CWE-321
AllowedUse of Hard-coded Cryptographic Key
Abstraction: Variant · Status: Draft
The product uses a hard-coded, unchangeable cryptographic key.
503 vulnerabilities reference this CWE, most recent first.
CVE-2016-9335 (GCVE-0-2016-9335)
Vulnerability from cvelistv5 – Published: 2018-05-09 13:00 – Updated: 2024-09-16 19:04- CWE-321 - Use of hard-coded cryptographic key CWE-321
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-17-054-02 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Red Lion Controls | Sixnet-Managed Industrial Switches |
Affected:
firmware Version 5.0.196 and prior
|
|
| AutomationDirect | STRIDE-Managed Ethernet Switch models |
Affected:
firmware Version 5.0.190 and prior.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:50:38.209Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-054-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Sixnet-Managed Industrial Switches",
"vendor": "Red Lion Controls",
"versions": [
{
"status": "affected",
"version": "firmware Version 5.0.196 and prior"
}
]
},
{
"product": "STRIDE-Managed Ethernet Switch models",
"vendor": "AutomationDirect",
"versions": [
{
"status": "affected",
"version": "firmware Version 5.0.190 and prior."
}
]
}
],
"datePublic": "2017-02-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A hard-coded cryptographic key vulnerability was identified in Red Lion Controls Sixnet-Managed Industrial Switches running firmware Version 5.0.196 and Stride-Managed Ethernet Switches running firmware Version 5.0.190. Vulnerable versions of Stride-Managed Ethernet switches and Sixnet-Managed Industrial switches use hard-coded HTTP SSL/SSH keys for secure communication. Because these keys cannot be regenerated by users, all products use the same key. The attacker could disrupt communication or compromise the system. CVSS v3 base score: 10, CVSS vector string: (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). Red Lion Controls recommends updating to SLX firmware Version 5.3.174."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "Use of hard-coded cryptographic key CWE-321",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-09T12:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-054-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2017-02-23T00:00:00",
"ID": "CVE-2016-9335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sixnet-Managed Industrial Switches",
"version": {
"version_data": [
{
"version_value": "firmware Version 5.0.196 and prior"
}
]
}
}
]
},
"vendor_name": "Red Lion Controls"
},
{
"product": {
"product_data": [
{
"product_name": "STRIDE-Managed Ethernet Switch models",
"version": {
"version_data": [
{
"version_value": "firmware Version 5.0.190 and prior."
}
]
}
}
]
},
"vendor_name": "AutomationDirect"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A hard-coded cryptographic key vulnerability was identified in Red Lion Controls Sixnet-Managed Industrial Switches running firmware Version 5.0.196 and Stride-Managed Ethernet Switches running firmware Version 5.0.190. Vulnerable versions of Stride-Managed Ethernet switches and Sixnet-Managed Industrial switches use hard-coded HTTP SSL/SSH keys for secure communication. Because these keys cannot be regenerated by users, all products use the same key. The attacker could disrupt communication or compromise the system. CVSS v3 base score: 10, CVSS vector string: (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). Red Lion Controls recommends updating to SLX firmware Version 5.3.174."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of hard-coded cryptographic key CWE-321"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-054-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-054-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2016-9335",
"datePublished": "2018-05-09T13:00:00.000Z",
"dateReserved": "2016-11-16T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:04:11.086Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-10148 (GCVE-0-2015-10148)
Vulnerability from cvelistv5 – Published: 2026-04-03 21:42 – Updated: 2026-05-25 23:40- CWE-321 - Use of Hard-coded Cryptographic Key
| URL | Tags |
|---|---|
| https://assets.belden.com/m/76d31798e65c9f47/orig… | vendor-advisory |
| https://www.vulncheck.com/advisories/hirschmann-h… | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Belden | Hirschmann HiLCOS |
Affected:
9.00 , ≤ 9.00-RU1
(custom)
Affected: 0 , ≤ 8.80 (custom) Unaffected: 9.10 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2015-10148",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-06T13:11:11.390412Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T13:11:22.775Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Hirschmann HiLCOS",
"vendor": "Belden",
"versions": [
{
"lessThanOrEqual": "9.00-RU1",
"status": "affected",
"version": "9.00",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.80",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "9.10",
"versionType": "custom"
}
]
}
],
