CWE-312
Cleartext Storage of Sensitive Information
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
CVE-2025-34270 (GCVE-0-2025-34270)
Vulnerability from cvelistv5 – Published: 2025-10-30 21:22 – Updated: 2025-11-17 21:36
VLAI
Title
Nagios Log Server < 2024R2.0.2 AD/LDAP Import Password Not Obfuscated
Summary
Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability in the AD/LDAP user import functionality as it fails to obfuscate the password field during import. As a result, the plaintext password supplied for imported accounts may be exposed in the user interface, logs, or other diagnostic output. This can leak sensitive credentials to administrators or anyone with access to import results.
Severity
CWE
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.nagios.com/products/security/#log-ser… | vendor-advisorypatch |
| https://www.nagios.com/changelog/#log-server | release-notespatch |
| https://support.nagios.com/kb/article/authenticat… | product |
| https://www.vulncheck.com/advisories/nagios-log-s… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Nagios | Log Server |
Affected:
0 , < 2024R2.0.2
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34270",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-31T15:15:14.131909Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-31T15:15:43.748Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"AD/LDAP user import workflow"
],
"product": "Log Server",
"vendor": "Nagios",
"versions": [
{
"lessThan": "2024R2.0.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nagios:log_server:2024:*:*:*:*:*:*:*",
"versionEndExcluding": "r2.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability in the AD/LDAP user import functionality as it fails to obfuscate the password field during import. As a result, the plaintext password supplied for imported accounts may be exposed in the user interface, logs, or other diagnostic output. This can leak sensitive credentials to administrators or anyone with access to import results."
}
],
"value": "Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability in the AD/LDAP user import functionality as it fails to obfuscate the password field during import. As a result, the plaintext password supplied for imported accounts may be exposed in the user interface, logs, or other diagnostic output. This can leak sensitive credentials to administrators or anyone with access to import results."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-17T21:36:24.190Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.nagios.com/products/security/#log-server-2024R2"
},
{
"tags": [
"release-notes",
"patch"
],
"url": "https://www.nagios.com/changelog/#log-server"
},
{
"tags": [
"product"
],
"url": "https://support.nagios.com/kb/article/authenticating-and-importing-users-with-ad-and-ldap-995.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/nagios-log-server-ad-ldap-import-password-not-obfuscated"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNagios addresses this vulnerability as \"There was an issue in Nagios Log Server where the password field was not properly obfuscated when importing AD/LDAP users\" and \"Fixed issue where the password field was not properly obfuscated when importing AD/LDAP users.\"\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Nagios addresses this vulnerability as \"There was an issue in Nagios Log Server where the password field was not properly obfuscated when importing AD/LDAP users\" and \"Fixed issue where the password field was not properly obfuscated when importing AD/LDAP users.\""
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Nagios Log Server \u003c 2024R2.0.2 AD/LDAP Import Password Not Obfuscated",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34270",
"datePublished": "2025-10-30T21:22:28.949Z",
"dateReserved": "2025-04-15T19:15:22.579Z",
"dateUpdated": "2025-11-17T21:36:24.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-3442 (GCVE-0-2025-3442)
Vulnerability from cvelistv5 – Published: 2025-04-09 07:02 – Updated: 2025-04-11 05:33
VLAI
Title
Information Disclosure Vulnerability in TP-Link Tapo IoT Smart Hub
Summary
This vulnerability exists in TP-Link Tapo H200 V1 IoT Smart Hub due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the Wi-Fi credentials stored on the vulnerable device.
Severity
CWE
- CWE-312 - Cleartext Storage of Sensitive Information
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.cert-in.org.in/s2cMainServlet?pageid=… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TP-Link | Tapo H200 V1 IoT Smart Hub |
Affected:
<=1.4.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3442",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T18:37:51.591920Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T18:38:04.030Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Tapo H200 V1 IoT Smart Hub",
"vendor": "TP-Link",
"versions": [
{
"status": "affected",
"version": "\u003c=1.4.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "This vulnerability is reported by Shravan Singh, Ganesh Bakare, and Abhinav Giridhar from Mumbai, India."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This vulnerability exists in TP-Link Tapo\u0026nbsp;H200 V1 IoT Smart Hub due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the Wi-Fi credentials stored on the vulnerable device.\u003cbr\u003e"
}
],
"value": "This vulnerability exists in TP-Link Tapo\u00a0H200 V1 IoT Smart Hub due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the Wi-Fi credentials stored on the vulnerable device."
