Common Weakness Enumeration

CWE-1392

Allowed

Use of Default Credentials

Abstraction: Base · Status: Incomplete

The product uses default credentials (such as passwords or cryptographic keys) for potentially critical functionality.

191 vulnerabilities reference this CWE, most recent first.

CVE-2024-6535 (GCVE-0-2024-6535)

Vulnerability from cvelistv5 – Published: 2024-07-17 02:25 – Updated: 2025-11-20 19:54
VLAI
Title
Skupper: potential authentication bypass to skupper console via forged cookies
Summary
A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to bypass authentication to the Skupper console via a specially-crafted cookie.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
URL Tags
https://access.redhat.com/errata/RHSA-2024:4865 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:4871 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-6535 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2296024 issue-trackingx_refsource_REDHAT
Impacted products
Vendor Product Version
Affected: 0 , < 0.0.0-20240703184342-c26bce4079ff (custom)
Red Hat Service Interconnect 1.4 for RHEL 9 Unaffected: 1.4.7-1 , < * (rpm)
    cpe:/a:redhat:service_interconnect:1.4::el9
Create a notification for this product.
Red Hat Service Interconnect 1 for RHEL 9 Unaffected: 1.5.5-1 , < * (rpm)
    cpe:/a:redhat:service_interconnect:1::el9
Create a notification for this product.
Red Hat Red Hat Service Interconnect 1     cpe:/a:redhat:service_interconnect:1
Create a notification for this product.
Date Public
2024-07-17 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-6535",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-17T15:24:58.883446Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-18T15:16:27.046Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:41:03.493Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2024:4865",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:4865"
          },
          {
            "name": "RHSA-2024:4871",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:4871"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2024-6535"
          },
          {
            "name": "RHBZ#2296024",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2296024"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/skupperproject/skupper",
          "defaultStatus": "unaffected",
          "packageName": "skupper",
          "versions": [
            {
              "lessThan": "0.0.0-20240703184342-c26bce4079ff",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:service_interconnect:1.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "service-interconnect/skupper-flow-collector-rhel9",
          "product": "Service Interconnect 1.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.4.7-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:service_interconnect:1.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "service-interconnect/skupper-service-controller-rhel9",
          "product": "Service Interconnect 1.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.4.7-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:service_interconnect:1::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "service-interconnect/skupper-flow-collector-rhel9",
          "product": "Service Interconnect 1 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.5.5-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:service_interconnect:1::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "service-interconnect/skupper-service-controller-rhel9",
          "product": "Service Interconnect 1 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.5.5-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:service_interconnect:1"
          ],
          "defaultStatus": "affected",
          "packageName": "skupper",
          "product": "Red Hat Service Interconnect 1",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2024-07-17T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to bypass authentication to the Skupper console via a specially-crafted cookie."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1392",
              "description": "Use of Default Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-20T19:54:25.623Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:4865",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:4865"
        },
        {
          "name": "RHSA-2024:4871",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:4871"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-6535"
        },
        {
          "name": "RHBZ#2296024",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2296024"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-07-05T00:00:00.000Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-07-17T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Skupper: potential authentication bypass to skupper console via forged cookies",
      "x_redhatCweChain": "CWE-1392: Use of Default Credentials"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-6535",
    "datePublished": "2024-07-17T02:25:25.958Z",
    "dateReserved": "2024-07-05T18:48:04.548Z",
    "dateUpdated": "2025-11-20T19:54:25.623Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-6245 (GCVE-0-2024-6245)

Vulnerability from cvelistv5 – Published: 2024-10-28 16:42 – Updated: 2024-11-07 15:16
VLAI
Title
Default Credentials in ssh service for SmartPlay in Maruti Suzuki
Summary
Use of Default Credentials vulnerability in Maruti Suzuki SmartPlay on Linux (Infotainment Hub modules) allows attacker to try common or default usernames and passwords.The issue was detected on a 2022 Maruti Suzuki Brezza in India Market. This issue affects SmartPlay: 66T0.05.50.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Credits
Mohammed Shine
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-6245",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-28T17:32:12.842689Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-28T17:32:34.956Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "Infotainment Hub"
          ],
          "platforms": [
            "Linux"
          ],
          "product": "SmartPlay",
          "vendor": "Faurecia Clarion Electronics Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "66T0.05.50"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Mohammed Shine"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Use of Default Credentials vulnerability in Maruti Suzuki SmartPlay on Linux (Infotainment Hub modules) allows attacker to try common or default usernames and passwords.\u003cp\u003eThe issue was detected on a 2022 Maruti Suzuki Brezza in India Market.\u003c/p\u003e\u003cp\u003eThis issue affects SmartPlay: 66T0.05.50.\u003c/p\u003e"
            }
          ],
          "value": "Use of Default Credentials vulnerability in Maruti Suzuki SmartPlay on Linux (Infotainment Hub modules) allows attacker to try common or default usernames and passwords.The issue was detected on a 2022 Maruti Suzuki Brezza in India Market.\n\nThis issue affects SmartPlay: 66T0.05.50."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-70",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-70 Try Common or Default Usernames and Passwords"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1392",
              "description": "CWE-1392: Use of Default Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-07T15:16:26.982Z",
        "orgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
        "shortName": "ASRG"
      },
      "references": [
        {
          "tags": [
            "product"
          ],
          "url": "https://www.marutisuzuki.com/corporate/technology/smartplay-systems"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.global-infotainment-system.com/en/top.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Default Credentials in ssh service for SmartPlay in Maruti Suzuki",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
    "assignerShortName": "ASRG",
    "cveId": "CVE-2024-6245",
    "datePublished": "2024-10-28T16:42:52.194Z",
    "dateReserved": "2024-06-21T14:44:25.449Z",
    "dateUpdated": "2024-11-07T15:16:26.982Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-5632 (GCVE-0-2024-5632)