"datePublic": "2015-12-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Hirschmann HiLCOS devices OpenBAT, WLC, BAT300, BAT54 prior to 8.80 and OpenBAT prior to 9.10 are shipped with identical default SSH and SSL keys that cannot be changed, allowing unauthenticated remote attackers to decrypt or intercept encrypted management communications. Attackers can perform man-in-the-middle attacks, impersonate devices, and expose sensitive information by leveraging the shared default cryptographic keys across multiple devices."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321: Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-25T23:40:54.918Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://assets.belden.com/m/76d31798e65c9f47/original/Security-Bulletin-SSH-SSL-Default-Keys-HiLCOS-Hirschmann-BSECV-2015-12.pdf"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/hirschmann-hilcos-hard-coded-credentials-ssh-ssl-keys"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Hirschmann HiLCOS Hard-coded Credentials SSH SSL Keys"
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2015-10148",
"datePublished": "2026-04-03T21:42:51.401Z",
"dateReserved": "2026-04-03T21:32:33.851Z",
"dateUpdated": "2026-05-25T23:40:54.918Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2014-5419 (GCVE-0-2014-5419)
Vulnerability from cvelistv5 – Published: 2015-01-17 02:00 – Updated: 2025-11-04 23:32| URL | Tags |
|---|---|
| https://www.cisa.gov/news-events/ics-advisories/i… | |
| http://www.gedigitalenergy.com/products/support/m… | x_refsource_CONFIRM |
| https://github.com/cisagov/CSAF/blob/develop/csaf… | |
| https://ics-cert.us-cert.gov/advisories/ICSA-15-013-04 | x_refsource_MISCx_transferred |
| Vendor | Product | Version | |
|---|---|---|---|
| GE | Multilink ML800/1200/1600/2400 |
Affected:
0 , ≤ 4.2.1
(custom)
|
|
| GE | ML810/3000/3100 series switch |
Affected:
0 , ≤ 5.2.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:49.264Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-013-04"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.gedigitalenergy.com/products/support/multilink/MLSB1214.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Multilink ML800/1200/1600/2400",
"vendor": "GE",
"versions": [
{
"lessThanOrEqual": "4.2.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ML810/3000/3100 series switch",
"vendor": "GE",
"versions": [
{
"lessThanOrEqual": "5.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Eireann Leverett of IOActive"
}
],
"datePublic": "2015-01-13T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\nGE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier use the same RSA private key across different customers\u0027 installations, which makes it easier for remote attackers to obtain the cleartext content of network traffic by reading this key from a firmware image and then sniffing the network.\n\n\u003c/p\u003e"
}
],
"value": "GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier use the same RSA private key across different customers\u0027 installations, which makes it easier for remote attackers to obtain the cleartext content of network traffic by reading this key from a firmware image and then sniffing the network."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-04T23:32:07.026Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-15-013-04a"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.gedigitalenergy.com/products/support/multilink/MLSB1214.pdf"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2015/icsa-15-013-04a.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eGE recommends users update switch firmware to the \nlatest published version to resolve these vulnerabilities. The new \nfirmware will enable new keys to be calculated and exchanged, resolve \nthe slow data transfer and potential denial of service, and prevent the identified \ncross-site scripting vulnerabilities. The latest firmware is Version \n5.3.2 for the ML800, ML1200, ML1600 and ML2400 and Version 5.3.2-3K for \nthe ML810, ML3000, and ML3100. This firmware is available through the \n\u201cResources/Software\u201d link in the product web sites at \n\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.gedigitalenergy.com\"\u003ehttp://www.gedigitalenergy.com\u003c/a\u003e. This firmware is also available through \nthe EnerVista Launchpad device management tool.\u003c/p\u003e\n\u003cp\u003eGE recommends updating the switch over a serial connection to prevent an attacker from capturing the new key.\u003c/p\u003e\n\u003cp\u003ePlease refer to the GE advisory for specific information on how to \ninstall the firmware and change RSA key. The GE advisory is available \nat:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.gedigitalenergy.com/products/support/multilink/MLSB0415.pdf\"\u003ehttps://www.gedigitalenergy.com/products/support/multilink/MLSB0415.pdf\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "GE recommends users update switch firmware to the \nlatest published version to resolve these vulnerabilities. The new \nfirmware will enable new keys to be calculated and exchanged, resolve \nthe slow data transfer and potential denial of service, and prevent the identified \ncross-site scripting vulnerabilities. The latest firmware is Version \n5.3.2 for the ML800, ML1200, ML1600 and ML2400 and Version 5.3.2-3K for \nthe ML810, ML3000, and ML3100. This firmware is available through the \n\u201cResources/Software\u201d link in the product web sites at \n http://www.gedigitalenergy.com . This firmware is also available through \nthe EnerVista Launchpad device management tool.