CWE-1391
Use of Weak Credentials
The product uses weak credentials (such as a default key or hard-coded password) that can be calculated, derived, reused, or guessed by an attacker.
CVE-2022-3010 (GCVE-0-2022-3010)
Vulnerability from cvelistv5
Published
2024-01-02 18:32
Modified
2025-06-04 19:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1391 - Use of Weak Credentials
Summary
The Priva TopControl Suite contains predictable credentials for the SSH service, based on the Serial number. Which makes it possible for an attacker to calculate the login credentials for the Priva TopControll suite.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Priva | TopControl Suite - Bacnet |
Version: All versions prior to 8.7.8.0 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:53:00.594Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://csirt.divd.nl/CVE-2022-3010"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-356-01"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://csirt.divd.nl/DIVD-2022-00035"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3010",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T18:43:54.412823Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-03T14:45:39.804Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "TopControl Suite - Bacnet",
"vendor": "Priva",
"versions": [
{
"lessThan": "8.7.8.0",
"status": "affected",
"version": "All versions prior to 8.7.8.0",
"versionType": "y.x.z.z"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TopControl Suite - Blue ID",
"vendor": "Priva",
"versions": [
{
"lessThan": "8.7.8.0",
"status": "affected",
"version": "All versions prior to 8.7.8.0",
"versionType": "y.x.z"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TopControl Suite - Compass",
"vendor": "Priva",
"versions": [
{
"lessThan": "8.7.8.0",
"status": "affected",
"version": "All versions prior to 8.7.8.0",
"versionType": "y.x.z"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TopControl Suite - Connect",
"vendor": "Priva",
"versions": [
{
"lessThan": "8.7.8.0",
"status": "affected",
"version": "All versions prior to 8.7.8.0",
"versionType": "y.x.z"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TopControl Suite - TPC",
"vendor": "Priva",
"versions": [
{
"lessThan": "8.7.8.0",
"status": "affected",
"version": "All versions prior to 8.7.8.0",
"versionType": "y.x.z"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "A researcher at NorthWave reported this vulnerability to DIVD."
},
{
"lang": "en",
"type": "analyst",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Victor Pasman (DIVD)"
}
],
"datePublic": "2022-12-22T11:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Priva TopControl Suite contains\u0026nbsp;predictable credentials for the SSH service, based on the Serial number. Which makes it possible for an attacker to calculate the login credentials for the Priva TopControll suite."
}
],
"value": "The Priva TopControl Suite contains\u00a0predictable credentials for the SSH service, based on the Serial number. Which makes it possible for an attacker to calculate the login credentials for the Priva TopControll suite."
}
],
"impacts": [
{
"capecId": "CAPEC-560",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-560 Use of Known Domain Credentials"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1391",
"description": "CWE-1391 Use of Weak Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T19:17:57.435Z",
"orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"shortName": "DIVD"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://csirt.divd.nl/CVE-2022-3010"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-356-01"
},
{
"tags": [
"related"
],
"url": "https://csirt.divd.nl/DIVD-2022-00035"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Priva recommends users to contact their \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.priva.com/buildings/solutions/priva-building-operator#section-04\"\u003esupport team\u003c/a\u003e to upgrade to TopControl Suite version 8.7.8.0 or later.\u003cbr\u003eMinimize network exposure for all control system devices and/or systems, ensure that they are not directly accessible from the internet."
}
],
"value": "Priva recommends users to contact their support team https://www.priva.com/buildings/solutions/priva-building-operator#section-04 \u00a0to upgrade to TopControl Suite version 8.7.8.0 or later.\nMinimize network exposure for all control system devices and/or systems, ensure that they are not directly accessible from the internet."