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "PHYSICAL",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312: Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-11T05:33:25.874Z",
"orgId": "66834db9-ab24-42b4-be80-296b2e40335c",
"shortName": "CERT-In"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2025-0072"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade TP-Link Tapo H200 V1 IoT Smart Hub to firmware version 1.5.0 or higher\u003cbr\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://download.tplinkcloud.com/firmware/H200-up-ver1-5-0-P1[20250221-rel59821]-signed_1740997558340.bin\"\u003ehttp://download.tplinkcloud.com/firmware/H200-up-ver1-5-0-P1[20250221-rel59821]-signed_1740997558340...\u003c/a\u003e \u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Upgrade TP-Link Tapo H200 V1 IoT Smart Hub to firmware version 1.5.0 or higher\n http://download.tplinkcloud.com/firmware/H200-up-ver1-5-0-P1[20250221-rel59821]-signed_1740997558340... http://download.tplinkcloud.com/firmware/H200-up-ver1-5-0-P1[20250221-rel59821]-signed_1740997558340.bin"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Information Disclosure Vulnerability in TP-Link Tapo IoT Smart Hub",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "66834db9-ab24-42b4-be80-296b2e40335c",
"assignerShortName": "CERT-In",
"cveId": "CVE-2025-3442",
"datePublished": "2025-04-09T07:02:54.195Z",
"dateReserved": "2025-04-08T04:36:57.952Z",
"dateUpdated": "2025-04-11T05:33:25.874Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-34427 (GCVE-0-2025-34427)
Vulnerability from cvelistv5 – Published: 2025-12-10 18:24 – Updated: 2026-05-14 02:08
VLAI
Title
MailEnable < 10.54 Cleartext Credential Storage in AUTH.TAB
Summary
MailEnable versions prior to 10.54 contain a cleartext storage of credentials vulnerability that can lead to local credential compromise and account takeover. The product stores user and administrative passwords in plaintext within AUTH.TAB with overly permissive filesystem access. A local authenticated user with read access to this file can recover all user passwords and super-admin credentials, then use them to authenticate to MailEnable services such as POP3, SMTP, or the webmail interface, enabling unauthorized mailbox access and administrative control.
Severity
CWE
- CWE-312 - Cleartext Storage of Sensitive Information
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://mailenable.com/Standard-ReleaseNotes.txt | release-notespatch |
| https://www.mailenable.com/ | product |
| https://www.vulncheck.com/advisories/mailenable-c… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| MailEnable | MailEnable |
Affected:
0 , < 10.54
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34427",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-10T18:55:36.415011Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-10T18:55:49.300Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MailEnable",
"vendor": "MailEnable",
"versions": [
{
"lessThan": "10.54",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mailenable:mailenable:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.54",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "MushroomSecTeam (Spotify, AmirSUN, M30Brad, Hannah Green, av01t3x, PG)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "MailEnable versions prior to 10.54 contain a cleartext storage of credentials vulnerability that can lead to local credential compromise and account takeover. The product stores user and administrative passwords in plaintext within AUTH.TAB with overly permissive filesystem access. A local authenticated user with read access to this file can recover all user passwords and super-admin credentials, then use them to authenticate to MailEnable services such as POP3, SMTP, or the webmail interface, enabling unauthorized mailbox access and administrative control."
