CWE-312
AllowedCleartext Storage of Sensitive Information
Abstraction: Base · Status: Draft
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
1017 vulnerabilities reference this CWE, most recent first.
GHSA-PC64-X6MJ-QCJF
Vulnerability from github – Published: 2025-10-06 21:30 – Updated: 2025-10-06 21:30The YoSmart YoLink Smart Hub firmware 0382 is unencrypted, and data extracted from it can be used to determine network access credentials.
{
"affected": [],
"aliases": [
"CVE-2025-59450"
],
"database_specific": {
"cwe_ids": [
"CWE-312"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-06T20:15:36Z",
"severity": "MODERATE"
},
"details": "The YoSmart YoLink Smart Hub firmware 0382 is unencrypted, and data extracted from it can be used to determine network access credentials.",
"id": "GHSA-pc64-x6mj-qcjf",
"modified": "2025-10-06T21:30:45Z",
"published": "2025-10-06T21:30:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59450"
},
{
"type": "WEB",
"url": "https://bishopfox.com/blog/advisories"
},
{
"type": "WEB",
"url": "https://bishopfox.com/blog/how-a-20-smart-device-gave-me-access-to-your-home"
},
{
"type": "WEB",
"url": "https://shop.yosmart.com/pages/product-support"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-PCJ5-C4V2-HQ4G
Vulnerability from github – Published: 2024-09-20 18:32 – Updated: 2024-09-20 18:32A vulnerability, which was classified as problematic, was found in code-projects Blood Bank Management System 1.0. This affects an unknown part of the component Password Handler. The manipulation leads to cleartext storage in a file or on disk. An attack has to be approached locally.
{
"affected": [],
"aliases": [
"CVE-2024-9040"
],
"database_specific": {
"cwe_ids": [
"CWE-312",
"CWE-313"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-20T17:15:15Z",
"severity": "MODERATE"
},
"details": "A vulnerability, which was classified as problematic, was found in code-projects Blood Bank Management System 1.0. This affects an unknown part of the component Password Handler. The manipulation leads to cleartext storage in a file or on disk. An attack has to be approached locally.",
"id": "GHSA-pcj5-c4v2-hq4g",
"modified": "2024-09-20T18:32:27Z",
"published": "2024-09-20T18:32:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9040"
},
{
"type": "WEB",
"url": "https://code-projects.org"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.278211"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.278211"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-PCWW-RHXJ-J3MJ
Vulnerability from github – Published: 2025-07-16 15:32 – Updated: 2025-07-29 18:30Kaseya Rapid Fire Tools Network Detective 2.0.16.0 has Unencrypted Credentials (for privileged access) stored in the collector.txt configuration file.
{
"affected": [],
"aliases": [
"CVE-2025-32353"
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-312"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-16T15:15:26Z",
"severity": "MODERATE"
},
"details": "Kaseya Rapid Fire Tools Network Detective 2.0.16.0 has Unencrypted Credentials (for privileged access) stored in the collector.txt configuration file.",
"id": "GHSA-pcww-rhxj-j3mj",
"modified": "2025-07-29T18:30:30Z",
"published": "2025-07-16T15:32:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32353"
},
{
"type": "WEB",
"url": "https://codykretsinger.com"
},
{
"type": "WEB",
"url": "https://galacticadvisors.com"
},
{
"type": "WEB",
"url": "https://www.galacticadvisors.com/release/critical-vulnerabilities-in-network-detective"
},
{
"type": "WEB",
"url": "https://www.galacticadvisors.com/release/cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-PF56-W9MV-33WC
Vulnerability from github – Published: 2026-02-10 06:30 – Updated: 2026-02-17 15:31In SAP Business One, sensitive information is written to the application�s memory dump files without obfuscation. Gaining access to this information could potentially lead to unauthorized operations within the B1 environment, including modification of company data. This issue results in a high impact on confidentiality and integrity, with no impact on availability.
