), SIPROTEC 5 7VU85 (CP300) (All versions \u003c V9.90), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.2) (All versions \u003c V9.90), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.2) V9.6 (All versions \u003c V9.68), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.2) V9.8 (All versions \u003c V9.83), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 2) (All versions \u003c V9.90), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 2) V9.6 (All versions \u003c V9.68), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 2) V9.8 (All versions \u003c V9.83), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions \u003e= V8.80 \u003c V9.90), SIPROTEC 5 Communication Module ETH-BD-2FO V9.6 (All versions \u003c V9.68), SIPROTEC 5 Communication Module ETH-BD-2FO V9.8 (All versions \u003c V9.83), SIPROTEC 5 Compact 7SX800 (CP050) (All versions \u003e= V9.50 \u003c V9.90). Affected devices do not properly validate SNMP GET requests. This could allow an unauthenticated, remote attacker to retrieve sensitive information of the affected devices with SNMPv2 GET requests using default credentials."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        {
          "cvssV4_0": {
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1392",
              "description": "CWE-1392: Use of Default Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-12T11:16:51.928Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-767615.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2024-54015",
    "datePublished": "2025-02-11T10:28:58.684Z",
    "dateReserved": "2024-11-27T09:14:02.059Z",
    "dateUpdated": "2025-08-12T11:16:51.928Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-46899 (GCVE-0-2024-46899)

Vulnerability from cvelistv5 – Published: 2025-04-22 04:12 – Updated: 2025-04-22 13:24
VLAI
Title
Authentication credentials leakage vulnerability in Hitachi Ops Center Common Services within Hitachi Ops Center Analyzer viewpoint OVF
Summary
Hitachi Ops Center Common Services within Hitachi Ops Center Analyzer viewpoint OVF contains an authentication credentials leakage vulnerability.This issue affects Hitachi Ops Center Common Services: from 10.0.0-00 before 11.0.0-04; Hitachi Ops Center Analyzer viewpoint OVF: from 10.0.0-00 before 11.0.0-04.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-46899",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-22T13:24:11.598018Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-22T13:24:20.750Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux"
          ],
          "product": "Hitachi Ops Center Common Services",
          "vendor": "Hitachi",
          "versions": [
            {
              "changes": [
                {
                  "at": "11.0.0-04",
                  "status": "unaffected"
                }
              ],
              "lessThan": "11.0.0-04",
              "status": "affected",
              "version": "10.0.0-00",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux"
          ],
          "product": "Hitachi Ops Center Analyzer viewpoint OVF",
          "vendor": "Hitachi",
          "versions": [
            {
              "changes": [
                {
                  "at": "11.0.4-00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "11.0.0-04",
              "status": "affected",
              "version": "10.0.0-00",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Hitachi Ops Center Common Services within Hitachi Ops Center Analyzer viewpoint OVF contains an authentication credentials leakage vulnerability.\u003cp\u003eThis issue affects Hitachi Ops Center Common Services: from 10.0.0-00 before 11.0.0-04; Hitachi Ops Center Analyzer viewpoint OVF: from 10.0.0-00 before 11.0.0-04.\u003c/p\u003e"
            }
          ],
          "value": "Hitachi Ops Center Common Services within Hitachi Ops Center Analyzer viewpoint OVF contains an authentication credentials leakage vulnerability.This issue affects Hitachi Ops Center Common Services: from 10.0.0-00 before 11.0.0-04; Hitachi Ops Center Analyzer viewpoint OVF: from 10.0.0-00 before 11.0.0-04."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-114",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-114 Authentication Abuse"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1392",
              "description": "CWE-1392 Use of Default Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-22T04:12:56.387Z",
        "orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
        "shortName": "Hitachi"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2025-111/index.html"
        }
      ],
      "source": {
        "advisory": "hitachi-sec-2025-111",
        "discovery": "UNKNOWN"
      },
      "title": "Authentication credentials leakage vulnerability in Hitachi Ops Center Common Services within Hitachi Ops Center Analyzer viewpoint OVF",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
    "assignerShortName": "Hitachi",
    "cveId": "CVE-2024-46899",
    "datePublished": "2025-04-22T04:12:56.387Z",
    "dateReserved": "2024-10-22T04:20:15.324Z",
    "dateUpdated": "2025-04-22T13:24:20.750Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-45068 (GCVE-0-2024-45068)