Vulnerability from cvelistv5 – Published: 2024-07-09 10:57 – Updated: 2024-08-01 21:18 Unsupported When Assigned
VLAI
Summary
Longse NVR (Network Video Recorder) model NVR3608PGE2W, as well as products based on this device, create a WiFi network with a default password. A user is neither advised to change it during the installation process, nor such a need is described in the manual. As the cameras from the same kit connect automatically, it is very probable for the default password to be left unchanged.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Longse Technology NVR3608PGE2W Affected: 0 , ≤ * (custom)
Create a notification for this product.
Zamel ZMB-01 Affected: 0 , ≤ * (custom)
Create a notification for this product.
Date Public
2024-07-09 10:00
Credits
Adam Zambrzycki
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-5632",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-09T13:23:30.916192Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-10T16:42:24.840Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:18:06.827Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "product",
              "x_transferred"
            ],
            "url": "https://zamel.com/pl/gardi/zestaw-monitoringu-bezprzewodowego-wi-fi-typ-zmb-01"
          },
          {
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://cert.pl/en/posts/2024/07/CVE-2024-5631/"
          },
          {
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://cert.pl/posts/2024/07/CVE-2024-5631/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "NVR3608PGE2W",
          "vendor": "Longse Technology",
          "versions": [
            {
              "lessThanOrEqual": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "ZMB-01",
          "vendor": "Zamel",
          "versions": [
            {
              "lessThanOrEqual": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Adam Zambrzycki"
        }
      ],
      "datePublic": "2024-07-09T10:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Longse NVR (Network Video Recorder) model\u0026nbsp;NVR3608PGE2W, as well as products based on this device, create a WiFi network with a default password.\u003cbr\u003eA user is neither advised to change it during the installation process, nor such a need is described in the manual. As the cameras from the same kit connect automatically, it is very probable for the default password to be left unchanged.\u0026nbsp;"
            }
          ],
          "value": "Longse NVR (Network Video Recorder) model\u00a0NVR3608PGE2W, as well as products based on this device, create a WiFi network with a default password.\nA user is neither advised to change it during the installation process, nor such a need is described in the manual. As the cameras from the same kit connect automatically, it is very probable for the default password to be left unchanged."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "ADJACENT",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1392",
              "description": "CWE-1392 Use of Default Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-09T10:57:39.740Z",
        "orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
        "shortName": "CERT-PL"
      },
      "references": [
        {
          "tags": [
            "product"
          ],
          "url": "https://zamel.com/pl/gardi/zestaw-monitoringu-bezprzewodowego-wi-fi-typ-zmb-01"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://cert.pl/en/posts/2024/07/CVE-2024-5631/"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://cert.pl/posts/2024/07/CVE-2024-5631/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "tags": [
        "unsupported-when-assigned"
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
    "assignerShortName": "CERT-PL",
    "cveId": "CVE-2024-5632",
    "datePublished": "2024-07-09T10:57:39.740Z",
    "dateReserved": "2024-06-04T14:42:03.704Z",
    "dateUpdated": "2024-08-01T21:18:06.827Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-5245 (GCVE-0-2024-5245)

Vulnerability from cvelistv5 – Published: 2024-05-23 22:07 – Updated: 2024-08-01 21:03
VLAI
Title
NETGEAR ProSAFE Network Management System Default Credentials Local Privilege Escalation Vulnerability
Summary
NETGEAR ProSAFE Network Management System Default Credentials Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the product installer. The issue results from the use of default MySQL credentials. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22755.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
zdi
References
Impacted products
Vendor Product Version
NETGEAR ProSAFE Network Management System Affected: 1.7.0.34 x64
Create a notification for this product.
netgear prosafe_network_management_system Affected: 1.7.0.34 x64
    cpe:2.3:a:netgear:prosafe_network_management_system:1.7.0.34:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-05-22 23:31
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:netgear:prosafe_network_management_system:1.7.0.34:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "prosafe_network_management_system",
            "vendor": "netgear",
            "versions": [
              {
                "status": "affected",
                "version": "1.7.0.34 x64"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-5245",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-24T19:43:24.161448Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T18:02:10.251Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:03:11.107Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ZDI-24-496",
            "tags": [
              "x_research-advisory",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-496/"
          },
          {
            "name": "vendor-provided URL",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://kb.netgear.com/000066164/Security-Advisory-for-Multiple-Vulnerabilities-on-the-NMS300-PSV-2024-0003-PSV-2024-0004"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "ProSAFE Network Management System",
          "vendor": "NETGEAR",
          "versions": [
            {
              "status": "affected",
              "version": "1.7.0.34 x64"
            }
          ]
        }
      ],
      "dateAssigned": "2024-05-22T21:06:18.361Z",
      "datePublic": "2024-05-22T23:31:56.929Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "NETGEAR ProSAFE Network Management System Default Credentials Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the product installer. The issue results from the use of default MySQL credentials. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22755."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1392",
              "description": "CWE-1392: Use of Default Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-23T22:07:01.049Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "name": "ZDI-24-496",
          "tags": [
            "x_research-advisory"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-496/"
        },
        {
          "name": "vendor-provided URL",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://kb.netgear.com/000066164/Security-Advisory-for-Multiple-Vulnerabilities-on-the-NMS300-PSV-2024-0003-PSV-2024-0004"
        }
      ],
      "source": {
        "lang": "en",
        "value": "191bb9f9c7b3a89d5a586e15299e24417a4aca4d"
      },
      "title": "NETGEAR ProSAFE Network Management System Default Credentials Local Privilege Escalation Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2024-5245",
    "datePublished": "2024-05-23T22:07:01.049Z",
    "dateReserved": "2024-05-22T21:06:18.288Z",
    "dateUpdated": "2024-08-01T21:03:11.107Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-4622 (GCVE-0-2024-4622)

