Common Weakness Enumeration

CWE-256

Allowed

Plaintext Storage of a Password

Abstraction: Base · Status: Incomplete

The product stores a password in plaintext within resources such as memory or files.

397 vulnerabilities reference this CWE, most recent first.

CVE-2024-25138 (GCVE-0-2024-25138)

Vulnerability from cvelistv5 – Published: 2024-03-26 23:01 – Updated: 2024-08-02 18:55
VLAI
Title
AutomationDirect C-MORE EA9 HMI Plaintext Storage of a Password
Summary
In AutomationDirect C-MORE EA9 HMI, credentials used by the platform are stored as plain text on the device.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Date Public
2024-03-26 19:18
Credits
Tomer Goldschmidt of Claroty Research - Team82 reported these vulnerabilities to CISA.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T23:36:21.700Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "government-resource",
              "x_transferred"
            ],
            "url": "https://https://www.cisa.gov/news-events/ics-advisories/icsa-24-086-01"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-25138",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-02T18:42:16.488185Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-02T18:55:41.344Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "C-MORE EA9 HMI EA9-T6CL",
          "vendor": "AutomationDirect",
          "versions": [
            {
              "lessThanOrEqual": "6.77",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "C-MORE EA9 HMI EA9-T7CL",
          "vendor": "AutomationDirect",
          "versions": [
            {
              "lessThanOrEqual": "6.77",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "C-MORE EA9 HMI EA0-T7CL-R",
          "vendor": "AutomationDirect",
          "versions": [
            {
              "lessThanOrEqual": "6.77",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "C-MORE EA9 HMI EA9-T8CL",
          "vendor": "AutomationDirect",
          "versions": [
            {
              "lessThanOrEqual": "6.77",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "C-MORE EA9 HMI EA9-T10CL",
          "vendor": "AutomationDirect",
          "versions": [
            {
              "lessThanOrEqual": "6.77",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "C-MORE EA9 HMI EA9-T10WCL",
          "vendor": "AutomationDirect",
          "versions": [
            {
              "lessThanOrEqual": "6.77",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "C-MORE EA9 HMI EA9-T12CL",
          "vendor": "AutomationDirect",
          "versions": [
            {
              "lessThanOrEqual": "6.77",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "C-MORE EA9 HMI EA9-T15CL",
          "vendor": "AutomationDirect",
          "versions": [
            {
              "lessThanOrEqual": "6.77",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "C-MORE EA9 HMI EA9-T15CL-R",
          "vendor": "AutomationDirect",
          "versions": [
            {
              "lessThanOrEqual": "6.77",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "C-MORE EA9 HMI EA9-RHMI",
          "vendor": "AutomationDirect",
          "versions": [
            {
              "lessThanOrEqual": "6.77",
              "status": "affected",
              "version": "0",
              "versionType": "c"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "C-MORE EA9 HMI EA9-PGMSW",
          "vendor": "AutomationDirect",
          "versions": [
            {
              "lessThanOrEqual": "6.77",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Tomer Goldschmidt of Claroty Research - Team82 reported these vulnerabilities to CISA."
        }
      ],
      "datePublic": "2024-03-26T19:18:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn AutomationDirect C-MORE EA9 HMI, \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecredentials used by the platform are stored as plain text on the device.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n"
            }
          ],
          "value": "\nIn AutomationDirect C-MORE EA9 HMI, \n\ncredentials used by the platform are stored as plain text on the device.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-256",
              "description": "CWE-256",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-26T23:15:37.216Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "government-resource"
          ],
          "url": "https://https://www.cisa.gov/news-events/ics-advisories/icsa-24-086-01"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAutomationDirect recommends that users update C-MORE EA9 HMI to \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.automationdirect.com/support/software-downloads\"\u003eV6.78\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "\nAutomationDirect recommends that users update C-MORE EA9 HMI to  V6.78 https://www.automationdirect.com/support/software-downloads .\n\n"
        }
      ],
      "source": {
        "advisory": "ICSA-24-086-01",
        "discovery": "EXTERNAL"
      },
      "title": "AutomationDirect C-MORE EA9 HMI Plaintext Storage of a Password",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2024-25138",
    "datePublished": "2024-03-26T23:01:40.197Z",
    "dateReserved": "2024-02-05T21:38:12.857Z",
    "dateUpdated": "2024-08-02T18:55:41.344Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-25052 (GCVE-0-2024-25052)