{
"affected": [],
"aliases": [
"CVE-2026-24319"
],
"database_specific": {
"cwe_ids": [
"CWE-312",
"CWE-316"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-10T04:16:03Z",
"severity": "MODERATE"
},
"details": "In SAP Business One, sensitive information is written to the application\ufffds memory dump files without obfuscation. Gaining access to this information could potentially lead to unauthorized operations within the B1 environment, including modification of company data. This issue results in a high impact on confidentiality and integrity, with no impact on availability.",
"id": "GHSA-pf56-w9mv-33wc",
"modified": "2026-02-17T15:31:33Z",
"published": "2026-02-10T06:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24319"
},
{
"type": "WEB",
"url": "https://me.sap.com/notes/3679346"
},
{
"type": "WEB",
"url": "https://url.sap/sapsecuritypatchday"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-PFCX-MQ53-XRFF
Vulnerability from github – Published: 2023-01-05 18:30 – Updated: 2023-01-11 21:30IBM Robotic Process Automation 20.12 through 21.0.6 could allow an attacker with physical access to the system to obtain highly sensitive information from system memory. IBM X-Force ID: 238053.
{
"affected": [],
"aliases": [
"CVE-2022-41740"
],
"database_specific": {
"cwe_ids": [
"CWE-312"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-01-05T18:15:00Z",
"severity": "MODERATE"
},
"details": "IBM Robotic Process Automation 20.12 through 21.0.6 could allow an attacker with physical access to the system to obtain highly sensitive information from system memory. IBM X-Force ID: 238053.",
"id": "GHSA-pfcx-mq53-xrff",
"modified": "2023-01-11T21:30:41Z",
"published": "2023-01-05T18:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41740"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/238053"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/6852657"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-PG36-9C99-FH6W
Vulnerability from github – Published: 2025-12-10 21:31 – Updated: 2025-12-17 18:31MailEnable versions prior to 10.54 contain a cleartext storage of credentials vulnerability that can lead to local credential compromise and account takeover. The product stores user and administrative passwords in plaintext within AUTH.SAV with overly permissive filesystem access. A local authenticated user with read access to this file can recover all user passwords and super-admin credentials, then use them to authenticate to MailEnable services such as POP3, SMTP, or the webmail interface, enabling unauthorized mailbox access and administrative control.
{
"affected": [],
"aliases": [
"CVE-2025-34428"
],
"database_specific": {
"cwe_ids": [
"CWE-312"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-10T19:16:13Z",
"severity": "MODERATE"
},
"details": "MailEnable versions prior to 10.54 contain a cleartext storage of credentials vulnerability that can lead to local credential compromise and account takeover. The product stores user and administrative passwords in plaintext within AUTH.SAV with overly permissive filesystem access. A local authenticated user with read access to this file can recover all user passwords and super-admin credentials, then use them to authenticate to MailEnable services such as POP3, SMTP, or the webmail interface, enabling unauthorized mailbox access and administrative control.",
"id": "GHSA-pg36-9c99-fh6w",
"modified": "2025-12-17T18:31:32Z",
"published": "2025-12-10T21:31:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-34428"
},
{
"type": "WEB",
"url": "https://mailenable.com/Standard-ReleaseNotes.txt"
},
{
"type": "WEB",
"url": "https://www.mailenable.com"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/mailenable-cleartext-credential-storage-in-auth-sav"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-PGR3-8QX7-6J82
Vulnerability from github – Published: 2022-05-02 03:25 – Updated: 2025-04-09 04:09Application Access Server (A-A-S) 2.0.48 stores (1) passwords and (2) the port keyword in cleartext in aas.ini, which allows local users to obtain sensitive information by reading this file.
{
"affected": [],
"aliases": [
"CVE-2009-1466"
],
"database_specific": {
"cwe_ids": [
"CWE-312"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2009-05-14T17:30:00Z",
"severity": "LOW"
},
"details": "Application Access Server (A-A-S) 2.0.48 stores (1) passwords and (2) the port keyword in cleartext in aas.ini, which allows local users to obtain sensitive information by reading this file.",
"id": "GHSA-pgr3-8qx7-6j82",
"modified": "2025-04-09T04:09:47Z",
"published": "2022-05-02T03:25:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1466"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50590"
},
{
"type": "WEB",
"url": "http://securitytracker.com/id?1022204"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/503434/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/34911"
},
{
"type": "WEB",
"url": "http://www.syhunt.com/advisories/?id=aas-multiple"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-PHJ8-4CQ3-794G
Vulnerability from github – Published: 2021-07-01 17:02 – Updated: 2021-09-01 19:32Impact
The default configuration of client side sessions results in unencrypted, but signed, data being set as cookie values. This means that if something sensitive goes into the session, it could be read by something with access to the cookies.