}
],
"value": "MailEnable versions prior to 10.54 contain a cleartext storage of credentials vulnerability that can lead to local credential compromise and account takeover. The product stores user and administrative passwords in plaintext within AUTH.TAB with overly permissive filesystem access. A local authenticated user with read access to this file can recover all user passwords and super-admin credentials, then use them to authenticate to MailEnable services such as POP3, SMTP, or the webmail interface, enabling unauthorized mailbox access and administrative control."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T02:08:38.576Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"release-notes",
"patch"
],
"url": "https://mailenable.com/Standard-ReleaseNotes.txt"
},
{
"tags": [
"product"
],
"url": "https://www.mailenable.com/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/mailenable-cleartext-credential-storage-in-auth-tab"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "MailEnable \u003c 10.54 Cleartext Credential Storage in AUTH.TAB",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34427",
"datePublished": "2025-12-10T18:24:13.947Z",
"dateReserved": "2025-04-15T19:15:22.600Z",
"dateUpdated": "2026-05-14T02:08:38.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-34428 (GCVE-0-2025-34428)
Vulnerability from cvelistv5 – Published: 2025-12-10 18:23 – Updated: 2026-05-14 02:08
VLAI
Title
MailEnable < 10.54 Cleartext Credential Storage in AUTH.SAV
Summary
MailEnable versions prior to 10.54 contain a cleartext storage of credentials vulnerability that can lead to local credential compromise and account takeover. The product stores user and administrative passwords in plaintext within AUTH.SAV with overly permissive filesystem access. A local authenticated user with read access to this file can recover all user passwords and super-admin credentials, then use them to authenticate to MailEnable services such as POP3, SMTP, or the webmail interface, enabling unauthorized mailbox access and administrative control.
Severity
CWE
- CWE-312 - Cleartext Storage of Sensitive Information
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://mailenable.com/Standard-ReleaseNotes.txt | release-notespatch |
| https://www.mailenable.com/ | product |
| https://www.vulncheck.com/advisories/mailenable-c… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| MailEnable | MailEnable |
Affected:
0 , < 10.54
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34428",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-10T18:55:04.032517Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-10T18:55:14.144Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MailEnable",
"vendor": "MailEnable",
"versions": [
{
"lessThan": "10.54",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mailenable:mailenable:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.54",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "MushroomSecTeam (Spotify, AmirSUN, M30Brad, Hannah Green, av01t3x, PG)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "MailEnable versions prior to 10.54 contain a cleartext storage of credentials vulnerability that can lead to local credential compromise and account takeover. The product stores user and administrative passwords in plaintext within AUTH.SAV with overly permissive filesystem access. A local authenticated user with read access to this file can recover all user passwords and super-admin credentials, then use them to authenticate to MailEnable services such as POP3, SMTP, or the webmail interface, enabling unauthorized mailbox access and administrative control."
}
],
"value": "MailEnable versions prior to 10.54 contain a cleartext storage of credentials vulnerability that can lead to local credential compromise and account takeover. The product stores user and administrative passwords in plaintext within AUTH.SAV with overly permissive filesystem access. A local authenticated user with read access to this file can recover all user passwords and super-admin credentials, then use them to authenticate to MailEnable services such as POP3, SMTP, or the webmail interface, enabling unauthorized mailbox access and administrative control."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T02:08:39.473Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"release-notes",
"patch"
],
"url": "https://mailenable.com/Standard-ReleaseNotes.txt"
},
{
"tags": [
"product"
],
"url": "https://www.mailenable.com/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/mailenable-cleartext-credential-storage-in-auth-sav"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "MailEnable \u003c 10.54 Cleartext Credential Storage in AUTH.SAV",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34428",
"datePublished": "2025-12-10T18:23:56.116Z",
"dateReserved": "2025-04-15T19:15:22.601Z",
"dateUpdated": "2026-05-14T02:08:39.473Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-3784 (GCVE-0-2025-3784)
Vulnerability from cvelistv5 – Published: 2025-11-27 04:28 – Updated: 2025-12-08 05:14
VLAI
Title
Information Disclosure Vulnerability in GX Works2
Summary
Cleartext Storage of Sensitive Information Vulnerability in GX Works2 all versions allows an attacker to disclose credential information stored in plaintext from project files. As a result, the attacker may be able to open project files protected by user authentication using disclosed credential information, and obtain or modify project information.