Vulnerability from cvelistv5 – Published: 2024-06-13 13:45 – Updated: 2024-08-01 23:36
VLAI
Title
IBM Jazz Reporting Service information disclosure
Summary
IBM Jazz Reporting Service 7.0.3 stores user credentials in plain clear text which can be read by an admin user. IBM X-Force ID: 283363.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-256 - Plaintext Storage of a Password
Assigner
ibm
Impacted products
Vendor Product Version
IBM Jazz Reporting Service Affected: 7.0.3
    cpe:2.3:a:ibm:jazz_reporting_service:7.0.3:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-25052",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-13T15:34:14.741492Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:22:50.918Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T23:36:21.578Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://https://www.ibm.com/support/pages/node/7157232"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/283363"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:jazz_reporting_service:7.0.3:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Jazz Reporting Service",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Jazz Reporting Service 7.0.3 stores user credentials in plain clear text which can be read by an admin user. IBM X-Force ID:  283363."
            }
          ],
          "value": "IBM Jazz Reporting Service 7.0.3 stores user credentials in plain clear text which can be read by an admin user. IBM X-Force ID:  283363."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-256",
              "description": "CWE-256 Plaintext Storage of a Password",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-13T13:45:31.989Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://https://www.ibm.com/support/pages/node/7157232"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/283363"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Jazz Reporting Service information disclosure",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2024-25052",
    "datePublished": "2024-06-13T13:45:31.989Z",
    "dateReserved": "2024-02-03T14:49:42.764Z",
    "dateUpdated": "2024-08-01T23:36:21.578Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-22432 (GCVE-0-2024-22432)

Vulnerability from cvelistv5 – Published: 2024-01-25 14:53 – Updated: 2024-08-29 13:43
VLAI
Summary
Networker 19.9 and all prior versions contains a Plain-text Password stored in temporary config file during backup duration in NMDA MySQL Database backups. User has low privilege access to Networker Client system could potentially exploit this vulnerability, leading to the disclosure of configured MySQL Database user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application Database with privileges of the compromised account.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-256 - Plaintext Storage of a Password
Assigner
References
Impacted products
Vendor Product Version
Dell NetWorker Module for Databases and Applications - Oracle Affected: 19.9 , ≤ 19.9.0.3 (semver)
Affected: 19.8 , ≤ 19.8.0.4 (semver)
Affected: 19.7 , ≤ 19.7.0.5 (semver)
Affected: 19.7.1
Affected: 0 , < 19.7 (semver)
Create a notification for this product.
Date Public
2024-01-25 06:30
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:43:34.978Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.dell.com/support/kbdoc/en-us/000221474/dsa-2024-059-security-update-for-dell-networker-multiple-components-vulnerabilities"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-22432",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-29T13:43:18.107077Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-29T13:43:41.707Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "NetWorker Module for Databases and Applications - Oracle",
          "vendor": "Dell",
          "versions": [
            {
              "lessThanOrEqual": "19.9.0.3",
              "status": "affected",
              "version": "19.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "19.8.0.4",
              "status": "affected",
              "version": "19.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "19.7.0.5",
              "status": "affected",
              "version": "19.7",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "19.7.1"
            },
            {
              "lessThan": "19.7",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-01-25T06:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNetworker 19.9 and all prior versions contains a Plain-text Password stored in temporary config file during backup duration in NMDA MySQL Database backups. User has low privilege access to Networker Client system could potentially exploit this vulnerability, leading to the disclosure of configured MySQL Database user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application Database with privileges of the compromised account.\u003c/span\u003e\n\n"
            }
          ],
          "value": "\nNetworker 19.9 and all prior versions contains a Plain-text Password stored in temporary config file during backup duration in NMDA MySQL Database backups. User has low privilege access to Networker Client system could potentially exploit this vulnerability, leading to the disclosure of configured MySQL Database user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application Database with privileges of the compromised account.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-256",
              "description": "CWE-256: Plaintext Storage of a Password",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-06T06:13:49.298Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.dell.com/support/kbdoc/en-us/000221474/dsa-2024-059-security-update-for-dell-networker-multiple-components-vulnerabilities"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2024-22432",
    "datePublished": "2024-01-25T14:53:01.205Z",
    "dateReserved": "2024-01-10T15:23:01.338Z",
    "dateUpdated": "2024-08-29T13:43:41.707Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-22312 (GCVE-0-2024-22312)