}
],
"source": {
"advisory": "DIVD-2022-00035",
"discovery": "EXTERNAL"
},
"title": "Predictable SSH credentials in Priva TopControl Suite",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"assignerShortName": "DIVD",
"cveId": "CVE-2022-3010",
"datePublished": "2024-01-02T18:32:22.947Z",
"dateReserved": "2022-08-26T14:53:53.087Z",
"dateUpdated": "2025-06-04T19:17:57.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0635 (GCVE-0-2023-0635)
Vulnerability from cvelistv5
Published
2023-06-05 03:42
Modified
2025-01-08 16:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1391 - Use of Weak Credentials
Summary
Improper Privilege Management vulnerability in ABB Ltd. ASPECT®-Enterprise on ASPECT®-Enterprise, Linux (2CQG103201S3021, 2CQG103202S3021, 2CQG103203S3021, 2CQG103204S3021 modules), ABB Ltd. NEXUS Series on NEXUS Series, Linux (2CQG100102R2021, 2CQG100104R2021, 2CQG100105R2021, 2CQG100106R2021, 2CQG100110R2021, 2CQG100112R2021, 2CQG100103R2021, 2CQG100107R2021, 2CQG100108R2021, 2CQG100109R2021, 2CQG100111R2021, 2CQG100113R2021 modules), ABB Ltd. MATRIX Series on MATRIX Series, Linux (2CQG100102R1021, 2CQG100103R1021, 2CQG100104R1021, 2CQG100105R1021, 2CQG100106R1021 modules) allows Privilege Escalation.This issue affects ASPECT®-Enterprise: from 3.0;0 before 3.07.01; NEXUS Series: from 3.0;0 before 3.07.01; MATRIX Series: from 3.0;0 before 3.07.01.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | ABB Ltd. | ASPECT®-Enterprise |
Version: 3.0;0 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:17:50.128Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2CKA000073B5403\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0635",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-08T16:42:41.700285Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-08T16:42:53.322Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"2CQG103201S3021",
"2CQG103202S3021",
"2CQG103203S3021",
"2CQG103204S3021"
],
"platforms": [
"ASPECT\u00ae-Enterprise",
"Linux"
],
"product": "ASPECT\u00ae-Enterprise",
"vendor": "ABB Ltd.",
"versions": [
{
"lessThan": "3.07.01",
"status": "affected",
"version": "3.0;0",
"versionType": "update"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"2CQG100102R2021",
"2CQG100104R2021",
"2CQG100105R2021",
"2CQG100106R2021",
"2CQG100110R2021",
"2CQG100112R2021",
"2CQG100103R2021",
"2CQG100107R2021",
"2CQG100108R2021",
"2CQG100109R2021",
"2CQG100111R2021",
"2CQG100113R2021"
],
"platforms": [
"NEXUS Series",
"Linux"
],
"product": "NEXUS Series",
"vendor": "ABB Ltd.",
"versions": [
{
"lessThan": "3.07.01",
"status": "affected",
"version": "3.0;0",
"versionType": "update"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"2CQG100102R1021",
"2CQG100103R1021",
"2CQG100104R1021",
"2CQG100105R1021",
"2CQG100106R1021"
],
"platforms": [
"MATRIX Series",
"Linux"
],
"product": "MATRIX Series",
"vendor": "ABB Ltd.",
"versions": [
{
"lessThan": "3.07.01",
"status": "affected",
"version": "3.0;0",
"versionType": "update"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "ABB would like to thank Prism Infosec for identifying this vulnerability in its products and for dealing with it in a professional manner."