Severity
5.5 (Medium)
CWE
- CWE-312 - Cleartext Storage of Sensitive Information
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.mitsubishielectric.com/psirt/vulnerab… | vendor-advisory |
| https://jvn.jp/vu/JVNVU95288056/ | government-resource |
| https://www.cisa.gov/news-events/ics-advisories/i… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Mitsubishi Electric Corporation | GX Works2 |
Affected:
All versions
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3784",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-28T14:39:33.477482Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-28T19:33:31.195Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GX Works2",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jiho Shin (M.S. graduate, Sungkyunkwan University)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cleartext Storage of Sensitive Information Vulnerability in GX Works2 all versions allows an attacker to disclose credential information stored in plaintext from project files. As a result, the attacker may be able to open project files protected by user authentication using disclosed credential information, and obtain or modify project information."
}
],
"value": "Cleartext Storage of Sensitive Information Vulnerability in GX Works2 all versions allows an attacker to disclose credential information stored in plaintext from project files. As a result, the attacker may be able to open project files protected by user authentication using disclosed credential information, and obtain or modify project information."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Information disclosure"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-08T05:14:34.487Z",
"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"shortName": "Mitsubishi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-016_en.pdf"
},
{
"tags": [
"government-resource"
],
"url": "https://jvn.jp/vu/JVNVU95288056/"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-338-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Information Disclosure Vulnerability in GX Works2",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"assignerShortName": "Mitsubishi",
"cveId": "CVE-2025-3784",
"datePublished": "2025-11-27T04:28:17.249Z",
"dateReserved": "2025-04-18T02:21:50.076Z",
"dateUpdated": "2025-12-08T05:14:34.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-4053 (GCVE-0-2025-4053)
Vulnerability from cvelistv5 – Published: 2025-05-26 10:03 – Updated: 2025-05-27 14:23
VLAI
Title
Unauthorized creation of master key in Mifare Classic Be-Tech cards
Summary
The data stored in Be-Tech Mifare Classic card is stored in cleartext. An attacker having access to a Be-Tech hotel guest Mifare Classic card can create a master key card that unlocks all the locks in the building.
This issue affects all Be-Tech Mifare Classic card systems. To fix the vulnerability, it is necessary to replace the software, encoder, cards, and PCBs in the locks.
Severity
CWE
- CWE-312 - Cleartext Storage of Sensitive Information
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cert.pl/en/posts/2025/05/CVE-2025-4053/ | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Be-Tech | Mifare Classic cards |
Affected:
0 , ≤ *
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4053",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-27T14:23:45.443332Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-27T14:23:50.767Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mifare Classic cards",
"vendor": "Be-Tech",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "S\u0142awomir Jasek, smartlockpicking.com"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The data\u0026nbsp;stored in\u0026nbsp;Be-Tech Mifare Classic card\u0026nbsp;is stored in cleartext.\u0026nbsp;An attacker having access to a Be-Tech hotel guest\u0026nbsp;Mifare Classic card can create a master key card that unlocks all the locks in the building. \u003cbr\u003e\u003cbr\u003eThis issue affects all\u0026nbsp;Be-Tech Mifare Classic card systems.\u0026nbsp;To fix the vulnerability, it is necessary to replace the software, encoder, cards, and PCBs in the locks.\u003cbr\u003e"
}
],
"value": "The data\u00a0stored in\u00a0Be-Tech Mifare Classic card\u00a0is stored in cleartext.\u00a0An attacker having access to a Be-Tech hotel guest\u00a0Mifare Classic card can create a master key card that unlocks all the locks in the building. \n\nThis issue affects all\u00a0Be-Tech Mifare Classic card systems.\u00a0To fix the vulnerability, it is necessary to replace the software, encoder, cards, and PCBs in the locks."
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "PHYSICAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-26T10:11:19.784Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/en/posts/2025/05/CVE-2025-4053/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthorized creation of master key in Mifare Classic Be-Tech cards",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2025-4053",
"datePublished": "2025-05-26T10:03:35.047Z",
"dateReserved": "2025-04-28T21:08:42.323Z",
"dateUpdated": "2025-05-27T14:23:50.767Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-40752 (GCVE-0-2025-40752)
Vulnerability from cvelistv5 – Published: 2025-08-12 11:17 – Updated: 2025-08-13 20:18
VLAI
Summary
A vulnerability has been identified in POWER METER SICAM Q100 (7KG9501-0AA01-0AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA01-2AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA31-0AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA31-2AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q200 family (All versions >= V2.70 < V2.80). Affected devices store the password for the SMTP account as plain text. This could allow an authenticated local attacker to extract it and use the configured SMTP service for arbitrary purposes.
