CWE-522
Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
CVE-2014-0755 (GCVE-0-2014-0755)
Vulnerability from cvelistv5
Published
2014-02-05 02:00
Modified
2025-09-19 18:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Rockwell Automation RSLogix 5000 7 through 20.01, and 21.0, does not properly implement password protection for .ACD files (aka project files), which allows local users to obtain sensitive information or modify data via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/90981 | vdb-entry, x_refsource_XF | |
| https://www.cisa.gov/news-events/ics-advisories/icsa-14-021-01 | ||
| http://osvdb.org/102858 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/65337 | vdb-entry, x_refsource_BID | |
| https://rockwellautomation.custhelp.com/app/answers/detail/a_id/565204 |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | RSLogix 5000 software |
Version: V7 < Version: V7 < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:19.509Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "rslogix-cve20140755-info-disc(90981)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90981"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-021-01"
},
{
"name": "102858",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/102858"
},
{
"name": "65337",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/65337"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "RSLogix 5000 software",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThanOrEqual": "V20.01",
"status": "affected",
"version": "V7",
"versionType": "custom"
},
{
"lessThanOrEqual": "V21.0",
"status": "affected",
"version": "V7",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "V20.03"
},
{
"status": "unaffected",
"version": "V21.03"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Stephen Dunlap"
}
],
"datePublic": "2014-02-04T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRockwell Automation RSLogix 5000 7 through 20.01, and 21.0, does not properly implement password protection for .ACD files (aka project files), which allows local users to obtain sensitive information or modify data via unspecified vectors.\u003c/p\u003e"
}
],
"value": "Rockwell Automation RSLogix 5000 7 through 20.01, and 21.0, does not properly implement password protection for .ACD files (aka project files), which allows local users to obtain sensitive information or modify data via unspecified vectors."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:N",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-19T18:46:05.180Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "rslogix-cve20140755-info-disc(90981)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90981"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-021-01"
},
{
"name": "102858",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/102858"
},
{
"name": "65337",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/65337"
},
{
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/565204"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAccording to Rockwell Automation, new RSLogix 5000 versions, V20.03 \nand V21.03, have been released that address this vulnerability. These \nreleases include mitigations that enhance password protection.\u003c/p\u003e\n\u003cp\u003eProject files created in earlier affected RSLogix 5000 versions of \nsoftware must be opened, resaved, and then downloaded to the appropriate\n controller to mitigate the risk associated with this discovered \nvulnerability.\u003c/p\u003e\n\u003cp\u003eIMPORTANT: Files with protected content that have been opened and \nupdate using enhanced software will no longer be compatible with earlier\n versions of RSLogix 5000 software. For example, a V20.01 project file \nwith protected content that has been opened and resaved using V20.03 \nsoftware can only be opened with V20.03 and higher versions of software.\n Also, a V21.00 project file with protected content that has been opened\n and resaved using V21.03 software can only be opened with V21.03 and \nhigher versions of software.\u003c/p\u003e\u003cp\u003eFor the procedure to update project files, please refer to Rockwell Automation Knowledgebase AID:565204 available here:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/detail/a_id/565204\"\u003ehttps://rockwellautomation.custhelp.com/app/answers/detail/a_id/565204\u003c/a\u003e\u0026nbsp;.\u003c/p\u003e\n\u003cp\u003eIn addition to using current RSLogix 5000 software, Rockwell \nAutomation also recommends the following actions to all concerned \ncustomers:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eWhere possible, adopt a practice to track creation and distribution \nof protected ACD files, including duplicates and derivatives that \ncontain protected content in the event that these files may need to be \nfound or potentially disposed of in the future.\u003c/li\u003e\n\u003cli\u003eWhere possible, securely archive protected ACD files or those that \ncontain protected content in a manner that prevents unauthorized access.\n For instance, store protected ACD files in physical and logical \nlocations where access can be controlled and the files are stored in a \nprotected, potentially encrypted manner.\u003c/li\u003e\n\u003cli\u003eWhere possible, securely transmit protected ACD files or those that \ncontain protected content in a manner that prevents unauthorized access.\n For instance, email protected ACD files only to known recipients and \nencrypted the files such that only the target recipient can decrypt the \ncontent.\u003c/li\u003e\n\u003cli\u003eWhere possible, restrict physical and network access to controllers \ncontaining protected content only to authorized parties in order to help\n prevent unauthorized uploading of protected material into an ACD file. \nFor some customers, FactoryTalk Security software may be a suitable \noption to assist customers with applying a Role-based Access Control \n(RBAC) solution to their system. FactoryTalk Security was integrated \ninto RSLogix 5000 Version 10.00.