Vulnerability from cvelistv5 – Published: 2024-05-15 16:54 – Updated: 2025-03-27 16:07
VLAI
Title
alpitronic Hypercharger EV Charger Use of Default Credentials
Summary
If misconfigured, alpitronic Hypercharger EV charging devices can expose a web interface protected by authentication. If the default credentials are not changed, an attacker can use public knowledge to access the device as an administrator.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Credits
Hanno Böck reported these vulnerabilities to CISA.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-4622",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-15T17:32:04.444201Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:54:05.980Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-03-27T16:07:24.605Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://industrydecarbonization.com/news/insecure-password-allowed-administrative-access-to-electric-vehicle-chargers.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-130-02"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Hypercharger EV Charger",
          "vendor": "alpitronic",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Hanno B\u00f6ck reported these vulnerabilities to CISA."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\nIf misconfigured, alpitronic Hypercharger EV charging devices can expose a web interface \nprotected by authentication. If the default credentials are not changed,\n an attacker can use public knowledge to access the device as an \nadministrator.\n\n"
            }
          ],
          "value": "If misconfigured, alpitronic Hypercharger EV charging devices can expose a web interface \nprotected by authentication. If the default credentials are not changed,\n an attacker can use public knowledge to access the device as an \nadministrator."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1392",
              "description": "CWE-1392",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-15T16:54:08.150Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-130-02"
        }
      ],
      "source": {
        "advisory": "ICSA-24-130-02",
        "discovery": "EXTERNAL"
      },
      "title": "alpitronic Hypercharger EV Charger Use of Default Credentials",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\u003cp\u003ealpitronic recommends users change the default credentials for all charging devices.\u003c/p\u003e\n\u003cp\u003ealpitronic advises that the interface should be connected only to \ninternal segregated and access-controlled networks and not exposed to \nthe public internet/web.\u003c/p\u003e\n\u003cp\u003eWhen informed of these vulnerabilities, alpitronic, in conjunction \nwith and/or on behalf of affected clients, disabled the interface on any\n exposed devices and all clients were contacted directly and reminded \nthat the interface is not intended to be visible on the public Internet \nand that default passwords should be changed.\u003c/p\u003e\n\u003cp\u003ealpitronic are also applying mitigations to all devices in the field \nand to new devices in production. New devices will come with unique \npasswords. Devices using the default password will be automatically \nassigned new unique passwords, or at first access if the device has not \nyet been installed. Devices with the default passwords already changed \nwill not be affected. New passwords can be obtained by scanning the \nQR-Code inside the charger or in DMS portal hyperdoc. Contact \nHypercharger support with any questions about newly assigned passwords.\u003c/p\u003e\n\n"
            }
          ],
          "value": "alpitronic recommends users change the default credentials for all charging devices.\n\n\nalpitronic advises that the interface should be connected only to \ninternal segregated and access-controlled networks and not exposed to \nthe public internet/web.\n\n\nWhen informed of these vulnerabilities, alpitronic, in conjunction \nwith and/or on behalf of affected clients, disabled the interface on any\n exposed devices and all clients were contacted directly and reminded \nthat the interface is not intended to be visible on the public Internet \nand that default passwords should be changed.\n\n\nalpitronic are also applying mitigations to all devices in the field \nand to new devices in production. New devices will come with unique \npasswords. Devices using the default password will be automatically \nassigned new unique passwords, or at first access if the device has not \nyet been installed. Devices with the default passwords already changed \nwill not be affected. New passwords can be obtained by scanning the \nQR-Code inside the charger or in DMS portal hyperdoc. Contact \nHypercharger support with any questions about newly assigned passwords."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2024-4622",
    "datePublished": "2024-05-15T16:54:08.150Z",
    "dateReserved": "2024-05-07T19:41:26.741Z",
    "dateUpdated": "2025-03-27T16:07:24.605Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-4007 (GCVE-0-2024-4007)