Severity
6.2 (Medium)
CWE
- CWE-312 - Cleartext Storage of Sensitive Information
Assigner
References
1 reference
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | POWER METER SICAM Q100 |
Affected:
V2.60 , < V2.62
(custom)
|
|
| Siemens | POWER METER SICAM Q100 |
Affected:
V2.60 , < V2.62
(custom)
|
|
| Siemens | POWER METER SICAM Q100 |
Affected:
V2.60 , < V2.62
(custom)
|
|
| Siemens | POWER METER SICAM Q100 |
Affected:
V2.60 , < V2.62
(custom)
|
|
| Siemens | POWER METER SICAM Q200 family |
Affected:
V2.70 , < V2.80
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-40752",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T13:30:23.184849Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-13T20:18:28.424Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "POWER METER SICAM Q100",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.62",
"status": "affected",
"version": "V2.60",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "POWER METER SICAM Q100",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.62",
"status": "affected",
"version": "V2.60",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "POWER METER SICAM Q100",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.62",
"status": "affected",
"version": "V2.60",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "POWER METER SICAM Q100",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.62",
"status": "affected",
"version": "V2.60",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "POWER METER SICAM Q200 family",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.80",
"status": "affected",
"version": "V2.70",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in POWER METER SICAM Q100 (7KG9501-0AA01-0AA1) (All versions \u003e= V2.60 \u003c V2.62), POWER METER SICAM Q100 (7KG9501-0AA01-2AA1) (All versions \u003e= V2.60 \u003c V2.62), POWER METER SICAM Q100 (7KG9501-0AA31-0AA1) (All versions \u003e= V2.60 \u003c V2.62), POWER METER SICAM Q100 (7KG9501-0AA31-2AA1) (All versions \u003e= V2.60 \u003c V2.62), POWER METER SICAM Q200 family (All versions \u003e= V2.70 \u003c V2.80). Affected devices store the password for the SMTP account as plain text. This could allow an authenticated local attacker to extract it and use the configured SMTP service for arbitrary purposes."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312: Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T11:17:07.776Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-529291.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2025-40752",
"datePublished": "2025-08-12T11:17:07.776Z",
"dateReserved": "2025-04-16T08:39:30.031Z",
"dateUpdated": "2025-08-13T20:18:28.424Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-40753 (GCVE-0-2025-40753)
Vulnerability from cvelistv5 – Published: 2025-08-12 11:17 – Updated: 2025-08-13 20:18
VLAI
Summary
A vulnerability has been identified in POWER METER SICAM Q100 (7KG9501-0AA01-0AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA01-2AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA31-0AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA31-2AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q200 family (All versions >= V2.70 < V2.80). Affected devices export the password for the SMTP account as plain text in the Configuration File. This could allow an authenticated local attacker to extract it and use the configured SMTP service for arbitrary purposes.