}
],
"datePublic": "2023-06-01T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Privilege Management vulnerability in ABB Ltd. ASPECT\u00ae-Enterprise on ASPECT\u00ae-Enterprise, Linux (2CQG103201S3021, 2CQG103202S3021, 2CQG103203S3021, 2CQG103204S3021 modules), ABB Ltd. NEXUS Series on NEXUS Series, Linux (2CQG100102R2021, 2CQG100104R2021, 2CQG100105R2021, 2CQG100106R2021, 2CQG100110R2021, 2CQG100112R2021, 2CQG100103R2021, 2CQG100107R2021, 2CQG100108R2021, 2CQG100109R2021, 2CQG100111R2021, 2CQG100113R2021 modules), ABB Ltd. MATRIX Series on MATRIX Series, Linux (2CQG100102R1021, 2CQG100103R1021, 2CQG100104R1021, 2CQG100105R1021, 2CQG100106R1021 modules) allows Privilege Escalation.\u003cp\u003eThis issue affects ASPECT\u00ae-Enterprise: from 3.0;0 before 3.07.01; NEXUS Series: from 3.0;0 before 3.07.01; MATRIX Series: from 3.0;0 before 3.07.01.\u003c/p\u003e"
}
],
"value": "Improper Privilege Management vulnerability in ABB Ltd. ASPECT\u00ae-Enterprise on ASPECT\u00ae-Enterprise, Linux (2CQG103201S3021, 2CQG103202S3021, 2CQG103203S3021, 2CQG103204S3021 modules), ABB Ltd. NEXUS Series on NEXUS Series, Linux (2CQG100102R2021, 2CQG100104R2021, 2CQG100105R2021, 2CQG100106R2021, 2CQG100110R2021, 2CQG100112R2021, 2CQG100103R2021, 2CQG100107R2021, 2CQG100108R2021, 2CQG100109R2021, 2CQG100111R2021, 2CQG100113R2021 modules), ABB Ltd. MATRIX Series on MATRIX Series, Linux (2CQG100102R1021, 2CQG100103R1021, 2CQG100104R1021, 2CQG100105R1021, 2CQG100106R1021 modules) allows Privilege Escalation.This issue affects ASPECT\u00ae-Enterprise: from 3.0;0 before 3.07.01; NEXUS Series: from 3.0;0 before 3.07.01; MATRIX Series: from 3.0;0 before 3.07.01."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1391",
"description": "CWE-1391: Use of Weak Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T14:27:48.422Z",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2CKA000073B5403\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"advisory": "ABBVREP0088",
"discovery": "UNKNOWN"
},
"title": "Privilege escalation to root",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2023-0635",
"datePublished": "2023-06-05T03:42:04.704Z",
"dateReserved": "2023-02-02T07:19:48.321Z",
"dateUpdated": "2025-01-08T16:42:53.322Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31240 (GCVE-0-2023-31240)
Vulnerability from cvelistv5
Published
2023-05-22 19:58
Modified
2025-01-16 21:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1391 - Use of Weak Credentials
Summary
Snap One OvrC Pro versions prior to 7.2 have their own locally running web server accessible both from the local network and remotely. OvrC cloud contains a hidden superuser account accessible through hard-coded credentials.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Snap One | OvrC Cloud |
Version: 0 < 7.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:53:30.145Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-136-01"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.control4.com/docs/product/ovrc-software/release-notes/english/latest/ovrc-software-release-notes-rev-r.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31240",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T20:55:30.406248Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:33:20.754Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OvrC Cloud",
"vendor": "Snap One",
"versions": [
{
"lessThan": "7.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Uri Katz of Claroty reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\n\n\u003c/p\u003e\u003cp\u003e\n\n\u003c/p\u003e\u003cp\u003e\n\n\u003c/p\u003e\u003cp\u003eSnap One OvrC Pro versions prior to 7.2 have their own locally running web server accessible both from the local network and remotely. OvrC cloud contains a hidden superuser account accessible through hard-coded credentials.\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Snap One OvrC Pro versions prior to 7.2 have their own locally running web server accessible both from the local network and remotely. OvrC cloud contains a hidden superuser account accessible through hard-coded credentials."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1391",
"description": "CWE-1391Use of Weak Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-09T17:34:00.669Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-136-01"
},
{
"url": "https://www.control4.com/docs/product/ovrc-software/release-notes/english/latest/ovrc-software-release-notes-rev-r.pdf"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSnap One has released the following updates/fixes for the affected products:\u003c/p\u003e\u003cul\u003e\u003cli\u003eOvrC Pro v7.2 has been automatically pushed out to devices to update via OvrC cloud.\u003c/li\u003e\u003cli\u003eOvrC Pro v7.3 has been automatically pushed out to devices to update via OvrC cloud.\u003c/li\u003e\u003cli\u003eDisable UPnP.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eFor more information, see Snap One\u2019s \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.control4.com/docs/product/ovrc-software/release-notes/english/latest/ovrc-software-release-notes-rev-p.pdf\"\u003eRelease Notes\u003c/a\u003e.\u003c/p\u003e"
}
],
"value": "Snap One has released the following updates/fixes for the affected products:\n\n * OvrC Pro v7.2 has been automatically pushed out to devices to update via OvrC cloud.\n * OvrC Pro v7.3 has been automatically pushed out to devices to update via OvrC cloud.\n * Disable UPnP.\n\n\nFor more information, see Snap One\u2019s Release Notes https://www.control4.com/docs/product/ovrc-software/release-notes/english/latest/ovrc-software-release-notes-rev-p.pdf ."