Vulnerability from cvelistv5 – Published: 2024-02-10 15:41 – Updated: 2025-06-10 16:17
VLAI
Title
IBM Storage Defender - Resiliency Service information disclosure
Summary
IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 278748.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-256 - Plaintext Storage of a Password
Assigner
ibm
Impacted products
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:43:34.187Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7115261"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/278748"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-22312",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-10T16:17:20.393151Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-10T16:17:34.356Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Storage Defender - Resiliency Service",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "2.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which can be read by a local user.  IBM X-Force ID:  278748."
            }
          ],
          "value": "IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which can be read by a local user.  IBM X-Force ID:  278748."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-256",
              "description": "CWE-256 Plaintext Storage of a Password",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-10T15:41:46.345Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7115261"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/278748"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Storage Defender - Resiliency Service information disclosure",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2024-22312",
    "datePublished": "2024-02-10T15:41:46.345Z",
    "dateReserved": "2024-01-08T23:41:52.506Z",
    "dateUpdated": "2025-06-10T16:17:34.356Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-21869 (GCVE-0-2024-21869)

Vulnerability from cvelistv5 – Published: 2024-02-01 23:31 – Updated: 2025-05-15 19:51
VLAI
Title
Plaintext Storage of a Password in Rapid SCADA
Summary
In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the affected product stores plaintext credentials in various places. This may allow an attacker with local access to see them.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-256 - Plaintext Storage of a Password
Assigner
Impacted products
Vendor Product Version
Rapid Software LLC Rapid SCADA Affected: 0 , ≤ 5.8.4 (custom)
Create a notification for this product.
Credits
Noam Moshe of Claroty Research reported these vulnerabilities to CISA.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:27:36.268Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://rapidscada.org/contact/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21869",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-08T15:50:09.634129Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-15T19:51:07.596Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Rapid SCADA",
          "vendor": "Rapid Software LLC",
          "versions": [
            {
              "lessThanOrEqual": "5.8.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Noam Moshe of Claroty Research reported these vulnerabilities to CISA."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In Rapid Software LLC\u0027s Rapid SCADA versions prior to\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVersion 5.8.4, t\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ehe affected product stores plaintext credentials in various places. This may allow an attacker with local access to see them.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "In Rapid Software LLC\u0027s Rapid SCADA versions prior to\u00a0Version 5.8.4, the affected product stores plaintext credentials in various places. This may allow an attacker with local access to see them.\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-256",
              "description": "CWE-256 Plaintext Storage of a Password",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-01T23:31:31.897Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03"
        },
        {
          "url": "https://rapidscada.org/contact/"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Plaintext Storage of a Password in Rapid SCADA",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\nRapid Software did not respond to CISA\u0027s attempts at coordination. Users\n of Rapid SCADA are encouraged to contact Rapid Software and keep their \nsystems up to date.\n\n\u003cbr\u003e"
            }
          ],
          "value": "Rapid Software did not respond to CISA\u0027s attempts at coordination. Users\n of Rapid SCADA are encouraged to contact Rapid Software and keep their \nsystems up to date.\n\n\n"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2024-21869",
    "datePublished": "2024-02-01T23:31:31.897Z",
    "dateReserved": "2024-01-05T21:39:05.431Z",
    "dateUpdated": "2025-05-15T19:51:07.596Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-20489 (GCVE-0-2024-20489)