\u003c/li\u003e\n\u003cli\u003eWhere possible, use a unique and complex password for each routine \nor Add-On Instruction desirable to protect, so as to reduce the risk \nthat multiple files and protected content could be compromised, should a\n single password become learned.\u003c/li\u003e\n\u003cli\u003eWhere possible, adopt a password management practice to periodically\n change passwords applied to routines and Add-On Instructions to help \nmitigate the risk that a learned password may remain usable for an \nextended period of time or indefinitely.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eRockwell Automation encourages their customers to subscribe to \nRockwell Automation\u2019s Security Advisory Index (AID:54102)Rockwell \nAutomation Knowledgebase AID:54102, \n\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102\"\u003ehttps://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102\u003c/a\u003e, \nWeb site last accessed February 04, 2014. for new and relevant \ninformation relating to this and other security-related matters.\u003c/p\u003e\n\u003cp\u003eFor more information and for assistance with assessing the state of \nsecurity of your existing control system, including improving your \nsystem-level security when using Rockwell Automation and other vendor \ncontrols products, you can visit the Rockwell Automation Security \nSolutions Web site at \n\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.rockwellautomation.com/solutions/security\"\u003ehttp://www.rockwellautomation.com/solutions/security\u003c/a\u003e.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "According to Rockwell Automation, new RSLogix 5000 versions, V20.03 \nand V21.03, have been released that address this vulnerability. These \nreleases include mitigations that enhance password protection.\n\n\nProject files created in earlier affected RSLogix 5000 versions of \nsoftware must be opened, resaved, and then downloaded to the appropriate\n controller to mitigate the risk associated with this discovered \nvulnerability.\n\n\nIMPORTANT: Files with protected content that have been opened and \nupdate using enhanced software will no longer be compatible with earlier\n versions of RSLogix 5000 software. For example, a V20.01 project file \nwith protected content that has been opened and resaved using V20.03 \nsoftware can only be opened with V20.03 and higher versions of software.\n Also, a V21.00 project file with protected content that has been opened\n and resaved using V21.03 software can only be opened with V21.03 and \nhigher versions of software.\n\nFor the procedure to update project files, please refer to Rockwell Automation Knowledgebase AID:565204 available here:\u00a0 https://rockwellautomation.custhelp.com/app/answers/detail/a_id/565204 \u00a0.\n\n\nIn addition to using current RSLogix 5000 software, Rockwell \nAutomation also recommends the following actions to all concerned \ncustomers:\n\n\n\n * Where possible, adopt a practice to track creation and distribution \nof protected ACD files, including duplicates and derivatives that \ncontain protected content in the event that these files may need to be \nfound or potentially disposed of in the future.\n\n * Where possible, securely archive protected ACD files or those that \ncontain protected content in a manner that prevents unauthorized access.\n For instance, store protected ACD files in physical and logical \nlocations where access can be controlled and the files are stored in a \nprotected, potentially encrypted manner.\n\n * Where possible, securely transmit protected ACD files or those that \ncontain protected content in a manner that prevents unauthorized access.\n For instance, email protected ACD files only to known recipients and \nencrypted the files such that only the target recipient can decrypt the \ncontent.\n\n * Where possible, restrict physical and network access to controllers \ncontaining protected content only to authorized parties in order to help\n prevent unauthorized uploading of protected material into an ACD file. \nFor some customers, FactoryTalk Security software may be a suitable \noption to assist customers with applying a Role-based Access Control \n(RBAC) solution to their system. FactoryTalk Security was integrated \ninto RSLogix 5000 Version 10.00.\n\n * Where possible, use a unique and complex password for each routine \nor Add-On Instruction desirable to protect, so as to reduce the risk \nthat multiple files and protected content could be compromised, should a\n single password become learned.\n\n * Where possible, adopt a password management practice to periodically\n change passwords applied to routines and Add-On Instructions to help \nmitigate the risk that a learned password may remain usable for an \nextended period of time or indefinitely.\n\n\n\n\nRockwell Automation encourages their customers to subscribe to \nRockwell Automation\u2019s Security Advisory Index (AID:54102)Rockwell \nAutomation Knowledgebase AID:54102, \n https://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102 , \nWeb site last accessed February 04, 2014. for new and relevant \ninformation relating to this and other security-related matters.\n\n\nFor more information and for assistance with assessing the state of \nsecurity of your existing control system, including improving your \nsystem-level security when using Rockwell Automation and other vendor \ncontrols products, you can visit the Rockwell Automation Security \nSolutions Web site at \n http://www.rockwellautomation.com/solutions/security ."