Vulnerability from cvelistv5 – Published: 2024-12-03 02:32 – Updated: 2024-12-03 15:54
VLAI
Title
Authentication credentials leakage vulnerability in Hitachi Ops Center Common Services within Hitachi Ops Center OVA
Summary
Authentication credentials leakage vulnerability in Hitachi Ops Center Common Services within Hitachi Ops Center OVA. This issue affects Hitachi Ops Center Common Services: from 10.9.3-00 before 11.0.3-00; Hitachi Ops Center OVA: from 10.9.3-00 before 11.0.2-01.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
Hitachi Hitachi Ops Center Common Services Affected: 10.9.3-00 , < 11.0.3-00 (custom)
Create a notification for this product.
Hitachi Hitachi Ops Center OVA Affected: 10.9.3-00 , < 11.0.2-01 (custom)
Create a notification for this product.
hitachi ops_center_ova Affected: 10.9.3-00 , < 11.0.2-01 (custom)
    cpe:2.3:a:hitachi:ops_center_ova:*:*:*:*:*:*:*:*
Create a notification for this product.
hitachi ops_center_common_services Affected: 10.9.3-00 , < 11.0.3-00 (custom)
    cpe:2.3:a:hitachi:ops_center_common_services:-:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:hitachi:ops_center_ova:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ops_center_ova",
            "vendor": "hitachi",
            "versions": [
              {
                "lessThan": "11.0.2-01",
                "status": "affected",
                "version": "10.9.3-00",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:hitachi:ops_center_common_services:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ops_center_common_services",
            "vendor": "hitachi",
            "versions": [
              {
                "lessThan": "11.0.3-00",
                "status": "affected",
                "version": "10.9.3-00",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45068",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-03T14:30:59.837741Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-03T15:54:53.646Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux"
          ],
          "product": "Hitachi Ops Center Common Services",
          "vendor": "Hitachi",
          "versions": [
            {
              "changes": [
                {
                  "at": "11.0.3-00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "11.0.3-00",
              "status": "affected",
              "version": "10.9.3-00",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux"
          ],
          "product": "Hitachi Ops Center OVA",
          "vendor": "Hitachi",
          "versions": [
            {
              "changes": [
                {
                  "at": "11.0.2-01",
                  "status": "unaffected"
                }
              ],
              "lessThan": "11.0.2-01",
              "status": "affected",
              "version": "10.9.3-00",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAuthentication credentials leakage vulnerability in Hitachi Ops Center Common Services within Hitachi Ops Center OVA.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Hitachi Ops Center Common Services: from 10.9.3-00 before 11.0.3-00; Hitachi Ops Center OVA: from 10.9.3-00 before 11.0.2-01.\u003c/p\u003e"
            }
          ],
          "value": "Authentication credentials leakage vulnerability in Hitachi Ops Center Common Services within Hitachi Ops Center OVA.\n\n\nThis issue affects Hitachi Ops Center Common Services: from 10.9.3-00 before 11.0.3-00; Hitachi Ops Center OVA: from 10.9.3-00 before 11.0.2-01."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-114",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-114 Authentication Abuse"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1392",
              "description": "CWE-1392 Use of Default Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-03T02:32:03.225Z",
        "orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
        "shortName": "Hitachi"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-149/index.html"
        }
      ],
      "source": {
        "advisory": "hitachi-sec-2024-149",
        "discovery": "UNKNOWN"
      },
      "title": "Authentication credentials leakage vulnerability in Hitachi Ops Center Common Services within Hitachi Ops Center OVA",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
    "assignerShortName": "Hitachi",
    "cveId": "CVE-2024-45068",
    "datePublished": "2024-12-03T02:32:03.225Z",
    "dateReserved": "2024-10-22T04:20:15.307Z",
    "dateUpdated": "2024-12-03T15:54:53.646Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-39747 (GCVE-0-2024-39747)