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-31240",
"datePublished": "2023-05-22T19:58:48.755Z",
"dateReserved": "2023-04-26T19:18:23.304Z",
"dateUpdated": "2025-01-16T21:33:20.754Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3470 (GCVE-0-2023-3470)
Vulnerability from cvelistv5
Published
2023-08-02 15:54
Modified
2024-10-22 12:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1391 - Use of Weak Credentials
Summary
Specific F5 BIG-IP platforms with Cavium Nitrox FIPS HSM cards generate a deterministic password for the Crypto User account. The predictable nature of the password allows an authenticated user with TMSH access to the BIG-IP system, or anyone with physical access to the FIPS HSM, the information required to generate the correct password. On vCMP systems, all Guests share the same deterministic password, allowing those with TMSH access on one Guest to access keys of a different Guest.
The following BIG-IP hardware platforms are affected: 10350v-F, i5820-DF, i7820-DF, i15820-DF, 5250v-F, 7200v-F, 10200v-F, 6900-F, 8900-F, 11000-F, and 11050-F.
The BIG-IP rSeries r5920-DF and r10920-DF are not affected, nor does the issue affect software FIPS implementations or network HSM configurations.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:55:03.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://my.f5.com/manage/s/article/K000135449"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3470",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T20:42:33.121532Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T12:34:45.503Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"All Modules"
],
"product": "BIG-IP",
"vendor": "F5",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "16.0.0",
"versionType": "semver"
},
{
"lessThan": "15.1.1",
"status": "affected",
"version": "15.1.0",
"versionType": "semver"
},
{
"lessThan": "14.1.4",
"status": "affected",
"version": "14.1.0",
"versionType": "semver"
},
{
"lessThan": "13.1.4",
"status": "affected",
"version": "13.1.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "F5"
}
],
"datePublic": "2023-10-18T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eSpecific F5 BIG-IP platforms with Cavium Nitrox FIPS HSM cards generate a deterministic password for the Crypto User account. \u0026nbsp;The predictable nature of the password allows an authenticated user with TMSH access to the BIG-IP system, or anyone with physical access to the FIPS HSM, the information required to generate the correct password. \u0026nbsp;On vCMP systems, all Guests share the same deterministic password, allowing those with TMSH access on one Guest to access keys of a different Guest.\u003c/p\u003e\u003cp\u003eThe following BIG-IP hardware platforms are affected: 10350v-F, i5820-DF, i7820-DF, i15820-DF, 5250v-F, 7200v-F, 10200v-F, 6900-F, 8900-F, 11000-F, and 11050-F.\u003c/p\u003e\u003cp\u003eThe BIG-IP rSeries r5920-DF and r10920-DF are not affected, nor does the issue affect software FIPS implementations or network HSM configurations.\u003c/p\u003e\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\u003cbr\u003e\n\n"
}
],
"value": "\nSpecific F5 BIG-IP platforms with Cavium Nitrox FIPS HSM cards generate a deterministic password for the Crypto User account. \u00a0The predictable nature of the password allows an authenticated user with TMSH access to the BIG-IP system, or anyone with physical access to the FIPS HSM, the information required to generate the correct password. \u00a0On vCMP systems, all Guests share the same deterministic password, allowing those with TMSH access on one Guest to access keys of a different Guest.\n\nThe following BIG-IP hardware platforms are affected: 10350v-F, i5820-DF, i7820-DF, i15820-DF, 5250v-F, 7200v-F, 10200v-F, 6900-F, 8900-F, 11000-F, and 11050-F.\n\nThe BIG-IP rSeries r5920-DF and r10920-DF are not affected, nor does the issue affect software FIPS implementations or network HSM configurations.\n\n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1391",