}
],
"source": {
"advisory": "ICSA-14-021-01",
"discovery": "EXTERNAL"
},
"title": "Rockwell RSLogix 5000 Insufficiently Protected Credentials",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-0755",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rockwell Automation RSLogix 5000 7 through 20.01, and 21.0, does not properly implement password protection for .ACD files (aka project files), which allows local users to obtain sensitive information or modify data via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "rslogix-cve20140755-info-disc(90981)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90981"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-021-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-021-01"
},
{
"name": "102858",
"refsource": "OSVDB",
"url": "http://osvdb.org/102858"
},
{
"name": "65337",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65337"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-0755",
"datePublished": "2014-02-05T02:00:00",
"dateReserved": "2014-01-02T00:00:00",
"dateUpdated": "2025-09-19T18:46:05.180Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12511 (GCVE-0-2024-12511)
Vulnerability from cvelistv5
Published
2025-02-03 19:23
Modified
2025-09-17 11:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
With address book access, SMB/FTP settings could be modified, redirecting scans and possibly capturing credentials. This requires enabled scan functions and printer access.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Xerox | Versalink B400 |
Version: 0 < 37.82.53 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12511",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-03T20:18:28.894076Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-03T20:18:36.134Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"platforms": [
"Windows"
],
"product": "Versalink B400",
"vendor": "Xerox",
"versions": [
{
"lessThan": "37.82.53",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"platforms": [
"Windows"
],
"product": "Versalink B405",
"vendor": "Xerox",
"versions": [
{
"lessThan": "38.82.53",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"platforms": [
"Windows"
],
"product": "Versalink C400",
"vendor": "Xerox",
"versions": [
{
"lessThan": "67.82.53",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"platforms": [
"Windows"
],
"product": "Versalink C405",
"vendor": "Xerox",
"versions": [
{
"lessThan": "68.82.53",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"platforms": [
"Windows"
],
"product": "Versalink B600/B610",
"vendor": "Xerox",
"versions": [
{
"lessThan": "32.82.53",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"platforms": [
"Windows"
],
"product": "Versalink B605/B615",
"vendor": "Xerox",
"versions": [
{
"lessThan": "33.82.53",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"platforms": [
"Windows"
],
"product": "Versalink C500/C600",
"vendor": "Xerox",
"versions": [
{
"lessThan": "61.82.53",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"platforms": [
"Windows"
],
"product": "Versalink C505/C605",
"vendor": "Xerox",
"versions": [
{
"lessThan": "62.82.53",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"platforms": [
"Windows"
],
"product": "Versalink C7000",
"vendor": "Xerox",
"versions": [
{
"lessThan": "56.75.53",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"platforms": [
"Windows"
],
"product": "Versalink C7020/C7025/C7030",
"vendor": "Xerox",
"versions": [
{
"lessThan": "57.75.53",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"platforms": [
"Windows"
],
"product": "Versalink B7025/B7030/B7035",
"vendor": "Xerox",
"versions": [
{
"lessThan": "58.75.53",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"platforms": [
"Windows"
],
"product": "Versalink B7125/B7130/B7135",
"vendor": "Xerox",
"versions": [
{
"lessThan": "59.24.53",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"platforms": [
"Windows"
],
"product": "Versalink C7120/C7125/C7130",
"vendor": "Xerox",
"versions": [
{
"lessThan": "69.24.53",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"platforms": [
"Windows"
],
"product": "Versalink C8000/C9000",
"vendor": "Xerox",
"versions": [
{
"lessThan": "70.75.53",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"platforms": [
"Windows"
],
"product": "Versalink C8000W",
"vendor": "Xerox",
"versions": [
{
"lessThan": "72.75.53",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"platforms": [
"Windows"
],
"product": "Phaser 6510",
"vendor": "Xerox",
"versions": [
{
"lessThan": "64.75.53",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"platforms": [
"Windows"
],
"product": "WorkCentre 6515",
"vendor": "Xerox",
"versions": [
{
"lessThan": "65.75.53",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-02-03T18:44:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "With address book access, SMB/FTP settings could be modified, redirecting scans and possibly capturing credentials. This requires enabled scan functions and printer access."