Vulnerability from cvelistv5 – Published: 2024-07-01 12:06 – Updated: 2024-08-01 20:26
VLAI
Title
Hard coded default credential contained in install package
Summary
Default credential in install package in ABB ASPECT; NEXUS Series; MATRIX Series version 3.07 allows attacker to login to product instances wrongly configured.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
ABB
Impacted products
Vendor Product Version
ABB ASPECT Enterprise (ASP-ENT-x) Affected: 3.07
Create a notification for this product.
ABB NEXUS Series (NEX-2x, NEXUS-3-x) Affected: 3.07
Create a notification for this product.
ABB MATRIX Series(MAT-x) Affected: 3.07
Create a notification for this product.
abb aspect-ent-2_firmware Affected: 3.0.0 , < 3.07.02 (custom)
    cpe:2.3:o:abb:aspect-ent-2_firmware:3.0.0:*:*:*:*:*:*:*
Create a notification for this product.
abb aspect-ent-96_firmware Affected: 3.0.0 , < 3.07.02 (custom)
    cpe:2.3:o:abb:aspect-ent-96_firmware:3.0.0:*:*:*:*:*:*:*
Create a notification for this product.
abb nexus-2128-a_firmware Affected: 3.0.0 , < 3.07.02 (custom)
    cpe:2.3:o:abb:nexus-2128-a_firmware:3.0.0:*:*:*:*:*:*:*
Create a notification for this product.
abb nexus-2128-f_firmware Affected: 3.0.0 , < 3.07.02 (custom)
    cpe:2.3:o:abb:nexus-2128-f_firmware:3.0.0:*:*:*:*:*:*:*
Create a notification for this product.
abb nexus-2128_firmware Affected: 3.0.0 , < 3.07.02 (custom)
    cpe:2.3:o:abb:nexus-2128_firmware:3.0.0:*:*:*:*:*:*:*
Create a notification for this product.
abb nexus-2128-g_firmware Affected: 3.0.0 , < 3.07.02 (custom)
    cpe:2.3:o:abb:nexus-2128-g_firmware:3.0.0:*:*:*:*:*:*:*
Create a notification for this product.
abb nexus-264-a_firmware Affected: 3.0.0 , < 3.07.02 (custom)
    cpe:2.3:o:abb:nexus-264-a_firmware:3.0.0:*:*:*:*:*:*:*
Create a notification for this product.
abb nexus-264-f_firmware Affected: 3.0.0 , < 3.07.02 (custom)
    cpe:2.3:o:abb:nexus-264-f_firmware:3.0.0:*:*:*:*:*:*:*
Create a notification for this product.
abb nexus-264_firmware Affected: 3.0.0 , < 3.07.02 (custom)
    cpe:2.3:o:abb:nexus-264_firmware:3.0.0:*:*:*:*:*:*:*
Create a notification for this product.
abb nexus-264-g_firmware Affected: 3.0.0 , < 3.07.02 (custom)
    cpe:2.3:o:abb:nexus-264-g_firmware:3.0.0:*:*:*:*:*:*:*
Create a notification for this product.
abb nexus-3-2128_firmware Affected: 3.0.0 , < 3.07.02 (custom)
    cpe:2.3:o:abb:nexus-3-2128_firmware:3.0.0:*:*:*:*:*:*:*
Create a notification for this product.
abb nexus-3-264_firmware Affected: 3.0.0 , < 3.07.02 (custom)
    cpe:2.3:o:abb:nexus-3-264_firmware:3.0.0:*:*:*:*:*:*:*
Create a notification for this product.
abb matrix-11_firmware Affected: 3.0.0 , < 3.07.02 (custom)
    cpe:2.3:o:abb:matrix-11_firmware:3.0.0:*:*:*:*:*:*:*
Create a notification for this product.
abb matrix-216_firmware Affected: 3.0.0 , < 3.07.02 (custom)
    cpe:2.3:o:abb:matrix-216_firmware:3.0.0:*:*:*:*:*:*:*
Create a notification for this product.
abb matrix-232_firmware Affected: 3.0.0 , < 3.07.02 (custom)
    cpe:2.3:o:abb:matrix-232_firmware:3.0.0:*:*:*:*:*:*:*
Create a notification for this product.
abb matrix-264_firmware Affected: 3.0.0 , < 3.07.02 (custom)
    cpe:2.3:o:abb:matrix-264_firmware:3.0.0:*:*:*:*:*:*:*
Create a notification for this product.
abb aspect-ent-12_firmware Affected: 3.0.0 , < 3.07.02 (custom)
    cpe:2.3:o:abb:aspect-ent-12_firmware:3.0.0:*:*:*:*:*:*:*
Create a notification for this product.
abb aspect-ent-256_firmware Affected: 3.0.0 , < 3.07.02 (custom)
    cpe:2.3:o:abb:aspect-ent-256_firmware:3.0.0:*:*:*:*:*:*:*
Create a notification for this product.
abb matrix-296_firmware Affected: 3.0.0 , < 3.07.02 (custom)
    cpe:2.3:o:abb:matrix-296_firmware:3.0.0:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-07-01 03:30
Credits
ABB likes to thank https://divd.nl for reporting the vulnerability in responsible disclosure.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:abb:aspect-ent-2_firmware:3.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "aspect-ent-2_firmware",
            "vendor": "abb",
            "versions": [
              {
                "lessThan": "3.07.02",
                "status": "affected",
                "version": "3.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:abb:aspect-ent-96_firmware:3.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "aspect-ent-96_firmware",
            "vendor": "abb",
            "versions": [
              {
                "lessThan": "3.07.02",
                "status": "affected",
                "version": "3.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:abb:nexus-2128-a_firmware:3.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "nexus-2128-a_firmware",
            "vendor": "abb",
            "versions": [
              {
                "lessThan": "3.07.02",
                "status": "affected",
                "version": "3.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:abb:nexus-2128-f_firmware:3.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "nexus-2128-f_firmware",
            "vendor": "abb",
            "versions": [
              {
                "lessThan": "3.07.02",
                "status": "affected",
                "version": "3.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:abb:nexus-2128_firmware:3.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "nexus-2128_firmware",
            "vendor": "abb",
            "versions": [
              {
                "lessThan": "3.07.02",
                "status": "affected",
                "version": "3.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:abb:nexus-2128-g_firmware:3.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "nexus-2128-g_firmware",
            "vendor": "abb",
            "versions": [
              {
                "lessThan": "3.07.02",
                "status": "affected",
                "version": "3.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:abb:nexus-264-a_firmware:3.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "nexus-264-a_firmware",
            "vendor": "abb",
            "versions": [
              {
                "lessThan": "3.07.02",
                "status": "affected",
                "version": "3.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:abb:nexus-264-f_firmware:3.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "nexus-264-f_firmware",
            "vendor": "abb",
            "versions": [
              {
                "lessThan": "3.07.02",
                "status": "affected",
                "version": "3.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:abb:nexus-264_firmware:3.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "nexus-264_firmware",
            "vendor": "abb",
            "versions": [
              {
                "lessThan": "3.07.02",
                "status": "affected",
                "version": "3.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:abb:nexus-264-g_firmware:3.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "nexus-264-g_firmware",
            "vendor": "abb",
            "versions": [
              {
                "lessThan": "3.07.02",
                "status": "affected",
                "version": "3.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:abb:nexus-3-2128_firmware:3.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "nexus-3-2128_firmware",
            "vendor": "abb",
            "versions": [
              {
                "lessThan": "3.07.02",
                "status": "affected",
                "version": "3.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:abb:nexus-3-264_firmware:3.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "nexus-3-264_firmware",
            "vendor": "abb",
            "versions": [
              {
                "lessThan": "3.07.02",
                "status": "affected",
                "version": "3.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:abb:matrix-11_firmware:3.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "matrix-11_firmware",
            "vendor": "abb",
            "versions": [
              {
                "lessThan": "3.07.02",
                "status": "affected",
                "version": "3.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:abb:matrix-216_firmware:3.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "matrix-216_firmware",
            "vendor": "abb",
            "versions": [
              {
                "lessThan": "3.07.02",
                "status": "affected",
