CVE-2024-57811

CRITICAL Year: 2024
CVSS v3 Score
9.1
Critical
Weakness Type
CWE-798
View all →

Vulnerability Description

In Eaton X303 3.5.16 - X303 3.5.17 Build 712, an attacker with network access to a XC-303 PLC can login as root over SSH. The root password is hardcoded in the firmware. NOTE: This vulnerability appears in versions that are no longer supported by Eaton.

Related Vulnerabilities

CVE-2008-2369

CRITICAL
CVSS:9.1(Critical)

manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a hard-coded authentication key, which allows remote attackers to connect to the server and obtain sensitive information about user acc...

CWE-7982008

CVE-2013-10002

CRITICAL
CVSS:9.1(Critical)

A vulnerability was found in Telecommunication Software SAMwin Contact Center Suite 5.1. It has been rated as critical. Affected by this issue is the function getCurrentDBVersion in the library SAMwin...

CWE-7982013

CVE-2016-8491

CRITICAL
CVSS:9.1(Critical)

The presence of a hardcoded account named 'core' in Fortinet FortiWLC allows attackers to gain unauthorized read/write access via a remote shell.

CWE-7982016

CVE-2017-11693

CRITICAL
CVSS:9.1(Critical)

MEDHOST Document Management System contains hard-coded credentials that are used for customer database access. An attacker with knowledge of the hard-coded credentials and the ability to communicate d...

CWE-7982017

CVE-2017-11694

CRITICAL
CVSS:9.1(Critical)

MEDHOST Document Management System contains hard-coded credentials that are used for Apache Solr access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directl...

CWE-7982017

CVE-2017-9656

CRITICAL
CVSS:9.1(Critical)

The backend database of the Philips DoseWise Portal application versions 1.1.7.333 and 2.1.1.3069 uses hard-coded credentials for a database account with privileges that can affect confidentiality, in...

CWE-7982017