Vulnerability from cvelistv5 – Published: 2024-09-11 16:39 – Updated: 2024-09-11 20:12
VLAI
Title
Cisco Routed Passive Optical Network Cleartext Password Vulnerability
Summary
A vulnerability in the storage method of the PON Controller configuration file could allow an authenticated, local attacker with low privileges to obtain the MongoDB credentials. This vulnerability is due to improper storage of the unencrypted database credentials on the device that is running Cisco IOS XR Software. An attacker could exploit this vulnerability by accessing the configuration files on an affected system. A successful exploit could allow the attacker to view MongoDB credentials.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-256 - Unprotected Storage of Credentials
Assigner
Impacted products
Vendor Product Version
Cisco Cisco IOS XR Software Affected: 24.1.1
Affected: 24.2.1
Affected: 24.1.2
Affected: 24.2.11
Affected: 24.3.1
Create a notification for this product.
cisco ios_xr Affected: 24.1.1
Affected: 24.2.1
Affected: 24.1.2
Affected: 24.2.11
Affected: 24.3.1
    cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ios_xr",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "24.1.1"
              },
              {
                "status": "affected",
                "version": "24.2.1"
              },
              {
                "status": "affected",
                "version": "24.1.2"
              },
              {
                "status": "affected",
                "version": "24.2.11"
              },
              {
                "status": "affected",
                "version": "24.3.1"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-20489",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-11T20:04:09.480088Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T20:12:26.719Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco IOS XR Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "24.1.1"
            },
            {
              "status": "affected",
              "version": "24.2.1"
            },
            {
              "status": "affected",
              "version": "24.1.2"
            },
            {
              "status": "affected",
              "version": "24.2.11"
            },
            {
              "status": "affected",
              "version": "24.3.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the storage method of the PON Controller configuration file could allow an authenticated, local attacker with low privileges to obtain the MongoDB credentials.\r\n\r\nThis vulnerability is due to improper storage of the unencrypted database credentials on the device that is running Cisco IOS XR Software. An attacker could exploit this vulnerability by accessing the configuration files on an affected system. A successful exploit could allow the attacker to view MongoDB credentials."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-256",
              "description": "Unprotected Storage of Credentials",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-11T16:39:06.449Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-iosxr-ponctlr-ci-OHcHmsFL",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ponctlr-ci-OHcHmsFL"
        }
      ],
      "source": {
        "advisory": "cisco-sa-iosxr-ponctlr-ci-OHcHmsFL",
        "defects": [
          "CSCwi81017"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Routed Passive Optical Network Cleartext Password Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2024-20489",
    "datePublished": "2024-09-11T16:39:06.449Z",
    "dateReserved": "2023-11-08T15:08:07.685Z",
    "dateUpdated": "2024-09-11T20:12:26.719Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-11982 (GCVE-0-2024-11982)