                "version": "3.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:abb:matrix-232_firmware:3.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "matrix-232_firmware",
            "vendor": "abb",
            "versions": [
              {
                "lessThan": "3.07.02",
                "status": "affected",
                "version": "3.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:abb:matrix-264_firmware:3.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "matrix-264_firmware",
            "vendor": "abb",
            "versions": [
              {
                "lessThan": "3.07.02",
                "status": "affected",
                "version": "3.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:abb:aspect-ent-12_firmware:3.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "aspect-ent-12_firmware",
            "vendor": "abb",
            "versions": [
              {
                "lessThan": "3.07.02",
                "status": "affected",
                "version": "3.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:abb:aspect-ent-256_firmware:3.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "aspect-ent-256_firmware",
            "vendor": "abb",
            "versions": [
              {
                "lessThan": "3.07.02",
                "status": "affected",
                "version": "3.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:abb:matrix-296_firmware:3.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "matrix-296_firmware",
            "vendor": "abb",
            "versions": [
              {
                "lessThan": "3.07.02",
                "status": "affected",
                "version": "3.0.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-4007",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-02T19:33:48.062617Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-03T14:13:05.048Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T20:26:57.247Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A6101\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://new.abb.com/low-voltage/de/produkte/gebaeudeautomation/produktsortiment/cylon/produkte/aspect-enterprise",
          "defaultStatus": "unaffected",
          "packageName": "Installer",
          "platforms": [
            "Linux"
          ],
          "product": "ASPECT Enterprise (ASP-ENT-x)",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "3.07"
            }
          ]
        },
        {
          "collectionURL": "https://new.abb.com/low-voltage/de/produkte/gebaeudeautomation/produktsortiment/cylon/produkte/nexus-series",
          "defaultStatus": "unaffected",
          "packageName": "Installer",
          "platforms": [
            "Linux"
          ],
          "product": "NEXUS Series (NEX-2x, NEXUS-3-x)",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "3.07"
            }
          ]
        },
        {
          "collectionURL": "https://new.abb.com/low-voltage/de/produkte/gebaeudeautomation/produktsortiment/cylon/produkte/matrix",
          "defaultStatus": "unaffected",
          "packageName": "Installer",
          "platforms": [
            "Linux"
          ],
          "product": "MATRIX Series(MAT-x)",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "3.07"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "ABB likes to thank https://divd.nl for reporting the vulnerability in responsible disclosure."
        }
      ],
      "datePublic": "2024-07-01T03:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Default credential in install package in ABB ASPECT; NEXUS Series; MATRIX Series version 3.07 allows attacker to login to product instances wrongly configured.\u003cbr\u003e"
            }
          ],
          "value": "Default credential in install package in ABB ASPECT; NEXUS Series; MATRIX Series version 3.07 allows attacker to login to product instances wrongly configured."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-49",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-49 Password Brute Forcing"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NO",
            "Recovery": "USER",
            "Safety": "NEGLIGIBLE",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "ADJACENT",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "RED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "DIFFUSE",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:U/V:D/RE:L/U:Red",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "LOW"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1392",
              "description": "CWE-1392: Use of Default Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-02T00:10:15.764Z",
        "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "shortName": "ABB"
      },
      "references": [
        {
          "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A6101\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\nABB Strongly recommends the following actions on any released SW version of ASPECT:\n- Change the PHPmyAdmin Password according to the system manual:\u0026nbsp; All customers who operate the ASPECT System with its default password are recommended to replace this default password with a unique, secure password, containing a\nmix of characters, numbers, and special characters with at least 10 characters in length.\n- Never expose open ports to the ASPECT product towards the Internet or any insecure network.\n- When remote access is required, use secure methods, such as Virtual Private Networks (VPNs).\nRecognize that VPNs may have vulnerabilities and should be updated to the most current version\navailable. Also, understand that VPNs are only as secure as the connected devices.\n- ABB recommends that customers shall apply the latest product update at the earliest convenience.\n\n\n\u003cbr\u003e"
            }
          ],
          "value": "ABB Strongly recommends the following actions on any released SW version of ASPECT:\n- Change the PHPmyAdmin Password according to the system manual:\u00a0 All customers who operate the ASPECT System with its default password are recommended to replace this default password with a unique, secure password, containing a\nmix of characters, numbers, and special characters with at least 10 characters in length.\n- Never expose open ports to the ASPECT product towards the Internet or any insecure network.\n- When remote access is required, use secure methods, such as Virtual Private Networks (VPNs).\nRecognize that VPNs may have vulnerabilities and should be updated to the most current version\navailable. Also, understand that VPNs are only as secure as the connected devices.\n- ABB recommends that customers shall apply the latest product update at the earliest convenience."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Hard coded default credential contained in install package",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\nASPECT system shall not be connected directly to untrusted networks such as the Internet.\nIf remote access to an ASPECT system is a customer requirement, the system shall operate behind a firewall. User accessing ASPECT remotely shall do this using a VPN Gateway allowing access to the particular\nnetwork segment where ASPECT is installed and configured in.\nNote: it is crucial that the VPN Gateway and Network is setup in accordance with best industry standards and maintained in terms of security patches for all related components.\nAny default credentials shall be exchanged with a unique credential supporting adequate strength. \n\n\u003cbr\u003e"
            }
          ],
          "value": "ASPECT system shall not be connected directly to untrusted networks such as the Internet.\nIf remote access to an ASPECT system is a customer requirement, the system shall operate behind a firewall. User accessing ASPECT remotely shall do this using a VPN Gateway allowing access to the particular\nnetwork segment where ASPECT is installed and configured in.\nNote: it is crucial that the VPN Gateway and Network is setup in accordance with best industry standards and maintained in terms of security patches for all related components.\nAny default credentials shall be exchanged with a unique credential supporting adequate strength."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
    "assignerShortName": "ABB",
    "cveId": "CVE-2024-4007",
    "datePublished": "2024-07-01T12:06:53.048Z",
    "dateReserved": "2024-04-19T17:08:37.839Z",
    "dateUpdated": "2024-08-01T20:26:57.247Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-49621 (GCVE-0-2023-49621)