Note: the documentation does point this out and encourage users to add an encryption key, but it is not mandatory.
For this to be a vulnerability, some kind of sensitive data would need to be stored in the session and the session cookie would have to leak. For example, the cookies are not configured with httpOnly and an adjacent XSS vulnerability within the site allowed capture of the cookies.
The proposed change is to change the default behaviour to use a randomly generated encryption key. This would mean that sessions do not survive app restarts, but this is already the behaviour given the random signing key.
Patches
As of version 1.9.0, a securely randomly generated signing key is used.
Workarounds
Supply an encryption key, as per the documentation recommendation.
References
- https://github.com/ratpack/ratpack/pull/1590
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "io.ratpack:ratpack-session"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.9.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-29481"
],
"database_specific": {
"cwe_ids": [
"CWE-312"
],
"github_reviewed": true,
"github_reviewed_at": "2021-06-30T17:48:41Z",
"nvd_published_at": "2021-06-29T19:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\n\nThe default configuration of client side sessions results in unencrypted, but signed, data being set as cookie values. This means that if something sensitive goes into the session, it could be read by something with access to the cookies.\n\nNote: the documentation does point this out and encourage users to add an encryption key, but it is not mandatory.\n\nFor this to be a vulnerability, some kind of sensitive data would need to be stored in the session and the session cookie would have to leak. For example, the cookies are not configured with httpOnly and an adjacent XSS vulnerability within the site allowed capture of the cookies.\n\nThe proposed change is to change the default behaviour to use a randomly generated encryption key. This would mean that sessions do not survive app restarts, but this is already the behaviour given the random signing key.\n\n### Patches\n\nAs of version 1.9.0, a securely randomly generated signing key is used.\n\n### Workarounds\n\nSupply an encryption key, as per the documentation recommendation.\n\n### References\n\n- https://github.com/ratpack/ratpack/pull/1590\n",
"id": "GHSA-phj8-4cq3-794g",
"modified": "2021-09-01T19:32:49Z",
"published": "2021-07-01T17:02:13Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/ratpack/ratpack/security/advisories/GHSA-phj8-4cq3-794g"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29481"
},
{
"type": "WEB",
"url": "https://github.com/ratpack/ratpack/pull/1590"
},
{
"type": "PACKAGE",
"url": "https://github.com/ratpack/ratpack"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Unencrypted storage of client side sessions"
}
GHSA-PHXR-GGJ2-VCH6
Vulnerability from github – Published: 2024-06-20 15:31 – Updated: 2025-11-04 18:31The Kiuwan Local Analyzer (KLA) Java scanning application contains several hard-coded secrets in plain text format. In some cases, this can potentially compromise the confidentiality of the scan results. Several credentials were found in the JAR files of the Kiuwan Local Analyzer.
The JAR file "lib.engine/insight/optimyth-insight.jar" contains the file "InsightServicesConfig.properties", which has the configuration tokens "insight.github.user" as well as "insight.github.password" prefilled with credentials. At least the specified username corresponds to a valid GitHub account. The JAR file "lib.engine/insight/optimyth-insight.jar" also contains the file "es/als/security/Encryptor.properties", in which the key used for encrypting the results of any performed scan.