}
],
"value": "With address book access, SMB/FTP settings could be modified, redirecting scans and possibly capturing credentials. This requires enabled scan functions and printer access."
}
],
"impacts": [
{
"capecId": "CAPEC-593",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-593: Session Hijacking"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-17T11:09:16.202Z",
"orgId": "10b61619-3869-496c-8a1e-f291b0e71e3f",
"shortName": "Xerox"
},
"references": [
{
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2025/02/Xerox-Security-Bulletin-XRX25-003-for-Xerox%C2%AE-for-VersaLinkPhaser-and-WorkCentre.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SMB/FTP Address Book Scan Pass-back attack",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "10b61619-3869-496c-8a1e-f291b0e71e3f",
"assignerShortName": "Xerox",
"cveId": "CVE-2024-12511",
"datePublished": "2025-02-03T19:23:52.125Z",
"dateReserved": "2024-12-11T13:24:57.952Z",
"dateUpdated": "2025-09-17T11:09:16.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23306 (GCVE-0-2024-23306)
Vulnerability from cvelistv5
Published
2024-02-14 16:30
Modified
2025-08-28 19:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-522 - Insufficiently Protected Credentials
Summary
A vulnerability exists in BIG-IP Next CNF and SPK systems that may allow access to undisclosed sensitive files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
References
| ▼ | URL | Tags |
|---|---|---|
| https://my.f5.com/manage/s/article/K000137886 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | F5 | BIG-IP Next SPK |
Version: 1.3.0 < 1.5.0 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23306",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-21T20:31:33.169264Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:46:11.754Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:59:32.236Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://my.f5.com/manage/s/article/K000137886"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "BIG-IP Next SPK",
"vendor": "F5",
"versions": [
{
"lessThan": "1.5.0",
"status": "affected",
"version": "1.3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "BIG-IP Next CNF",
"vendor": "F5",
"versions": [
{
"lessThan": "1.2.0",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "F5"
}
],
"datePublic": "2024-02-14T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA vulnerability exists in BIG-IP Next CNF and SPK systems that may allow access to undisclosed sensitive files.\u003c/span\u003e\u0026nbsp; Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
}
],
"value": "A vulnerability exists in BIG-IP Next CNF and SPK systems that may allow access to undisclosed sensitive files.\u00a0 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T19:17:40.190Z",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://my.f5.com/manage/s/article/K000137886"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "BIG-IP Next CNF \u0026 SPK vulnerability",
"x_generator": {
"engine": "F5 SIRTBot v1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2024-23306",
"datePublished": "2024-02-14T16:30:23.515Z",
"dateReserved": "2024-02-01T22:13:58.485Z",
"dateUpdated": "2025-08-28T19:17:40.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41770 (GCVE-0-2024-41770)
Vulnerability from cvelistv5
Published
2025-03-03 15:28
Modified
2025-09-01 01:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-522 - Insufficiently Protected Credentials
Summary
IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7184663 | vendor-advisory, patch |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Engineering Requirements Management DOORS Next |
Version: 7.0.2 Version: 7.0.3 Version: 7.1 cpe:2.3:a:ibm:engineering_requirements_management_doors:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:engineering_requirements_management_doors:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:engineering_requirements_management_doors:7.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41770",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-04T19:05:34.410184Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T19:05:46.401Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:engineering_requirements_management_doors:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:engineering_requirements_management_doors:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:engineering_requirements_management_doors:7.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Engineering Requirements Management DOORS Next",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0.2"
},
{
"status": "affected",
"version": "7.0.3"
},
{
"status": "affected",
"version": "7.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information."