Vulnerability from cvelistv5 – Published: 2024-01-09 10:00 – Updated: 2025-06-17 20:39
VLAI
Summary
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The "intermediate installation" system state of the affected application uses default credential with admin privileges. An attacker could use the credentials to gain complete control of the affected device.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Siemens SIMATIC CN 4100 Affected: All versions < V2.7
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:01:25.852Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-777015.pdf"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-49621",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-01-23T05:01:44.085293Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-17T20:39:17.414Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CN 4100",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.7"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SIMATIC CN 4100 (All versions \u003c V2.7). The \"intermediate installation\" system state of the affected application uses default credential with admin privileges. An attacker could use the credentials to gain complete control of the affected device."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1392",
              "description": "CWE-1392: Use of Default Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-09T10:00:11.770Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-777015.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2023-49621",
    "datePublished": "2024-01-09T10:00:11.770Z",
    "dateReserved": "2023-11-28T10:01:06.679Z",
    "dateUpdated": "2025-06-17T20:39:17.414Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-40704 (GCVE-0-2023-40704)

Vulnerability from cvelistv5 – Published: 2024-07-18 16:33 – Updated: 2025-08-27 20:32
VLAI
Title
Philips Vue PACS Use of Default Credentials
Summary
The product does not require unique and complex passwords to be created during installation. Using Philips's default password could jeopardize the PACS system if the password was hacked or leaked. An attacker could gain access to the database impacting system availability and data integrity.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Philips Vue PACS Affected: 0 , < 12.2.8.410 (custom)
Create a notification for this product.
philips vue_pacs Affected: 0 , < 12.2.8.410 (custom)
    cpe:2.3:a:philips:vue_pacs:*:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-07-18 15:00
Credits
TAS Health NZ and Camiel van Es reported these vulnerabilities to Philips.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:philips:vue_pacs:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "vue_pacs",
            "vendor": "philips",
            "versions": [
              {
                "lessThan": "12.2.8.410",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-40704",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-18T17:50:31.631061Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-27T20:32:53.978Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T18:38:51.075Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-200-01"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.philips.com/productsecurity"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Vue PACS",
          "vendor": "Philips",
          "versions": [
            {
              "lessThan": "12.2.8.410",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "TAS Health NZ and Camiel van Es reported these vulnerabilities to Philips."
        }
      ],
      "datePublic": "2024-07-18T15:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\nThe product does not require unique and complex passwords to be created \nduring installation. Using Philips\u0027s default password could jeopardize \nthe PACS system if the password was hacked or leaked. An attacker could \ngain access to the database impacting system availability and data \nintegrity.\n\n\u003c/span\u003e\n\n\u003c/span\u003e"
            }
          ],
          "value": "The product does not require unique and complex passwords to be created \nduring installation. Using Philips\u0027s default password could jeopardize \nthe PACS system if the password was hacked or leaked. An attacker could \ngain access to the database impacting system availability and data \nintegrity."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "HIGH",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1392",
              "description": "CWE-1392 Use of Default Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-09T20:17:10.791Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-200-01"
        },
        {
          "url": "http://www.philips.com/productsecurity"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003ePhilips recommends the following mitigations:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFor CVE-2021-28165, Philips recommends configuring the Vue PACS \nenvironment per D000763414 \u2013 Vue_PACS_12_Ports_Protocols_Services_Guide \navailable on \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://incenter.medical.philips.com/Default.aspx?tabid=867\"\u003eIncenter\u003c/a\u003e. Vue PACS version 12.2.8.410* released in October 2023 prevents this vulnerability.\u003c/li\u003e\n\u003cli\u003eFor CVE-2023-40704, Philips recommends no action needed due to low \nrisk of exploitability, but customers can request that Philips update \ndatabase password(s).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFor managed services users, new releases will be made available upon \nresource availability. Releases are subject to country specific \nregulations. Users with questions regarding their specific Philips Vue \nPACS installations and new release eligibility should contact their \nlocal Philips sales representative or submit a request in the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.informatics.support.philips.com/csm\"\u003ePhilips Informatics Support portal\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eRefer to the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.philips.com/productsecurity\"\u003ePhilips advisory\u003c/a\u003e for more details.\n\n\u003cbr\u003e\u003c/p\u003e"
            }
          ],
          "value": "Philips recommends the following mitigations:\n\n\n\n  *  For CVE-2021-28165, Philips recommends configuring the Vue PACS \nenvironment per D000763414 \u2013 Vue_PACS_12_Ports_Protocols_Services_Guide \navailable on  Incenter https://incenter.medical.philips.com/Default.aspx . Vue PACS version 12.2.8.410* released in October 2023 prevents this vulnerability.\n\n  *  For CVE-2023-40704, Philips recommends no action needed due to low \nrisk of exploitability, but customers can request that Philips update \ndatabase password(s).\n\n\n\n\nFor managed services users, new releases will be made available upon \nresource availability. Releases are subject to country specific \nregulations. Users with questions regarding their specific Philips Vue \nPACS installations and new release eligibility should contact their \nlocal Philips sales representative or submit a request in the  Philips Informatics Support portal https://www.informatics.support.philips.com/csm .\n\n\nRefer to the  Philips advisory https://www.philips.com/productsecurity  for more details."
        }
      ],
      "source": {
        "advisory": "ICSMA-24-200-01",
        "discovery": "EXTERNAL"
      },
      "title": "Philips Vue PACS Use of Default Credentials",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2023-40704",
    "datePublished": "2024-07-18T16:33:27.444Z",
    "dateReserved": "2023-08-21T22:12:52.587Z",
    "dateUpdated": "2025-08-27T20:32:53.978Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-30801 (GCVE-0-2023-30801)