Vulnerability from cvelistv5 – Published: 2024-11-29 06:45 – Updated: 2024-11-29 14:22
VLAI
Title
Billion Electric router - Plaintext Storage of a Password
Summary
Certain models of routers from Billion Electric has a Plaintext Storage of a Password vulnerability. Remote attackers with administrator privileges can access the user settings page to retrieve plaintext passwords.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-256 - Plaintext Storage of a Password
Assigner
References
Impacted products
Vendor Product Version
Billion Electric M100 Affected: 1.04.1.592.* , < 1.04.1.592.8 (custom)
Affected: 1.04.1.613.* , < 1.04.1.613.13 (custom)
Affected: 1.04.1.* , < 1.04.1.675 (custom)
Create a notification for this product.
Billion Electric M150 Affected: 1.04.1.592.* , < 1.04.1.592.8 (custom)
Affected: 1.04.1.613.* , < 1.04.1.613.13 (custom)
Affected: 1.04.1.* , < 1.04.1.675 (custom)
Create a notification for this product.
Billion Electric M120N Affected: 1.04.1.592.* , < 1.04.1.592.8 (custom)
Affected: 1.04.1.613.* , < 1.04.1.613.13 (custom)
Affected: 1.04.1.* , < 1.04.1.675 (custom)
Create a notification for this product.
Billion Electric M500 Affected: 1.04.1.592.* , < 1.04.1.592.8 (custom)
Affected: 1.04.1.613.* , < 1.04.1.613.13 (custom)
Affected: 1.04.1.* , < 1.04.1.675 (custom)
Create a notification for this product.
billion_electric m100 Affected: 1.04.1.592.* , < 1.04.1.592.8 (custom)
Affected: 1.04.1.613.* , < 1.04.1.613.13 (custom)
Affected: 1.04.1.* < , < 1.04.1.675 (custom)
    cpe:2.3:a:billion_electric:m100:*:*:*:*:*:*:*:*
Create a notification for this product.
billion_electric m150 Affected: 1.04.1.592.* , < 1.04.1.592.8 (custom)
Affected: 1.04.1.613.* , < 1.04.1.613.13 (custom)
Affected: 1.04.1.* < , < 1.04.1.675 (custom)
    cpe:2.3:a:billion_electric:m150:*:*:*:*:*:*:*:*
Create a notification for this product.
billion_electric m120n Affected: 1.04.1.592.* , < 1.04.1.592.8 (custom)
Affected: 1.04.1.613.* , < 1.04.1.613.13 (custom)
Affected: 1.04.1.* , < 1.04.1.675 (custom)
    cpe:2.3:a:billion_electric:m120n:*:*:*:*:*:*:*:*
Create a notification for this product.
billion_electric m500 Affected: 1.04.1.592.* , < 1.04.1.592.8 (custom)
Affected: 1.04.1.613.* , < 1.04.1.613.13 (custom)
Affected: 1.04.1.* < , < 1.04.1.675 (custom)
    cpe:2.3:a:billion_electric:m500:*:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-11-29 06:37
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:billion_electric:m100:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "m100",
            "vendor": "billion_electric",
            "versions": [
              {
                "lessThan": "1.04.1.592.8",
                "status": "affected",
                "version": "1.04.1.592.*",
                "versionType": "custom"
              },
              {
                "lessThan": "1.04.1.613.13",
                "status": "affected",
                "version": "1.04.1.613.*",
                "versionType": "custom"
              },
              {
                "lessThan": "1.04.1.675",
                "status": "affected",
                "version": "1.04.1.* \u003c",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:billion_electric:m150:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "m150",
            "vendor": "billion_electric",
            "versions": [
              {
                "lessThan": "1.04.1.592.8",
                "status": "affected",
                "version": "1.04.1.592.*",
                "versionType": "custom"
              },
              {
                "lessThan": "1.04.1.613.13",
                "status": "affected",
                "version": "1.04.1.613.*",
                "versionType": "custom"
              },
              {
                "lessThan": "1.04.1.675",
                "status": "affected",
                "version": "1.04.1.* \u003c",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:billion_electric:m120n:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "m120n",
            "vendor": "billion_electric",
            "versions": [
              {
                "lessThan": "1.04.1.592.8",
                "status": "affected",
                "version": "1.04.1.592.*",
                "versionType": "custom"
              },
              {
                "lessThan": "1.04.1.613.13",
                "status": "affected",
                "version": "1.04.1.613.*",
                "versionType": "custom"
              },
              {
                "lessThan": "1.04.1.675",
                "status": "affected",
                "version": "1.04.1.*",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:billion_electric:m500:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "m500",
            "vendor": "billion_electric",
            "versions": [
              {
                "lessThan": "1.04.1.592.8",
                "status": "affected",
                "version": "1.04.1.592.*",
                "versionType": "custom"
              },
              {
                "lessThan": "1.04.1.613.13",
                "status": "affected",
                "version": "1.04.1.613.*",
                "versionType": "custom"
              },
              {
                "lessThan": "1.04.1.675",
                "status": "affected",
                "version": "1.04.1.* \u003c",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-11982",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-29T14:11:33.338160Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-29T14:22:56.724Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "M100",
          "vendor": "Billion Electric",
          "versions": [
            {
              "lessThan": "1.04.1.592.8",
              "status": "affected",
              "version": "1.04.1.592.*",
              "versionType": "custom"
            },
            {
              "lessThan": "1.04.1.613.13",
              "status": "affected",
              "version": "1.04.1.613.*",
              "versionType": "custom"
            },
            {
              "lessThan": "1.04.1.675",
              "status": "affected",
              "version": "1.04.1.*",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "M150",
          "vendor": "Billion Electric",
          "versions": [
            {
              "lessThan": "1.04.1.592.8",
              "status": "affected",
              "version": "1.04.1.592.*",
              "versionType": "custom"
            },
            {
              "lessThan": "1.04.1.613.13",
              "status": "affected",
              "version": "1.04.1.613.*",
              "versionType": "custom"
            },
            {
              "lessThan": "1.04.1.675",
              "status": "affected",
              "version": "1.04.1.*",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "M120N",
          "vendor": "Billion Electric",
          "versions": [
            {
              "lessThan": "1.04.1.592.8",
              "status": "affected",
              "version": "1.04.1.592.*",
              "versionType": "custom"
            },
            {
              "lessThan": "1.04.1.613.13",
              "status": "affected",
              "version": "1.04.1.613.*",
              "versionType": "custom"
            },
            {
              "lessThan": "1.04.1.675",
              "status": "affected",
              "version": "1.04.1.*",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "M500",
          "vendor": "Billion Electric",
          "versions": [
            {
              "lessThan": "1.04.1.592.8",
              "status": "affected",
              "version": "1.04.1.592.*",
              "versionType": "custom"
            },
            {
              "lessThan": "1.04.1.613.13",
              "status": "affected",
              "version": "1.04.1.613.*",
              "versionType": "custom"
            },
            {
              "lessThan": "1.04.1.675",
              "status": "affected",
              "version": "1.04.1.*",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-11-29T06:37:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCertain models of routers from Billion Electric has a Plaintext Storage of a Password vulnerability. Remote attackers with administrator privileges can access the user settings page to retrieve plaintext passwords.\u003c/span\u003e"
            }
          ],
          "value": "Certain models of routers from Billion Electric has a Plaintext Storage of a Password vulnerability. Remote attackers with administrator privileges can access the user settings page to retrieve plaintext passwords."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-37",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-37 Retrieve Embedded Sensitive Data"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-256",
              "description": "CWE-256 Plaintext Storage of a Password",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-29T06:58:03.281Z",
        "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "shortName": "twcert"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.twcert.org.tw/tw/cp-132-8277-88b20-1.html"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.twcert.org.tw/en/cp-139-8278-cb581-2.html"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "For firmware version 1.04.1.592.x, please update to 1.04.1.592.8 or later.\u003cbr\u003eFor firmware version 1.04.1.613.x, please update to 1.04.1.613.13 or later.\u003cbr\u003eFor all other firmware version 1.04.1.x, please update to 1.04.1.675 or later.\u003cbr\u003e"
            }
          ],
          "value": "For firmware version 1.04.1.592.x, please update to 1.04.1.592.8 or later.\nFor firmware version 1.04.1.613.x, please update to 1.04.1.613.13 or later.\nFor all other firmware version 1.04.1.x, please update to 1.04.1.675 or later."
        }
      ],
      "source": {
        "advisory": "TVN-202411027",
        "discovery": "EXTERNAL"
      },
      "title": "Billion Electric router - Plaintext Storage of a Password",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
    "assignerShortName": "twcert",
    "cveId": "CVE-2024-11982",
    "datePublished": "2024-11-29T06:45:33.819Z",
    "dateReserved": "2024-11-29T01:52:20.686Z",
    "dateUpdated": "2024-11-29T14:22:56.724Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-10334 (GCVE-0-2024-10334)