Vulnerability from cvelistv5 – Published: 2024-08-31 01:01 – Updated: 2024-09-01 21:30
VLAI
Title
IBM Sterling Connect:Direct Web Services information disclosure
Summary
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses default credentials for potentially critical functionality.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
ibm
Impacted products
Vendor Product Version
IBM Sterling Connect:Direct Web Services Affected: 6.0, 6.1, 6.2, 6.3
    cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.0.0.0:*:*:*:*:windows:*:*
    cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.1.0.0:*:*:*:*:windows:*:*
    cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.2.0.0:*:*:*:*:windows:*:*
    cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.3.0.0:*:*:*:*:windows:*:*
    cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.0.0.0:*:*:*:*:unix:*:*
    cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.1.0.0:*:*:*:*:unix:*:*
    cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.2.0.0:*:*:*:*:unix:*:*
    cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.3.0.0:*:*:*:*:unix:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39747",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-01T21:29:57.324770Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-01T21:30:21.072Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.0.0.0:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.1.0.0:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.2.0.0:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.3.0.0:*:*:*:*:windows:*:*",
            "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.0.0.0:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.1.0.0:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.2.0.0:*:*:*:*:unix:*:*",
            "cpe:2.3:a:ibm:sterling_connect_direct_web_services:6.3.0.0:*:*:*:*:unix:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Sterling Connect:Direct Web Services",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0, 6.1, 6.2, 6.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses default credentials for potentially critical functionality."
            }
          ],
          "value": "IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses default credentials for potentially critical functionality."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1392",
              "description": "CWE-1392: Use of Default Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-31T01:01:03.974Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7166947"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/297314"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Sterling Connect:Direct Web Services information disclosure",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2024-39747",
    "datePublished": "2024-08-31T01:01:03.974Z",
    "dateReserved": "2024-06-28T09:34:46.057Z",
    "dateUpdated": "2024-09-01T21:30:21.072Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-39584 (GCVE-0-2024-39584)

Vulnerability from cvelistv5 – Published: 2024-08-28 05:46 – Updated: 2024-08-28 14:15
VLAI
Summary
Dell Client Platform BIOS contains a Use of Default Cryptographic Key Vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Secure Boot bypass and arbitrary code execution.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
Dell Dell Client Platform BIOS Affected: N/A , < 1.29.0 (semver)
Affected: N/A , < 1.15.0 (semver)
Affected: N/A , < 1.21.0 (semver)
Affected: N/A , < 1.24.0 (semver)
Create a notification for this product.
dell alienware_m17_r3_firmware Affected: 0 , < 1.29.0 (semver)
    cpe:2.3:o:dell:alienware_area_51m_r2_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:alienware_m15_r3_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:dell:alienware_m17_r3_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
dell alienware_aurora_r15_amd_firmware Affected: 0 , < 1.15.0 (semver)
    cpe:2.3:o:dell:alienware_aurora_r15_amd_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
dell alienware_x14_firmware Affected: 0 , < 1.21.0 (semver)
    cpe:2.3:o:dell:alienware_x14_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
dell alienware_x15_r1_firmware Affected: 0 , < 1.24.0 (semver)
    cpe:2.3:o:dell:alienware_x17_r1_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:dell:alienware_x15_r1_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-08-27 06:30
Credits
CVE-2024-39584: Dell Technologies would like to thank BINARLY REsearch team for reporting this issue.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:dell:alienware_area_51m_r2_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:alienware_m15_r3_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:alienware_m17_r3_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "alienware_m17_r3_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.29.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:alienware_aurora_r15_amd_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "alienware_aurora_r15_amd_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.15.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:alienware_x14_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "alienware_x14_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.21.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:dell:alienware_x17_r1_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:dell:alienware_x15_r1_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "alienware_x15_r1_firmware",
            "vendor": "dell",
            "versions": [
              {
                "lessThan": "1.24.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39584",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-28T14:02:49.780082Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-28T14:15:01.978Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Dell Client Platform BIOS",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.29.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.15.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.21.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            },
            {
              "lessThan": "1.24.0",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "CVE-2024-39584: Dell Technologies would like to thank BINARLY REsearch team for reporting this issue."
        }
      ],
      "datePublic": "2024-08-27T06:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Dell Client Platform BIOS contains a Use of Default Cryptographic Key Vulnerability.  A high privileged attacker with local access could potentially exploit this vulnerability, leading to Secure Boot bypass and arbitrary code execution."
            }
          ],
          "value": "Dell Client Platform BIOS contains a Use of Default Cryptographic Key Vulnerability.  A high privileged attacker with local access could potentially exploit this vulnerability, leading to Secure Boot bypass and arbitrary code execution."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1392",
              "description": "CWE-1392: Use of Default Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-28T05:46:40.013Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.dell.com/support/kbdoc/en-us/000227594/dsa-2024-354"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2024-39584",
    "datePublished": "2024-08-28T05:46:40.013Z",
    "dateReserved": "2024-06-26T02:16:08.993Z",
    "dateUpdated": "2024-08-28T14:15:01.978Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-31069 (GCVE-0-2024-31069)