"description": "CWE-1391 Use of Weak Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-02T15:54:14.218Z",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://my.f5.com/manage/s/article/K000135449"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "BIG-IP FIPS HSM password vulnerability CVE-2023-3470",
"x_generator": {
"engine": "F5 SIRTBot v1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2023-3470",
"datePublished": "2023-08-02T15:54:14.218Z",
"dateReserved": "2023-06-30T00:29:46.174Z",
"dateUpdated": "2024-10-22T12:34:45.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1039 (GCVE-0-2024-1039)
Vulnerability from cvelistv5
Published
2024-02-01 21:38
Modified
2025-08-07 18:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-798 - Use of Hard-coded Credentials
Summary
Gessler GmbH WEB-MASTER has a restoration account that uses weak hard coded credentials and if exploited could allow an attacker control over the web management of the device.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gessler GmbH | WEB-MASTER |
Version: 7.9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:26:30.395Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-032-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1039",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-02T20:20:33.836369Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T15:45:21.273Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WEB-MASTER",
"vendor": "Gessler GmbH",
"versions": [
{
"status": "affected",
"version": "7.9"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Felix Eberstaller and Nino F\u00fcrthauer of Limes Security"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eGessler GmbH WEB-MASTER has a restoration account that uses weak hard coded credentials and if exploited could allow an attacker control over the web management of the device.\u003c/span\u003e"
}
],
"value": "Gessler GmbH WEB-MASTER has a restoration account that uses weak hard coded credentials and if exploited could allow an attacker control over the web management of the device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-07T18:28:32.629Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-032-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eGessler GmbH recommends updating EZ2 to 3.2 or greater and WebMaster to 4.4 or greater to mitigate these vulnerabilities. Updates have to be applied by Gessler GmbH technicians. For more information contact \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.gessler.de/en/contact-us/\"\u003eGessler GmbH\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Gessler GmbH recommends updating EZ2 to 3.2 or greater and WebMaster to 4.4 or greater to mitigate these vulnerabilities. Updates have to be applied by Gessler GmbH technicians. For more information contact Gessler GmbH https://www.gessler.de/en/contact-us/ ."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Use of Hard-coded Credentials in Gessler GmbH WEB-MASTER",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-1039",
"datePublished": "2024-02-01T21:38:48.454Z",
"dateReserved": "2024-01-29T15:59:58.085Z",
"dateUpdated": "2025-08-07T18:28:32.629Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11717 (GCVE-0-2024-11717)
Vulnerability from cvelistv5
Published
2025-01-02 16:08
Modified
2025-01-02 17:33
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Tokens in CTFd used for account activation and password resetting can be used interchangeably for these operations. When used, they are sent to the server as a GET parameter and they are not single use, which means, that during token expiration time an on-path attacker might reuse such a token to change user's password and take over the account. Moreover, the tokens also include base64 encoded user email.
