CVE-2023-6409

HIGH Year: 2023
CVSS v3 Score
7.7
High
Weakness Type
CWE-798
View all →

Vulnerability Description

CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to a project file protected with application password when opening the file with EcoStruxure Control Expert.

Related Vulnerabilities

CVE-2019-1688

HIGH
CVSS:7.7(High)

A vulnerability in the management web interface of Cisco Network Assurance Engine (NAE) could allow an unauthenticated, local attacker to gain unauthorized access or cause a Denial of Service (DoS) co...

CWE-7982019

CVE-2023-39421

HIGH
CVSS:7.7(High)

The RDPWin.dll component as used in the IRM Next Generation booking engine includes a set of hardcoded API keys for third-party services such as Twilio and Vonage. These keys allow unrestricted intera...

CWE-7982023

CVE-2025-48413

HIGH
CVSS:7.7(High)

The `/etc/passwd` and `/etc/shadow` files reveal hard-coded password hashes for the operating system "root" user. The credentials are shipped with the update files. There is no option for deleting or ...

CWE-7982025

CVE-2006-7142

HIGH
CVSS:7.8(High)

The centralized management feature for Utimaco Safeguard stores hard-coded cryptographic keys in executable programs for encrypted configuration files, which allows attackers to recover the keys from ...

CWE-7982006

CVE-2010-2772

HIGH
CVSS:7.8(High)

Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded password, which allows local users to access a back-end database and gain privileges, as demonstrated in the wild in July 2010 by the Stu...

CWE-7982010

CVE-2016-2948

HIGH
CVSS:7.8(High)

IBM BigFix Remote Control before 9.1.3 allows local users to discover hardcoded credentials via unspecified vectors.

CWE-7982016