\n\n\nGE recommends updating the switch over a serial connection to prevent an attacker from capturing the new key.\n\n\nPlease refer to the GE advisory for specific information on how to \ninstall the firmware and change RSA key. The GE advisory is available \nat:\n\n\n https://www.gedigitalenergy.com/products/support/multilink/MLSB0415.pdf"
}
],
"source": {
"advisory": "ICSA-15-013-04",
"discovery": "EXTERNAL"
},
"title": "GE Multilink Use of Hard-coded Cryptographic Key",
"x_generator": {
"engine": "Vulnogram 0.5.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-5418",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier allow remote attackers to cause a denial of service (resource consumption or reboot) via crafted packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-013-04",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-013-04"
},
{
"name": "http://www.gedigitalenergy.com/products/support/multilink/MLSB1214.pdf",
"refsource": "CONFIRM",
"url": "http://www.gedigitalenergy.com/products/support/multilink/MLSB1214.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-5419",
"datePublished": "2015-01-17T02:00:00.000Z",
"dateReserved": "2014-08-22T00:00:00.000Z",
"dateUpdated": "2025-11-04T23:32:07.026Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2014-5403 (GCVE-0-2014-5403)
Vulnerability from cvelistv5 – Published: 2015-04-03 10:00 – Updated: 2025-11-03 18:22| URL | Tags |
|---|---|
| https://www.cisa.gov/news-events/ics-advisories/i… | |
| https://github.com/cisagov/CSAF/blob/develop/csaf… | |
| https://ics-cert.us-cert.gov/advisories/ICSA-15-090-03 | x_refsource_MISCx_transferred |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:49.062Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-090-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MedNet",
"vendor": "Hospira",
"versions": [
{
"lessThanOrEqual": "5.8",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "6.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Billy Rios"
}
],
"datePublic": "2015-03-31T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\nHospira MedNet before 6.1 uses hardcoded cryptographic keys for protection of data transmission from infusion pumps, which allows remote attackers to obtain sensitive information by sniffing the network.\n\n\u003c/p\u003e"
}
],
"value": "Hospira MedNet before 6.1 uses hardcoded cryptographic keys for protection of data transmission from infusion pumps, which allows remote attackers to obtain sensitive information by sniffing the network."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-03T18:22:39.434Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-15-090-03"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2015/icsa-15-090-03.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eHospira has developed a new version of the MedNet software, MedNet \n6.1. Hospira reports that MedNet 6.1 no longer uses hard-coded \npasswords, hard-coded cryptographic keys, and no longer stores passwords\n in clear text. Existing versions of MedNet can be upgraded to MedNet \n6.1.\u003c/p\u003e\n\u003cp\u003eHospira has produced mitigation recommendations that help mitigate \nthe vulnerability in the vulnerable version of JBoss Enterprise \nApplication Platform software, used in the MedNet software. This has \nbeen addressed by Hospira through issuance of the following knowledge \nbased articles: Improving Security in Hospira MedNet 5.5 (August 2014) \nand Improving Security in Hospira MedNet 5.8 (August 2014). For \nadditional information about Hospira\u2019s new releases and mitigation \nrecommendations, contact Hospira\u2019s technical support at 1-800-241-4002.\u003c/p\u003e"
}
],
"value": "Hospira has developed a new version of the MedNet software, MedNet \n6.1. Hospira reports that MedNet 6.1 no longer uses hard-coded \npasswords, hard-coded cryptographic keys, and no longer stores passwords\n in clear text. Existing versions of MedNet can be upgraded to MedNet \n6.1.\n\n\nHospira has produced mitigation recommendations that help mitigate \nthe vulnerability in the vulnerable version of JBoss Enterprise \nApplication Platform software, used in the MedNet software. This has \nbeen addressed by Hospira through issuance of the following knowledge \nbased articles: Improving Security in Hospira MedNet 5.5 (August 2014) \nand Improving Security in Hospira MedNet 5.8 (August 2014). For \nadditional information about Hospira\u2019s new releases and mitigation \nrecommendations, contact Hospira\u2019s technical support at 1-800-241-4002."