}
],
"value": "IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-01T01:11:25.136Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7184663"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Engineering Requirements Management DOORS Next information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-41770",
"datePublished": "2025-03-03T15:28:57.065Z",
"dateReserved": "2024-07-22T12:02:59.128Z",
"dateUpdated": "2025-09-01T01:11:25.136Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41771 (GCVE-0-2024-41771)
Vulnerability from cvelistv5
Published
2025-03-03 15:29
Modified
2025-09-01 01:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-522 - Insufficiently Protected Credentials
Summary
IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7184663 | vendor-advisory, patch |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Engineering Requirements Management DOORS Next |
Version: 7.0.2 Version: 7.0.3 Version: 7.1 cpe:2.3:a:ibm:engineering_requirements_management_doors:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:engineering_requirements_management_doors:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:engineering_requirements_management_doors:7.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41771",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-04T19:00:56.359534Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T19:01:10.858Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:engineering_requirements_management_doors:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:engineering_requirements_management_doors:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:engineering_requirements_management_doors:7.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Engineering Requirements Management DOORS Next",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0.2"
},
{
"status": "affected",
"version": "7.0.3"
},
{
"status": "affected",
"version": "7.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information."
}
],
"value": "IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-01T01:11:58.234Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7184663"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Engineering Requirements Management DOORS Next information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-41771",
"datePublished": "2025-03-03T15:29:14.503Z",
"dateReserved": "2024-07-22T12:02:59.128Z",
"dateUpdated": "2025-09-01T01:11:58.234Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47109 (GCVE-0-2024-47109)
Vulnerability from cvelistv5
Published
2025-03-10 16:01
Modified
2025-09-01 01:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-522 - Insufficiently Protected Credentials
Summary
IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 UI could disclosure the installation path of the server which could aid in further attacks against the system.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7185259 | vendor-advisory, patch |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Sterling File Gateway |
Version: 6.0.0.0 ≤ 6.1.2.6 Version: 6.2.0.0 ≤ 6.2.0.3 cpe:2.3:a:ibm:sterling_file_gateway:6.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_file_gateway:6.1.2.6:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.3:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47109",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T17:01:22.267512Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T16:06:31.582Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:sterling_file_gateway:6.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_file_gateway:6.1.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:sterling_file_gateway:6.2.0.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Sterling File Gateway",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "6.1.2.6",
"status": "affected",
"version": "6.0.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.0.3",
"status": "affected",
"version": "6.2.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 UI could disclosure the installation path of the server which could aid in further attacks against the system."
}
],
"value": "IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 UI could disclosure the installation path of the server which could aid in further attacks against the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-01T01:08:12.240Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7185259"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Sterling File Gateway information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-47109",
"datePublished": "2025-03-10T16:01:42.848Z",
"dateReserved": "2024-09-18T19:26:44.572Z",
"dateUpdated": "2025-09-01T01:08:12.240Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49364 (GCVE-0-2024-49364)
Vulnerability from cvelistv5
Published
2025-07-01 02:07
Modified
2025-07-01 13:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-522 - Insufficiently Protected Credentials
Summary
tiny-secp256k1 is a tiny secp256k1 native/JS wrapper. Prior to version 1.1.7, a private key can be extracted on signing a malicious JSON-stringifiable object, when global Buffer is the buffer package. This affects only environments where require('buffer') is the NPM buffer package. The Buffer.isBuffer check can be bypassed, resulting in k reuse for different messages, leading to private key extraction over a single invalid message (and a second one for which any message/signature could be taken, e.g. previously known valid one). This issue has been patched in version 1.1.7.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/bitcoinjs/tiny-secp256k1/security/advisories/GHSA-7mc2-6phr-23xc | x_refsource_CONFIRM | |
| https://github.com/bitcoinjs/tiny-secp256k1/pull/140 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| bitcoinjs | tiny-secp256k1 |