This issue impacts releases up to 3.7.4 and was addressed by pull request 2679 https://github.com/CTFd/CTFd/pull/2679 included in 3.7.5 release.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11717",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-02T17:32:55.312090Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-02T17:33:59.325Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://seclists.org/fulldisclosure/2024/Dec/21"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CTFd",
"repo": "https://github.com/CTFd/CTFd",
"vendor": "CTFd",
"versions": [
{
"lessThanOrEqual": "3.7.4",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "B\u0142a\u017cej Adamczyk (efigo.pl)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eTokens in CTFd used for account activation and password resetting can be used interchangeably for these operations. When used, they are sent to the server as a GET parameter and they are not single use, which means, that during token expiration time an on-path attacker might reuse such a token to change user\u0027s password and take over the account.\u0026nbsp;Moreover, the tokens also include base64 encoded user email.\u003c/div\u003e\u003cdiv\u003e\u003cdiv\u003eThis issue impacts releases up to 3.7.4 and was addressed by \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/CTFd/CTFd/pull/2679\"\u003epull request 2679\u003c/a\u003e\u0026nbsp;included in 3.7.5 release.\u003c/div\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cbr\u003e"
}
],
"value": "Tokens in CTFd used for account activation and password resetting can be used interchangeably for these operations. When used, they are sent to the server as a GET parameter and they are not single use, which means, that during token expiration time an on-path attacker might reuse such a token to change user\u0027s password and take over the account.\u00a0Moreover, the tokens also include base64 encoded user email.\n\nThis issue impacts releases up to 3.7.4 and was addressed by pull request 2679 https://github.com/CTFd/CTFd/pull/2679 \u00a0included in 3.7.5 release."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-837",
"description": "CWE-837 Improper Enforcement of a Single, Unique Action",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1391",
"description": "CWE-1391 Use of Weak Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-02T16:08:20.242Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/en/posts/2025/01/CVE-2024-11716"
},
{
"tags": [
"product"
],
"url": "https://ctfd.io/"
},
{
"tags": [
"patch"
],
"url": "https://github.com/CTFd/CTFd/pull/2679"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://blog.ctfd.io/ctfd-3-7-5/"
},
{
"tags": [
"mailing-list",
"exploit"
],
"url": "https://seclists.org/fulldisclosure/2024/Dec/21"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2024-11717",
"datePublished": "2025-01-02T16:08:20.242Z",
"dateReserved": "2024-11-25T17:36:39.487Z",
"dateUpdated": "2025-01-02T17:33:59.325Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12728 (GCVE-0-2024-12728)
Vulnerability from cvelistv5
Published
2024-12-19 20:48
Modified
2024-12-21 04:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1391 - Use of Weak Credentials
Summary
A weak credentials vulnerability potentially allows privileged system access via SSH to Sophos Firewall older than version 20.0 MR3 (20.0.3).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Sophos | Sophos Firewall |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12728",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-20T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-21T04:55:57.132Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Sophos Firewall",
"vendor": "Sophos",
"versions": [
{
"lessThan": "20.0 MR3 (20.0.3)",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA weak credentials vulnerability potentially allows privileged system access via SSH to Sophos Firewall older than version 20.0 MR3 (20.0.3).\u003c/p\u003e"
}
],
"value": "A weak credentials vulnerability potentially allows privileged system access via SSH to Sophos Firewall older than version 20.0 MR3 (20.0.3)."
