CVE-2020-10919

MEDIUM Year: 2020
CVSS v3 Score
5.9
Medium
CVSS v2 Score
4.3
Medium
Weakness Type
CWE-261
View all →

Vulnerability Description

This vulnerability allows remote attackers to disclose sensitive information on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of passwords. When transmitting passwords, the process encrypts them in a recoverable format. An attacker can leverage this vulnerability to disclose credentials, leading to further compromise. Was ZDI-CAN-10185.

Related Vulnerabilities

CVE-2024-8455

MEDIUM
CVSS:5.9(Medium)

The swctrl service is used to detect and remotely manage PLANET Technology devices. For certain switch models, the authentication tokens used during communication with this service are encoded user pa...

CWE-2612024

CVE-2024-23492

MEDIUM
CVSS:5.7(Medium)

A weak encoding is used to transmit credentials for WS203VICM.

CWE-2612024

CVE-2024-34542

MEDIUM
CVSS:5.7(Medium)

Advantech ADAM-5630 shares user credentials plain text between the device and the user source device during the login process.

CWE-2612024

CVE-2024-37187

MEDIUM
CVSS:5.7(Medium)

Advantech ADAM-5550 share user credentials with a low level of encryption, consisting of base 64 encoding.

CWE-2612024

CVE-2013-1053

MEDIUM
CVSS:5.5(Medium)

In crypt.c of remote-login-service, the cryptographic algorithm used to cache usernames and passwords is insecure. An attacker could use this vulnerability to recover usernames and passwords from the ...

CWE-2612013

CVE-2024-34113

MEDIUM
CVSS:5.5(Medium)

ColdFusion versions 2023u7, 2021u13 and earlier are affected by a Weak Cryptography for Passwords vulnerability that could result in a security feature bypass. This vulnerability arises due to the use...

CWE-2612024