Version: < 1.1.7 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49364",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-01T13:16:31.667933Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T13:16:57.518Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/bitcoinjs/tiny-secp256k1/security/advisories/GHSA-7mc2-6phr-23xc"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "tiny-secp256k1",
"vendor": "bitcoinjs",
"versions": [
{
"status": "affected",
"version": "\u003c 1.1.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "tiny-secp256k1 is a tiny secp256k1 native/JS wrapper. Prior to version 1.1.7, a private key can be extracted on signing a malicious JSON-stringifiable object, when global Buffer is the buffer package. This affects only environments where require(\u0027buffer\u0027) is the NPM buffer package. The Buffer.isBuffer check can be bypassed, resulting in k reuse for different messages, leading to private key extraction over a single invalid message (and a second one for which any message/signature could be taken, e.g. previously known valid one). This issue has been patched in version 1.1.7."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522: Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T02:07:06.631Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/bitcoinjs/tiny-secp256k1/security/advisories/GHSA-7mc2-6phr-23xc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/bitcoinjs/tiny-secp256k1/security/advisories/GHSA-7mc2-6phr-23xc"
},
{
"name": "https://github.com/bitcoinjs/tiny-secp256k1/pull/140",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bitcoinjs/tiny-secp256k1/pull/140"
}
],
"source": {
"advisory": "GHSA-7mc2-6phr-23xc",
"discovery": "UNKNOWN"
},
"title": "tiny-secp256k1 vulnerable to private key extraction when signing a malicious JSON-stringifyable message in bundled environment"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-49364",
"datePublished": "2025-07-01T02:07:06.631Z",
"dateReserved": "2024-10-14T13:56:34.810Z",
"dateUpdated": "2025-07-01T13:16:57.518Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-10360 (GCVE-0-2025-10360)
Vulnerability from cvelistv5
Published
2025-09-24 15:49
Modified
2025-09-24 16:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-522 - Insufficiently Protected Credentials
Summary
In Puppet Enterprise versions 2025.4.0 and 2025.5, the encryption key used for encrypting content in the Infra Assistant database was not excluded from the files gathered by Puppet backup. The key is only present on the system if the user has a Puppet Enterprise Advanced license and has enabled the Infra Assistant feature. The key is used for encrypting one particular bit of data in the Infra Assistant database: the API key for their AI provider account. This has been fixed in Puppet Enterprise version 2025.6, and release notes for 2025.6 have remediation steps for users of affected versions who can't update to the latest version.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Perforce | Puppet Enterprise |
Version: 2025.4 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10360",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-24T16:11:54.833079Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T16:12:48.979Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Puppet Enterprise",
"vendor": "Perforce",
"versions": [
{
"lessThanOrEqual": "2025.5",
"status": "affected",
"version": "2025.4",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-09-24T15:45:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Puppet Enterprise versions 2025.4.0 and 2025.5, the encryption key used for encrypting content in the Infra Assistant database was not excluded from the files gathered by Puppet backup. The key is only present on the system if the user has a Puppet Enterprise Advanced license and has enabled the Infra Assistant feature. The key is used for encrypting one particular bit of data in the Infra Assistant database: the API key for their AI provider account.\u0026nbsp;This has been fixed in Puppet Enterprise version 2025.6, and release notes for 2025.6 have remediation steps for users of affected versions who can\u0027t update to the latest version."
}
],
"value": "In Puppet Enterprise versions 2025.4.0 and 2025.5, the encryption key used for encrypting content in the Infra Assistant database was not excluded from the files gathered by Puppet backup. The key is only present on the system if the user has a Puppet Enterprise Advanced license and has enabled the Infra Assistant feature. The key is used for encrypting one particular bit of data in the Infra Assistant database: the API key for their AI provider account.\u00a0This has been fixed in Puppet Enterprise version 2025.6, and release notes for 2025.6 have remediation steps for users of affected versions who can\u0027t update to the latest version."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T15:49:47.210Z",
"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"shortName": "Perforce"
},
"references": [
{
"url": "https://portal.perforce.com/s/cve/a91PA000001Smp7YAC/insufficiently-protected-credentials-in-puppet-enterprise-20254-and-20255"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Insufficiently Protected Credentials in Puppet Enterprise 2025.4 and 2025.5",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"assignerShortName": "Perforce",
"cveId": "CVE-2025-10360",
"datePublished": "2025-09-24T15:49:47.210Z",
"dateReserved": "2025-09-12T12:51:13.662Z",
"dateUpdated": "2025-09-24T16:12:48.979Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-10879 (GCVE-0-2025-10879)
Vulnerability from cvelistv5
Published
2025-09-25 16:31
Modified
2025-09-25 19:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-522 - Insufficiently Protected Credentials
Summary