Vulnerability from cvelistv5 – Published: 2025-02-10 15:02 – Updated: 2025-02-12 15:44
VLAI
Title
Camera passwords stored in clear text
Summary
A vulnerability exists in the VideONet product included in the listed System 800xA versions, where VideONet is used.  An attacker who successfully exploited the vulnerability could, in the worst case scenario, stop or manipulate the video feed. This issue affects System 800xA: 5.1.X; System 800xA: 6.0.3.X; System 800xA: 6.1.1.X; System 800xA: 6.2.X.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-256 - Plaintext Storage of a Password
Assigner
ABB
Impacted products
Vendor Product Version
ABB System 800xA Affected: 5.1.x (custom)
Affected: 6.0.3.x (custom)
Affected: 6.1.1.x (custom)
Affected: 6.2.x (custom)
Create a notification for this product.
Date Public
2025-02-10 05:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-10334",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-10T15:32:43.860502Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-12T15:44:32.063Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "System 800xA",
          "vendor": "ABB",
          "versions": [
            {
              "status": "affected",
              "version": "5.1.x",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "6.0.3.x",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "6.1.1.x",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "6.2.x",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2025-02-10T05:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A vulnerability exists in the VideONet product included in the listed System 800xA versions, where VideONet is used.\u0026nbsp;\n\nAn attacker who successfully exploited the vulnerability could, in the worst case scenario, stop or manipulate the video feed.\u003cbr\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects System 800xA: 5.1.X; System 800xA: 6.0.3.X; System 800xA: 6.1.1.X; System 800xA: 6.2.X.\u003c/span\u003e"
            }
          ],
          "value": "A vulnerability exists in the VideONet product included in the listed System 800xA versions, where VideONet is used.\u00a0\n\nAn attacker who successfully exploited the vulnerability could, in the worst case scenario, stop or manipulate the video feed.\nThis issue affects System 800xA: 5.1.X; System 800xA: 6.0.3.X; System 800xA: 6.1.1.X; System 800xA: 6.2.X."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NO",
            "Recovery": "USER",
            "Safety": "NEGLIGIBLE",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "DIFFUSE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:U/V:D/RE:M",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-256",
              "description": "CWE-256: Plaintext Storage of a Password",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-10T15:02:58.369Z",
        "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "shortName": "ABB"
      },
      "references": [
        {
          "url": "https://search.abb.com/library/Download.aspx?DocumentID=7PAA012159\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Camera passwords stored in clear text",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
    "assignerShortName": "ABB",
    "cveId": "CVE-2024-10334",
    "datePublished": "2025-02-10T15:02:58.369Z",
    "dateReserved": "2024-10-24T08:42:37.599Z",
    "dateUpdated": "2025-02-12T15:44:32.063Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-9418 (GCVE-0-2024-9418)

