CVE-2020-14481

HIGH Year: 2020
CVSS v3 Score
7.8
High
CVSS v2 Score
2.1
Low
Weakness Type
CWE-261
View all →

Vulnerability Description

The DeskLock tool provided with FactoryTalk View SE uses a weak encryption algorithm that may allow a local, authenticated attacker to decipher user credentials, including the Windows user or Windows DeskLock passwords. If the compromised user has an administrative account, an attacker could gain full access to the user’s operating system and certain components of FactoryTalk View SE.

Related Vulnerabilities

CVE-2022-45099

HIGH
CVSS:7.8(High)

Dell PowerScale OneFS, versions 8.2.x-9.4.x, contain a weak encoding for a NDMP password. A malicious and privileged local attacker could potentially exploit this vulnerability, leading to a full syst...

CWE-2612022

CVE-2024-45273

HIGH
CVSS:7.8(High)

An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used.

CWE-2612024

CVE-2024-45394

HIGH
CVSS:7.8(High)

Authenticator is a browser extension that generates two-step verification codes. In versions 7.0.0 and below, encryption keys for user data were stored encrypted at-rest using only AES-256 and the EVP...

CWE-2612024

CVE-2022-38469

HIGH
CVSS:7.5(High)

An unauthorized user with network access and the decryption key could decrypt sensitive data, such as usernames and passwords.

CWE-2612022

CVE-2023-0356

HIGH
CVSS:7.5(High)

SOCOMEC MODULYS GP Netvision versions 7.20 and prior lack strong encryption for credentials on HTTP connections, which could result in threat actors obtaining sensitive information.

CWE-2612023

CVE-2023-0525

HIGH
CVSS:7.5(High)

Weak Encoding for Password vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.49.000 and prior, GT25 model versions 01.49.000 and prior, GT23 model versions 01.49.0...

CWE-2612023