This issue affects Kiuwan SAST: <master.1808.p685.q13371
{
"affected": [],
"aliases": [
"CVE-2023-49113"
],
"database_specific": {
"cwe_ids": [
"CWE-312"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-20T13:15:49Z",
"severity": "HIGH"
},
"details": "The Kiuwan Local Analyzer (KLA) Java scanning application contains several \nhard-coded secrets in plain text format. In some cases, this can \npotentially compromise the confidentiality of the scan results.\u00a0Several credentials were found in the JAR files of the Kiuwan Local Analyzer.\n\nThe\n JAR file \"lib.engine/insight/optimyth-insight.jar\" contains the file \n\"InsightServicesConfig.properties\", which has the configuration tokens \n\"insight.github.user\" as well as \"insight.github.password\" prefilled \nwith credentials. At least the specified username corresponds to a valid\n GitHub account.\u00a0The\n JAR file \"lib.engine/insight/optimyth-insight.jar\" also contains the \nfile \"es/als/security/Encryptor.properties\", in which the key used for \nencrypting the results of any performed scan.\n\n\n\n\nThis issue affects Kiuwan SAST: \u003cmaster.1808.p685.q13371",
"id": "GHSA-phxr-ggj2-vch6",
"modified": "2025-11-04T18:31:01Z",
"published": "2024-06-20T15:31:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49113"
},
{
"type": "WEB",
"url": "https://r.sec-consult.com/kiuwan"
},
{
"type": "WEB",
"url": "https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Jun/3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PJ3X-FJC7-82G7
Vulnerability from github – Published: 2025-02-11 12:30 – Updated: 2025-02-11 12:30A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions), SIPROTEC 5 6MD89 (CP300) (All versions), SIPROTEC 5 6MU85 (CP300) (All versions), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions), SIPROTEC 5 7SA86 (CP200) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions), SIPROTEC 5 7SA87 (CP200) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions), SIPROTEC 5 7SD82 (CP100) (All versions), SIPROTEC 5 7SD82 (CP150) (All versions), SIPROTEC 5 7SD86 (CP200) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions), SIPROTEC 5 7SD87 (CP200) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions), SIPROTEC 5 7SJ81 (CP100) (All versions), SIPROTEC 5 7SJ81 (CP150) (All versions), SIPROTEC 5 7SJ82 (CP100) (All versions), SIPROTEC 5 7SJ82 (CP150) (All versions), SIPROTEC 5 7SJ85 (CP200) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions), SIPROTEC 5 7SJ86 (CP200) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions), SIPROTEC 5 7SK82 (CP100) (All versions), SIPROTEC 5 7SK82 (CP150) (All versions), SIPROTEC 5 7SK85 (CP200) (All versions), SIPROTEC 5 7SK85 (CP300) (All versions), SIPROTEC 5 7SL82 (CP100) (All versions), SIPROTEC 5 7SL82 (CP150) (All versions), SIPROTEC 5 7SL86 (CP200) (All versions), SIPROTEC 5 7SL86 (CP300) (All versions), SIPROTEC 5 7SL87 (CP200) (All versions), SIPROTEC 5 7SL87 (CP300) (All versions), SIPROTEC 5 7SS85 (CP200) (All versions), SIPROTEC 5 7SS85 (CP300) (All versions), SIPROTEC 5 7ST85 (CP200) (All versions), SIPROTEC 5 7ST85 (CP300) (All versions), SIPROTEC 5 7ST86 (CP300) (All versions), SIPROTEC 5 7SX82 (CP150) (All versions), SIPROTEC 5 7SX85 (CP300) (All versions), SIPROTEC 5 7SY82 (CP150) (All versions), SIPROTEC 5 7UM85 (CP300) (All versions), SIPROTEC 5 7UT82 (CP100) (All versions), SIPROTEC 5 7UT82 (CP150) (All versions), SIPROTEC 5 7UT85 (CP200) (All versions), SIPROTEC 5 7UT85 (CP300) (All versions), SIPROTEC 5 7UT86 (CP200) (All versions), SIPROTEC 5 7UT86 (CP300) (All versions), SIPROTEC 5 7UT87 (CP200) (All versions), SIPROTEC 5 7UT87 (CP300) (All versions), SIPROTEC 5 7VE85 (CP300) (All versions), SIPROTEC 5 7VK87 (CP200) (All versions), SIPROTEC 5 7VK87 (CP300) (All versions), SIPROTEC 5 7VU85 (CP300) (All versions), SIPROTEC 5 Compact 7SX800 (CP050) (All versions). Affected devices do not encrypt certain data within the on-board flash storage on their PCB. This could allow an attacker with physical access to read the entire filesystem of the device.