}
],
"source": {
"advisory": "ICSA-15-090-03",
"discovery": "EXTERNAL"
},
"title": "Hospira MedNet Use of Hard-coded Cryptographic Key",
"x_generator": {
"engine": "Vulnogram 0.5.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-5400",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The installation component in Hospira MedNet before 6.1 places cleartext credentials in configuration files, which allows local users to obtain sensitive information by reading a file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-090-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-090-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-5403",
"datePublished": "2015-04-03T10:00:00.000Z",
"dateReserved": "2014-08-22T00:00:00.000Z",
"dateUpdated": "2025-11-03T18:22:39.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
GHSA-229H-QP2G-JHR9
Vulnerability from github – Published: 2022-05-24 17:03 – Updated: 2024-04-30 18:30minerstat msOS before 2019-10-23 does not have a unique SSH key for each instance of the product.
{
"affected": [],
"aliases": [
"CVE-2019-19750"
],
"database_specific": {
"cwe_ids": [
"CWE-321"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-12-12T18:15:00Z",
"severity": "CRITICAL"
},
"details": "minerstat msOS before 2019-10-23 does not have a unique SSH key for each instance of the product.",
"id": "GHSA-229h-qp2g-jhr9",
"modified": "2024-04-30T18:30:33Z",
"published": "2022-05-24T17:03:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19750"
},
{
"type": "WEB",
"url": "https://github.com/minerstat/minerstat-os/commit/487ebd652dc9dc81120809effb2ddb3f66fc5f14"
},
{
"type": "WEB",
"url": "https://rsaxvc.net/blog/2020/4/10/Widespread_re-use_of_SSH_Host_Keys_in_Ethereum_Mining_Rig_Operating_Systems.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-22H8-G6QJ-G2G4
Vulnerability from github – Published: 2026-06-26 21:32 – Updated: 2026-06-29 15:31Lansweeper lsrunase 2.0 and lsencrypt 2.0 use RC4 encryption with a hardcoded 142-byte static key array to encrypt credentials. An 8-character prefix is stored in cleartext alongside the ciphertext. This allows an attacker with local access to recover any encrypted password to plaintext using a single SHA-1 hash and RC4 decryption operation, with no brute force required.
{
"affected": [],
"aliases": [
"CVE-2026-39031"
],
"database_specific": {
"cwe_ids": [
"CWE-321"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-26T21:16:33Z",
"severity": "MODERATE"
},
"details": "Lansweeper lsrunase 2.0 and lsencrypt 2.0 use RC4 encryption with a hardcoded 142-byte static key array to encrypt credentials. An 8-character prefix is stored in cleartext alongside the ciphertext. This allows an attacker with local access to recover any encrypted password to plaintext using a single SHA-1 hash and RC4 decryption operation, with no brute force required.",
"id": "GHSA-22h8-g6qj-g2g4",
"modified": "2026-06-29T15:31:59Z",
"published": "2026-06-26T21:32:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39031"
},
{
"type": "WEB",
"url": "https://github.com/user6400/cve-2026-39031-lansweeper-lsrunase2-lsencrypt2"
},
{
"type": "WEB",
"url": "https://usermode.net/cve/lansweeper_lsrunase2_lsencrypt2_cve.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-244M-V8JG-HV24
Vulnerability from github – Published: 2025-08-05 09:30 – Updated: 2025-08-05 09:30A low privileged local attacker can abuse the affected service by using a hardcoded cryptographic key.
{
"affected": [],
"aliases": [
"CVE-2025-2810"
],
"database_specific": {
"cwe_ids": [
"CWE-321"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-05T08:15:25Z",
"severity": "MODERATE"
},
"details": "A low privileged local attacker can abuse the affected service by using a hardcoded cryptographic key.",
"id": "GHSA-244m-v8jg-hv24",
"modified": "2025-08-05T09:30:34Z",
"published": "2025-08-05T09:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2810"
},
{
"type": "WEB",
"url": "https://certvde.com/en/advisories/VDE-2025-028"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-244X-C938-J3QJ
Vulnerability from github – Published: 2025-07-21 18:32 – Updated: 2025-07-22 18:30Use of hardcoded cryptographic key in BlowFish.cpp in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords used in database connections from hMailServer.ini config file.