All versions of Dingtian DT-R002 are vulnerable to an Insufficiently Protected Credentials vulnerability that could allow an attacker to retrieve the current user's username without authentication.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cisa.gov/news-events/ics-advisories/icsa-25-268-01 | government-resource |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10879",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-25T17:20:23.650320Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-25T19:34:14.162Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DT-R002",
"vendor": "Dingtian",
"versions": [
{
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nicolas Cano and Reid Wightman of Dragos"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAll versions of Dingtian DT-R002 are vulnerable to an Insufficiently Protected Credentials vulnerability that could allow an attacker to retrieve the current user\u0027s username without authentication.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "All versions of Dingtian DT-R002 are vulnerable to an Insufficiently Protected Credentials vulnerability that could allow an attacker to retrieve the current user\u0027s username without authentication."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-25T16:31:26.280Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-268-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDingtian has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of affected versions of Dingtian DT-R002 are invited to contact Dingtian \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.dingtian-tech.com/en_us/aboutus.html?tab=contact_us\"\u003ecustomer support\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;for additional information.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Dingtian has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of affected versions of Dingtian DT-R002 are invited to contact Dingtian customer support https://www.dingtian-tech.com/en_us/aboutus.html \u00a0for additional information."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Insufficiently Protected Credentials in Dingtian DT-R002",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe researchers recommend the following to help reduce risk:\u003c/p\u003e\u003cul\u003e\u003cli\u003eRestrict access to HTTP (TCP/80), and the Dingtian Protocol on (UDP/60000) and (UDP/60001).\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "The researchers recommend the following to help reduce risk:\n\n * Restrict access to HTTP (TCP/80), and the Dingtian Protocol on (UDP/60000) and (UDP/60001)."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-10879",
"datePublished": "2025-09-25T16:31:26.280Z",
"dateReserved": "2025-09-23T15:29:31.895Z",
"dateUpdated": "2025-09-25T19:34:14.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-10880 (GCVE-0-2025-10880)
Vulnerability from cvelistv5
Published
2025-09-25 16:32
Modified
2025-09-25 18:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-522 - Insufficiently Protected Credentials
Summary
All versions of Dingtian DT-R002 are vulnerable to an Insufficiently Protected Credentials vulnerability that could allow an attacker to extract the proprietary "Dingtian Binary" protocol password by sending an unauthenticated GET request.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cisa.gov/news-events/ics-advisories/icsa-25-268-01 | government-resource |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10880",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-25T17:49:25.378487Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-25T18:07:06.076Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DT-R002",
"vendor": "Dingtian",
"versions": [
{
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nicolas Cano and Reid Wightman of Dragos"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003eAll versions of Dingtian DT-R002 are vulnerable to an Insufficiently Protected Credentials vulnerability that could allow an attacker to extract the proprietary \"Dingtian Binary\" protocol password by sending an unauthenticated GET request.\u003c/p\u003e"
}
],
"value": "All versions of Dingtian DT-R002 are vulnerable to an Insufficiently Protected Credentials vulnerability that could allow an attacker to extract the proprietary \"Dingtian Binary\" protocol password by sending an unauthenticated GET request."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-25T16:47:53.136Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-268-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDingtian has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of affected versions of Dingtian DT-R002 are invited to contact Dingtian \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.dingtian-tech.com/en_us/aboutus.html?tab=contact_us\"\u003ecustomer support\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;for additional information.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Dingtian has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of affected versions of Dingtian DT-R002 are invited to contact Dingtian customer support https://www.dingtian-tech.com/en_us/aboutus.html \u00a0for additional information."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Insufficiently Protected Credentials in Dingtian DT-R002",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe researchers recommend the following to help reduce risk:\u003c/p\u003e\u003cul\u003e\u003cli\u003eRestrict access to HTTP (TCP/80), and the Dingtian Protocol on (UDP/60000) and (UDP/60001).\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "The researchers recommend the following to help reduce risk:\n\n * Restrict access to HTTP (TCP/80), and the Dingtian Protocol on (UDP/60000) and (UDP/60001)."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-10880",
"datePublished": "2025-09-25T16:32:17.981Z",
"dateReserved": "2025-09-23T15:29:33.138Z",
"dateUpdated": "2025-09-25T18:07:06.076Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Architecture and Design
Description:
- Use an appropriate security mechanism to protect the credentials.