Vulnerability from cvelistv5 – Published: 2025-03-20 10:09 – Updated: 2025-10-15 12:50
VLAI
Title
Insufficiently Protected Credentials in transformeroptimus/superagi
Summary
In version 0.0.14 of transformeroptimus/superagi, the API endpoint `/api/users/get/{id}` returns the user's password in plaintext. This vulnerability allows an attacker to retrieve the password of another user, leading to potential account takeover.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-256 - Unprotected Storage of Credentials
Assigner
Impacted products
Vendor Product Version
transformeroptimus transformeroptimus/superagi Affected: unspecified , ≤ latest (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-9418",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-20T17:51:18.606256Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-20T18:56:02.204Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "transformeroptimus/superagi",
          "vendor": "transformeroptimus",
          "versions": [
            {
              "lessThanOrEqual": "latest",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In version 0.0.14 of transformeroptimus/superagi, the API endpoint `/api/users/get/{id}` returns the user\u0027s password in plaintext. This vulnerability allows an attacker to retrieve the password of another user, leading to potential account takeover."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-256",
              "description": "CWE-256 Unprotected Storage of Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-15T12:50:46.781Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntr_ai"
      },
      "references": [
        {
          "url": "https://huntr.com/bounties/9a8118a2-ea32-41f5-b501-fef4f31d8213"
        }
      ],
      "source": {
        "advisory": "9a8118a2-ea32-41f5-b501-fef4f31d8213",
        "discovery": "EXTERNAL"
      },
      "title": "Insufficiently Protected Credentials in transformeroptimus/superagi"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntr_ai",
    "cveId": "CVE-2024-9418",
    "datePublished": "2025-03-20T10:09:21.583Z",
    "dateReserved": "2024-10-01T19:08:42.452Z",
    "dateUpdated": "2025-10-15T12:50:46.781Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-6118 (GCVE-0-2024-6118)