{
"affected": [],
"aliases": [
"CVE-2025-52373"
],
"database_specific": {
"cwe_ids": [
"CWE-321"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-21T16:15:29Z",
"severity": "MODERATE"
},
"details": "Use of hardcoded cryptographic key in BlowFish.cpp in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords used in database connections from hMailServer.ini config file.",
"id": "GHSA-244x-c938-j3qj",
"modified": "2025-07-22T18:30:41Z",
"published": "2025-07-21T18:32:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52373"
},
{
"type": "WEB",
"url": "https://github.com/hmailserver/hmailserver"
},
{
"type": "WEB",
"url": "https://github.com/mojibake-dev/hMailEnum"
},
{
"type": "WEB",
"url": "https://github.com/mojibake-dev/mojibake-CVE/blob/main/hMailServer/CVE-2025-52373.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-24WM-CQX7-GV2J
Vulnerability from github – Published: 2022-11-04 19:01 – Updated: 2022-11-08 19:00A vulnerability in the web-based management interface of Cisco Email Security Appliance, Cisco Secure Email and Web Manager and Cisco Secure Web Appliance could allow an authenticated, remote attacker to elevate privileges on an affected system. The attacker needs valid credentials to exploit this vulnerability. This vulnerability is due to the use of a hardcoded value to encrypt a token used for certain APIs calls . An attacker could exploit this vulnerability by authenticating to the device and sending a crafted HTTP request. A successful exploit could allow the attacker to impersonate another valid user and execute commands with the privileges of that user account.
{
"affected": [],
"aliases": [
"CVE-2022-20868"
],
"database_specific": {
"cwe_ids": [
"CWE-321",
"CWE-798"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-04T18:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability in the web-based management interface of Cisco Email Security Appliance, Cisco Secure Email and Web Manager and Cisco Secure Web Appliance could allow an authenticated, remote attacker to elevate privileges on an affected system. The attacker needs valid credentials to exploit this vulnerability. This vulnerability is due to the use of a hardcoded value to encrypt a token used for certain APIs calls . An attacker could exploit this vulnerability by authenticating to the device and sending a crafted HTTP request. A successful exploit could allow the attacker to impersonate another valid user and execute commands with the privileges of that user account.",
"id": "GHSA-24wm-cqx7-gv2j",
"modified": "2022-11-08T19:00:24Z",
"published": "2022-11-04T19:01:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20868"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esasmawsa-vulns-YRuSW5mD"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esasmawsa-vulns-YRuSW5mD"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-27QJ-3J3M-FJ5V
Vulnerability from github – Published: 2026-06-12 18:31 – Updated: 2026-06-12 18:31Aqara Home Android (com.lumiunited.aqarahome) 6.0.0 (and white-label clients embedding the same liblumidevsdk.so) uses hard-coded cryptographic keys, which is an instance of "CWE-321: Use of Hard-coded Cryptographic Key" and has an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N (9.1 Critical).
{
"affected": [],
"aliases": [
"CVE-2026-50091"
],
"database_specific": {
"cwe_ids": [
"CWE-321",
"CWE-798"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-12T16:16:32Z",
"severity": "CRITICAL"
},
"details": "Aqara Home Android (com.lumiunited.aqarahome) 6.0.0 (and white-label clients embedding the same liblumidevsdk.so) uses hard-coded cryptographic keys, which is an instance of \"CWE-321: Use of Hard-coded Cryptographic Key\" and has an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N (9.1 Critical).",
"id": "GHSA-27qj-3j3m-fj5v",
"modified": "2026-06-12T18:31:59Z",
"published": "2026-06-12T18:31:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-50091"
},
{
"type": "WEB",
"url": "https://github.com/xn0tsa/theres-no-place-like-home"
},
{
"type": "WEB",
"url": "https://www.runzero.com/advisories/aqara-hardcoded-sdk-keys-cve-2026-50091"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Prevention schemes mirror that of hard-coded password storage.
No CAPEC attack patterns related to this CWE.