Vulnerability from cvelistv5 – Published: 2024-04-12 15:18 – Updated: 2024-08-02 01:46
VLAI
Title
IOSIX IO-1020 Micro ELD Use of Default Credentials
Summary
IO-1020 Micro ELD web server uses a default password for authentication.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
IOSiX IO-1020 Micro ELD Affected: 0 , ≤ 360 (custom)
Create a notification for this product.
Credits
Jake Jepson of Colorado State University reported these vulnerabilities to CISA.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-31069",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-10T20:10:19.735101Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-10T20:10:31.059Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:46:04.573Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-093-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "IO-1020 Micro ELD",
          "vendor": "IOSiX",
          "versions": [
            {
              "lessThanOrEqual": "360",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Jake Jepson of Colorado State University reported these vulnerabilities to CISA."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\nIO-1020 Micro ELD web server uses a default password for authentication.\n\n"
            }
          ],
          "value": "IO-1020 Micro ELD web server uses a default password for authentication.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1392",
              "description": "CWE-1392 ",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-12T15:18:39.220Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-093-01"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\u003cp\u003eIOSIX recommends users update to 360.\u003c/p\u003e\n\u003cp\u003eFor further support, contact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www2.iosix.com/support-2/\"\u003eIOSiX\u003c/a\u003e.\n\n\u003c/p\u003e"
            }
          ],
          "value": "IOSIX recommends users update to 360.\n\nFor further support, contact  IOSiX https://www2.iosix.com/support-2/ .\n\n"
        }
      ],
      "source": {
        "advisory": "ICSA-24-093-01",
        "discovery": "EXTERNAL"
      },
      "title": "IOSIX IO-1020 Micro ELD Use of Default Credentials",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2024-31069",
    "datePublished": "2024-04-12T15:18:39.220Z",
    "dateReserved": "2024-03-28T18:24:04.631Z",
    "dateUpdated": "2024-08-02T01:46:04.573Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-30210 (GCVE-0-2024-30210)