Vulnerability from cvelistv5 – Published: 2024-08-05 04:21 – Updated: 2024-08-05 14:34
VLAI
Title
Hamastar MeetingHub Paperless Meetings - Plaintext Storage of a Password
Summary
A Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub Paperless Meetings 2021 allows remote attackers to obtain the other users’ credentials and gain access to the product via an XML file.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-256 - Plaintext Storage of a Password
Assigner
References
URL Tags
https://zuso.ai/advisory/za-2024-03 third-party-advisory
Impacted products
Vendor Product Version
Hamastar Technology MeetingHub Paperless Meetings Affected: 2021 (custom)
Create a notification for this product.
hamastar meetinghub_paperless_meetings Affected: 2021
    cpe:2.3:a:hamastar:meetinghub_paperless_meetings:2021:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-08-05 04:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:hamastar:meetinghub_paperless_meetings:2021:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "meetinghub_paperless_meetings",
            "vendor": "hamastar",
            "versions": [
              {
                "status": "affected",
                "version": "2021"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-6118",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-05T14:33:06.565028Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:34:57.112Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "MeetingHub Paperless Meetings",
          "vendor": "Hamastar Technology",
          "versions": [
            {
              "status": "affected",
              "version": "2021",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-08-05T04:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub Paperless Meetings 2021 allows remote attackers to obtain the other users\u2019 credentials and gain access to the product via an XML file.\u003c/span\u003e"
            }
          ],
          "value": "A Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub Paperless Meetings 2021 allows remote attackers to obtain the other users\u2019 credentials and gain access to the product via an XML file."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-256",
              "description": "CWE-256: Plaintext Storage of a Password",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-05T04:21:23.711Z",
        "orgId": "256c161b-b921-402b-8c3b-c6c9c14d5d88",
        "shortName": "ZUSO ART"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://zuso.ai/advisory/za-2024-03"
        }
      ],
      "source": {
        "defect": [
          "ZA-2024-03"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Hamastar MeetingHub Paperless Meetings - Plaintext Storage of a Password",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "256c161b-b921-402b-8c3b-c6c9c14d5d88",
    "assignerShortName": "ZUSO ART",
    "cveId": "CVE-2024-6118",
    "datePublished": "2024-08-05T04:21:23.711Z",
    "dateReserved": "2024-06-18T06:34:22.212Z",
    "dateUpdated": "2024-08-05T14:34:57.112Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation
Architecture and Design

Avoid storing passwords in easily accessible locations.

Mitigation
Architecture and Design

Consider storing cryptographic hashes of passwords as an alternative to storing in plaintext.

Mitigation

A programmer might attempt to remedy the password management problem by obscuring the password with an encoding function, such as base 64 encoding, but this effort does not adequately protect the password because the encoding can be detected and decoded easily.

No CAPEC attack patterns related to this CWE.