Vulnerability from cvelistv5 – Published: 2023-10-10 13:46 – Updated: 2025-11-21 16:15
VLAI
Title
qBittorrent Web UI Default Credentials Lead to RCE
Summary
All versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled. The administrator is not forced to change the default credentials. As of 4.5.5, this issue has not been fixed. A remote attacker can use the default credentials to authenticate and execute arbitrary operating system commands using the "external program" feature in the web user interface. This was reportedly exploited in the wild in March 2023.
CWE
Assigner
Impacted products
Vendor Product Version
qBittorrent qBittorrent client Affected: 0 , ≤ 4.5.5 (1.2.6)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:37:15.452Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "issue-tracking",
              "x_transferred"
            ],
            "url": "https://github.com/qbittorrent/qBittorrent/issues/18731"
          },
          {
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://vulncheck.com/advisories/qbittorrent-default-creds"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T5WXBKELVZFZNIDONIJESOCSRPIQNCGI/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U4BNFJR3ZWVLE2YSYIQYBWVDQBBZOLEL/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "platforms": [
            "Windows",
            "Linux",
            "MacOS"
          ],
          "product": "qBittorrent client",
          "vendor": "qBittorrent",
          "versions": [
            {
              "lessThanOrEqual": "4.5.5",
              "status": "affected",
              "version": "0",
              "versionType": "1.2.6"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:qbittorrent:qbittorrent:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "4.5.5",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "All versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled. The administrator is not forced to change the default credentials. As of 4.5.5, this issue has not been fixed. A remote attacker can use the default credentials to authenticate and execute arbitrary operating system commands using the \"external program\" feature in the web user interface. This was reportedly exploited in the wild in March 2023.\u003cbr\u003e"
            }
          ],
          "value": "All versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled. The administrator is not forced to change the default credentials. As of 4.5.5, this issue has not been fixed. A remote attacker can use the default credentials to authenticate and execute arbitrary operating system commands using the \"external program\" feature in the web user interface. This was reportedly exploited in the wild in March 2023."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-70",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-70 Try Common or Default Usernames and Passwords"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1392",
              "description": "CWE-1392: Use of Default Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-21T16:15:48.956Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/qbittorrent/qBittorrent/issues/18731"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vulncheck.com/advisories/qbittorrent-default-creds"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T5WXBKELVZFZNIDONIJESOCSRPIQNCGI/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U4BNFJR3ZWVLE2YSYIQYBWVDQBBZOLEL/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "qBittorrent Web UI Default Credentials Lead to RCE",
      "x_generator": {
        "engine": "vulncheck"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2023-30801",
    "datePublished": "2023-10-10T13:46:46.775Z",
    "dateReserved": "2023-04-18T10:31:45.962Z",
    "dateUpdated": "2025-11-21T16:15:48.956Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-30603 (GCVE-0-2023-30603)