{
"affected": [],
"aliases": [
"CVE-2024-53651"
],
"database_specific": {
"cwe_ids": [
"CWE-312"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-11T11:15:14Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions), SIPROTEC 5 6MD89 (CP300) (All versions), SIPROTEC 5 6MU85 (CP300) (All versions), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions), SIPROTEC 5 7SA86 (CP200) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions), SIPROTEC 5 7SA87 (CP200) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions), SIPROTEC 5 7SD82 (CP100) (All versions), SIPROTEC 5 7SD82 (CP150) (All versions), SIPROTEC 5 7SD86 (CP200) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions), SIPROTEC 5 7SD87 (CP200) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions), SIPROTEC 5 7SJ81 (CP100) (All versions), SIPROTEC 5 7SJ81 (CP150) (All versions), SIPROTEC 5 7SJ82 (CP100) (All versions), SIPROTEC 5 7SJ82 (CP150) (All versions), SIPROTEC 5 7SJ85 (CP200) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions), SIPROTEC 5 7SJ86 (CP200) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions), SIPROTEC 5 7SK82 (CP100) (All versions), SIPROTEC 5 7SK82 (CP150) (All versions), SIPROTEC 5 7SK85 (CP200) (All versions), SIPROTEC 5 7SK85 (CP300) (All versions), SIPROTEC 5 7SL82 (CP100) (All versions), SIPROTEC 5 7SL82 (CP150) (All versions), SIPROTEC 5 7SL86 (CP200) (All versions), SIPROTEC 5 7SL86 (CP300) (All versions), SIPROTEC 5 7SL87 (CP200) (All versions), SIPROTEC 5 7SL87 (CP300) (All versions), SIPROTEC 5 7SS85 (CP200) (All versions), SIPROTEC 5 7SS85 (CP300) (All versions), SIPROTEC 5 7ST85 (CP200) (All versions), SIPROTEC 5 7ST85 (CP300) (All versions), SIPROTEC 5 7ST86 (CP300) (All versions), SIPROTEC 5 7SX82 (CP150) (All versions), SIPROTEC 5 7SX85 (CP300) (All versions), SIPROTEC 5 7SY82 (CP150) (All versions), SIPROTEC 5 7UM85 (CP300) (All versions), SIPROTEC 5 7UT82 (CP100) (All versions), SIPROTEC 5 7UT82 (CP150) (All versions), SIPROTEC 5 7UT85 (CP200) (All versions), SIPROTEC 5 7UT85 (CP300) (All versions), SIPROTEC 5 7UT86 (CP200) (All versions), SIPROTEC 5 7UT86 (CP300) (All versions), SIPROTEC 5 7UT87 (CP200) (All versions), SIPROTEC 5 7UT87 (CP300) (All versions), SIPROTEC 5 7VE85 (CP300) (All versions), SIPROTEC 5 7VK87 (CP200) (All versions), SIPROTEC 5 7VK87 (CP300) (All versions), SIPROTEC 5 7VU85 (CP300) (All versions), SIPROTEC 5 Compact 7SX800 (CP050) (All versions). Affected devices do not encrypt certain data within the on-board flash storage on their PCB. This could allow an attacker with physical access to read the entire filesystem of the device.",
"id": "GHSA-pj3x-fjc7-82g7",
"modified": "2025-02-11T12:30:54Z",
"published": "2025-02-11T12:30:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53651"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-111547.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
Mitigation
When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to encrypt the data at rest. [REF-1297] [REF-1299] [REF-1301]
Mitigation
In some systems/environments such as cloud, the use of "double encryption" (at both the software and hardware layer) might be required, and the developer might be solely responsible for both layers, instead of shared responsibility with the administrator of the broader system/environment.
CAPEC-37: Retrieve Embedded Sensitive Data
An attacker examines a target system to find sensitive data that has been embedded within it. This information can reveal confidential contents, such as account numbers or individual keys/credentials that can be used as an intermediate step in a larger attack.