}
],
"impacts": [
{
"capecId": "CAPEC-212",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-212 Functionality Misuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1391",
"description": "CWE-1391 Use of Weak Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T20:54:15.418Z",
"orgId": "526a354d-e866-4174-ae7d-bac848e5c4c5",
"shortName": "Sophos"
},
"references": [
{
"url": "https://www.sophos.com/en-us/security-advisories/sophos-sa-20241219-sfos-rce"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "526a354d-e866-4174-ae7d-bac848e5c4c5",
"assignerShortName": "Sophos",
"cveId": "CVE-2024-12728",
"datePublished": "2024-12-19T20:48:53.477Z",
"dateReserved": "2024-12-17T18:22:16.790Z",
"dateUpdated": "2024-12-21T04:55:57.132Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21865 (GCVE-0-2024-21865)
Vulnerability from cvelistv5
Published
2024-03-25 04:11
Modified
2025-03-28 07:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1391 - Use of weak credentials
Summary
HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may connect to the product via SSH and use a shell.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| KDDI CORPORATION | HGW BL1500HM |
Version: Ver 002.001.013 and earlier |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-21865",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-17T15:29:40.852705Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-521",
"description": "CWE-521 Weak Password Requirements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-27T02:14:16.828Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:36.343Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.au.com/support/service/internet/guide/modem/bl1500hm/firmware/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU93546510/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HGW BL1500HM",
"vendor": "KDDI CORPORATION",
"versions": [
{
"status": "affected",
"version": "Ver 002.001.013 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may connect to the product via SSH and use a shell."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1391",
"description": "Use of weak credentials",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-28T07:38:26.719Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://kddi-tech.com/contents/appendix_L2_06.html#20304f4c-af1b-49fd-c3b5-8d1f55fd8b4f"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93546510/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-21865",
"datePublished": "2024-03-25T04:11:34.280Z",
"dateReserved": "2024-03-18T01:23:32.331Z",
"dateUpdated": "2025-03-28T07:38:26.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29071 (GCVE-0-2024-29071)
Vulnerability from cvelistv5
Published
2024-03-25 03:42
Modified
2025-03-28 07:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1391 - Use of weak credentials
Summary
HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may change the system settings.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| KDDI CORPORATION | HGW BL1500HM |
Version: Ver 002.001.013 and earlier |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:kddi:hgw_bli500hm_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "hgw_bli500hm_firmware",
"vendor": "kddi",
"versions": [
{
"lessThanOrEqual": "002.001.013",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-29071",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-04T13:53:58.969525Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T13:55:29.279Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:03:51.863Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.au.com/support/service/internet/guide/modem/bl1500hm/firmware/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU93546510/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HGW BL1500HM",
"vendor": "KDDI CORPORATION",
"versions": [
{
"status": "affected",
"version": "Ver 002.001.013 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may change the system settings."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1391",
"description": "Use of weak credentials",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-28T07:38:42.105Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://kddi-tech.com/contents/appendix_L2_06.html#20304f4c-af1b-49fd-c3b5-8d1f55fd8b4f"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93546510/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-29071",
"datePublished": "2024-03-25T03:42:31.070Z",
"dateReserved": "2024-03-18T01:23:31.527Z",
"dateUpdated": "2025-03-28T07:38:42.105Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-32759 (GCVE-0-2024-32759)
Vulnerability from cvelistv5
Published
2024-07-10 17:43
Modified
2024-08-02 02:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1391 - Use of Weak Credentials
Summary
Under certain circumstances the Software House C●CURE 9000 installer will utilize weak credentials.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Johnson Controls | Software House C•CURE 9000 |
Version: 0 < |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:johnsoncontrols:software_house_c-cure_9000:2.80:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "software_house_c-cure_9000",
"vendor": "johnsoncontrols",
"versions": [
{
"status": "affected",
"version": "2.80"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32759",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T14:32:52.725607Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T14:37:16.078Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:20:35.254Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Software House C\u2022CURE 9000",
"vendor": "Johnson Controls",
"versions": [
{
"lessThanOrEqual": "2.80",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Reid Wightman of Dragos"
}
],
"datePublic": "2024-07-09T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUnder certain circumstances the Software House C\u25cfCURE 9000 installer will utilize weak credentials. \u003c/span\u003e\n\n"
}
],
"value": "Under certain circumstances the Software House C\u25cfCURE 9000 installer will utilize weak credentials."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1391",
"description": "CWE-1391: Use of Weak Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T17:43:01.428Z",
"orgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
"shortName": "jci"
},
"references": [
{
"url": "https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-04"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate Software House C\u25cfCURE 9000 to at least version 2.90\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Update Software House C\u25cfCURE 9000 to at least version 2.90"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Johnson Controls Software House C\u25cfCURE 9000 installer password strength",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
"assignerShortName": "jci",
"cveId": "CVE-2024-32759",
"datePublished": "2024-07-10T17:43:01.428Z",
"dateReserved": "2024-04-17T17:26:35.181Z",
"dateUpdated": "2024-08-02T02:20:35.254Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.