Vulnerability from cvelistv5 – Published: 2023-06-02 00:00 – Updated: 2025-01-08 20:00
VLAI
Title
Hitron Technologies Inc. CODA-5310 - Using default credentials
Summary
Hitron Technologies CODA-5310 Telnet function with the default account and password, and there is no warning or prompt to ask users to change the default password and account. An unauthenticated remote attackers can exploit this vulnerability to obtain the administrator’s privilege, resulting in performing arbitrary system operation or disrupt service.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Date Public
2023-05-01 16:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:28:51.694Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.twcert.org.tw/tw/cp-132-7085-13321-1.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-30603",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-08T19:59:04.742872Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-08T20:00:45.438Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Hitron CODA-5310",
          "vendor": "Hitron Technologies Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "v7.2.4.7.1b3"
            }
          ]
        }
      ],
      "datePublic": "2023-05-01T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eHitron Technologies CODA-5310 Telnet function with the default account and password, and there is no warning or prompt to ask users to change the default password and account. An unauthenticated remote attackers can exploit this vulnerability to obtain the administrator\u2019s privilege, resulting in performing arbitrary system operation or disrupt service.\u003c/p\u003e"
            }
          ],
          "value": "Hitron Technologies CODA-5310 Telnet function with the default account and password, and there is no warning or prompt to ask users to change the default password and account. An unauthenticated remote attackers can exploit this vulnerability to obtain the administrator\u2019s privilege, resulting in performing arbitrary system operation or disrupt service."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1392",
              "description": "CWE-1392: Use of Default Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-14T03:47:30.952Z",
        "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "shortName": "twcert"
      },
      "references": [
        {
          "url": "https://www.twcert.org.tw/tw/cp-132-7085-13321-1.html"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eHitron Technologies Inc. has provided a problem-solving version to the internet service provider and informed them to upgrade. If there are any issues, please contact the network provider.\u003c/p\u003e"
            }
          ],
          "value": "Hitron Technologies Inc. has provided a problem-solving version to the internet service provider and informed them to upgrade. If there are any issues, please contact the network provider."
        }
      ],
      "source": {
        "advisory": "TVN-202304004",
        "discovery": "EXTERNAL"
      },
      "title": "Hitron Technologies Inc. CODA-5310 - Using default credentials",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
    "assignerShortName": "twcert",
    "cveId": "CVE-2023-30603",
    "datePublished": "2023-06-02T00:00:00.000Z",
    "dateReserved": "2023-04-13T00:00:00.000Z",
    "dateUpdated": "2025-01-08T20:00:45.438Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation
Requirements

Prohibit use of default, hard-coded, or other values that do not vary for each installation of the product - especially for separate organizations.

Mitigation
Architecture and Design

Force the administrator to change the credential upon installation.

Mitigation
Installation Operation

The product administrator could change the defaults upon installation or during operation.

No CAPEC attack patterns related to this CWE.