Mitigation
Phase: Architecture and Design
Description:
- Make appropriate use of cryptography to protect the credentials.
Mitigation
Phase: Implementation
Description:
- Use industry standards to protect the credentials (e.g. LDAP, keystore, etc.).
CAPEC-102: Session Sidejacking
Session sidejacking takes advantage of an unencrypted communication channel between a victim and target system. The attacker sniffs traffic on a network looking for session tokens in unencrypted traffic. Once a session token is captured, the attacker performs malicious actions by using the stolen token with the targeted application to impersonate the victim. This attack is a specific method of session hijacking, which is exploiting a valid session token to gain unauthorized access to a target system or information. Other methods to perform a session hijacking are session fixation, cross-site scripting, or compromising a user or server machine and stealing the session token.
CAPEC-474: Signature Spoofing by Key Theft
An attacker obtains an authoritative or reputable signer's private signature key by theft and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
CAPEC-50: Password Recovery Exploitation
An attacker may take advantage of the application feature to help users recover their forgotten passwords in order to gain access into the system with the same privileges as the original user. Generally password recovery schemes tend to be weak and insecure.
CAPEC-509: Kerberoasting
Through the exploitation of how service accounts leverage Kerberos authentication with Service Principal Names (SPNs), the adversary obtains and subsequently cracks the hashed credentials of a service account target to exploit its privileges. The Kerberos authentication protocol centers around a ticketing system which is used to request/grant access to services and to then access the requested services. As an authenticated user, the adversary may request Active Directory and obtain a service ticket with portions encrypted via RC4 with the private key of the authenticated account. By extracting the local ticket and saving it disk, the adversary can brute force the hashed value to reveal the target account credentials.
CAPEC-551: Modify Existing Service
When an operating system starts, it also starts programs called services or daemons. Modifying existing services may break existing services or may enable services that are disabled/not commonly used.
CAPEC-555: Remote Services with Stolen Credentials
This pattern of attack involves an adversary that uses stolen credentials to leverage remote services such as RDP, telnet, SSH, and VNC to log into a system. Once access is gained, any number of malicious activities could be performed.
CAPEC-560: Use of Known Domain Credentials
An adversary guesses or obtains (i.e. steals or purchases) legitimate credentials (e.g. userID/password) to achieve authentication and to perform authorized actions under the guise of an authenticated user or service.
CAPEC-561: Windows Admin Shares with Stolen Credentials
An adversary guesses or obtains (i.e. steals or purchases) legitimate Windows administrator credentials (e.g. userID/password) to access Windows Admin Shares on a local machine or within a Windows domain.
CAPEC-600: Credential Stuffing
An adversary tries known username/password combinations against different systems, applications, or services to gain additional authenticated access. Credential Stuffing attacks rely upon the fact that many users leverage the same username/password combination for multiple systems, applications, and services.
CAPEC-644: Use of Captured Hashes (Pass The Hash)
An adversary obtains (i.e. steals or purchases) legitimate Windows domain credential hash values to access systems within the domain that leverage the Lan Man (LM) and/or NT Lan Man (NTLM) authentication protocols.
CAPEC-645: Use of Captured Tickets (Pass The Ticket)
An adversary uses stolen Kerberos tickets to access systems/resources that leverage the Kerberos authentication protocol. The Kerberos authentication protocol centers around a ticketing system which is used to request/grant access to services and to then access the requested services. An adversary can obtain any one of these tickets (e.g. Service Ticket, Ticket Granting Ticket, Silver Ticket, or Golden Ticket) to authenticate to a system/resource without needing the account's credentials. Depending on the ticket obtained, the adversary may be able to access a particular resource or generate TGTs for any account within an Active Directory Domain.
CAPEC-652: Use of Known Kerberos Credentials
An adversary obtains (i.e. steals or purchases) legitimate Kerberos credentials (e.g. Kerberos service account userID/password or Kerberos Tickets) with the goal of achieving authenticated access to additional systems, applications, or services within the domain.
CAPEC-653: Use of Known Operating System Credentials
An adversary guesses or obtains (i.e. steals or purchases) legitimate operating system credentials (e.g. userID/password) to achieve authentication and to perform authorized actions on the system, under the guise of an authenticated user or service. This applies to any Operating System.