Vulnerability from cvelistv5 – Published: 2024-04-12 15:16 – Updated: 2024-08-02 01:25
VLAI
Title
IOSIX IO-1020 Micro ELD Use of Default Credentials
Summary
IO-1020 Micro ELD uses a default WIFI password that could allow an adjacent attacker to connect to the device.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
IOSiX IO-1020 Micro ELD Affected: 0 , ≤ 360 (custom)
Create a notification for this product.
Credits
Jake Jepson of Colorado State University reported these vulnerabilities to CISA.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-30210",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-26T19:55:51.404174Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-26T19:56:01.581Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:25:03.339Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-093-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "IO-1020 Micro ELD",
          "vendor": "IOSiX",
          "versions": [
            {
              "lessThanOrEqual": "360",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Jake Jepson of Colorado State University reported these vulnerabilities to CISA."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\nIO-1020 Micro ELD uses a default WIFI password that could allow an adjacent attacker to connect to the device.\n\n"
            }
          ],
          "value": "IO-1020 Micro ELD uses a default WIFI password that could allow an adjacent attacker to connect to the device.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1392",
              "description": "CWE-1392 ",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-12T15:16:30.094Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-093-01"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\u003cp\u003eIOSIX recommends users update to 360.\u003c/p\u003e\n\u003cp\u003eFor further support, contact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www2.iosix.com/support-2/\"\u003eIOSiX\u003c/a\u003e.\n\n\u003c/p\u003e"
            }
          ],
          "value": "IOSIX recommends users update to 360.\n\nFor further support, contact  IOSiX https://www2.iosix.com/support-2/ .\n\n"
        }
      ],
      "source": {
        "advisory": "ICSA-24-093-01",
        "discovery": "EXTERNAL"
      },
      "title": "IOSIX IO-1020 Micro ELD Use of Default Credentials",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2024-30210",
    "datePublished": "2024-04-12T15:16:30.094Z",
    "dateReserved": "2024-03-28T18:24:04.620Z",
    "dateUpdated": "2024-08-02T01:25:03.339Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-29844 (GCVE-0-2024-29844)

Vulnerability from cvelistv5 – Published: 2024-04-14 23:48 – Updated: 2024-09-25 22:37
VLAI
Title
Default credentials on web interface of Evolution Controller Versions allows attackers to login and perform administrative functions
Summary
Default credentials on the Web Interface of Evolution Controller 2.x allows anyone to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the password. There is no warning or prompt to ask the user to change the default password.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
CS Technologies Australia Evolution Controller Affected: 2.x
Create a notification for this product.
cs_technologies evolution_controller Affected: 0 , ≤ 2.04.560.31.03.2024 (custom)
    cpe:2.3:a:cs_technologies:evolution_controller:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:cs_technologies:evolution_controller:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "evolution_controller",
            "vendor": "cs_technologies",
            "versions": [
              {
                "lessThanOrEqual": "2.04.560.31.03.2024",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-29844",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-22T17:22:59.657234Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-06T15:50:37.525Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:17:57.988Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://directcyber.com.au/sa/CVE-2024-29836-to-29844-evolution-controller-multiple-vulnerabilities.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Evolution Controller",
          "vendor": "CS Technologies Australia",
          "versions": [
            {
              "status": "affected",
              "version": "2.x"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Default credentials on the Web Interface of Evolution Controller 2.x allows anyone to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the password. There is no warning or prompt to ask the user to change the default password."
            }
          ],
          "value": "Default credentials on the Web Interface of Evolution Controller 2.x allows anyone to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the password. There is no warning or prompt to ask the user to change the default password."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115 Authentication Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1392",
              "description": "CWE-1392 Use of Default Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-25T22:37:13.799Z",
        "orgId": "430a6cef-dc26-47e3-9fa8-52fb7f19644e",
        "shortName": "directcyber"
      },
      "references": [
        {
          "url": "https://directcyber.com.au/sa/CVE-2024-29836-to-29844-evolution-controller-multiple-vulnerabilities.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Default credentials on web interface of Evolution Controller Versions allows attackers to login and perform administrative functions",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "430a6cef-dc26-47e3-9fa8-52fb7f19644e",
    "assignerShortName": "directcyber",
    "cveId": "CVE-2024-29844",
    "datePublished": "2024-04-14T23:48:26.802Z",
    "dateReserved": "2024-03-21T00:52:45.515Z",
    "dateUpdated": "2024-09-25T22:37:13.799Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation
Requirements

Prohibit use of default, hard-coded, or other values that do not vary for each installation of the product - especially for separate organizations.

Mitigation
Architecture and Design

Force the administrator to change the credential upon installation.

Mitigation
Installation Operation

The product administrator could change the defaults upon installation or during operation.

No CAPEC attack patterns related to this CWE.