Severity
6.2 (Medium)
CWE
- CWE-312 - Cleartext Storage of Sensitive Information
Assigner
References
1 reference
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | POWER METER SICAM Q100 |
Affected:
V2.60 , < V2.62
(custom)
|
|
| Siemens | POWER METER SICAM Q100 |
Affected:
V2.60 , < V2.62
(custom)
|
|
| Siemens | POWER METER SICAM Q100 |
Affected:
V2.60 , < V2.62
(custom)
|
|
| Siemens | POWER METER SICAM Q100 |
Affected:
V2.60 , < V2.62
(custom)
|
|
| Siemens | POWER METER SICAM Q200 family |
Affected:
V2.70 , < V2.80
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-40753",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T13:30:20.774490Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-13T20:18:21.296Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "POWER METER SICAM Q100",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.62",
"status": "affected",
"version": "V2.60",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "POWER METER SICAM Q100",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.62",
"status": "affected",
"version": "V2.60",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "POWER METER SICAM Q100",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.62",
"status": "affected",
"version": "V2.60",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "POWER METER SICAM Q100",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.62",
"status": "affected",
"version": "V2.60",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "POWER METER SICAM Q200 family",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.80",
"status": "affected",
"version": "V2.70",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in POWER METER SICAM Q100 (7KG9501-0AA01-0AA1) (All versions \u003e= V2.60 \u003c V2.62), POWER METER SICAM Q100 (7KG9501-0AA01-2AA1) (All versions \u003e= V2.60 \u003c V2.62), POWER METER SICAM Q100 (7KG9501-0AA31-0AA1) (All versions \u003e= V2.60 \u003c V2.62), POWER METER SICAM Q100 (7KG9501-0AA31-2AA1) (All versions \u003e= V2.60 \u003c V2.62), POWER METER SICAM Q200 family (All versions \u003e= V2.70 \u003c V2.80). Affected devices export the password for the SMTP account as plain text in the Configuration File. This could allow an authenticated local attacker to extract it and use the configured SMTP service for arbitrary purposes."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312: Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T11:17:09.077Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-529291.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2025-40753",
"datePublished": "2025-08-12T11:17:09.077Z",
"dateReserved": "2025-04-16T08:39:30.031Z",
"dateUpdated": "2025-08-13T20:18:21.296Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41458 (GCVE-0-2025-41458)
Vulnerability from cvelistv5 – Published: 2025-07-21 11:01 – Updated: 2025-07-21 12:28
VLAI
Title
Insecure data storage vulnerability in Two App Studio Journey v5.5.9 for iOS
Summary
Unencrypted storage in the database in Two App Studio Journey v5.5.9 for iOS allows local attackers to extract sensitive data via direct access to the app’s filesystem.
Severity
5.5 (Medium)
CWE
- CWE-312 - Cleartext Storage of Sensitive Information
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.cirosec.de/sa/sa-2025-005 | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Two App Studio | Journey |
Affected:
0 , ≤ 5.5.9
(semver)
|
Date Public
2020-07-10 10:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41458",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-21T12:28:16.325042Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-21T12:28:22.467Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"platforms": [
"iOS"
],
"product": "Journey",
"vendor": "Two App Studio",
"versions": [
{
"lessThanOrEqual": "5.5.9",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This vulnerability assumes a jailbroken device.\n\n\u003cbr\u003e"
}
],
"value": "This vulnerability assumes a jailbroken device."
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Hannes Allmann (cirosec GmbH) \u003channes.allmann@cirosec.de\u003e"
}
],
"datePublic": "2020-07-10T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unencrypted storage in the database in Two App Studio Journey v5.5.9 for iOS allows local attackers to extract sensitive data via direct access to the app\u2019s filesystem.\u0026nbsp;"
}
],
"value": "Unencrypted storage in the database in Two App Studio Journey v5.5.9 for iOS allows local attackers to extract sensitive data via direct access to the app\u2019s filesystem."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-21T11:01:13.982Z",
"orgId": "a341c0d1-ebf7-493f-a84e-38cf86618674",
"shortName": "cirosec"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.cirosec.de/sa/sa-2025-005"
}
],
"source": {
"advisory": "SA-2025-005",
"discovery": "USER"
},
"timeline": [
{
"lang": "en",
"time": "2025-03-12T15:07:00.000Z",
"value": "Vendor was contacted and informed about the vulnerability via email."
},
{
"lang": "en",
"time": "2025-03-25T08:05:00.000Z",
"value": "Second attempt was made to contact vendor via email."
},
{
"lang": "en",
"time": "2025-06-25T10:46:00.000Z",
"value": "Third attempt was made to contact vendor via email."
}
],
"title": "Insecure data storage vulnerability in Two App Studio Journey v5.5.9 for iOS",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a341c0d1-ebf7-493f-a84e-38cf86618674",
"assignerShortName": "cirosec",
"cveId": "CVE-2025-41458",
"datePublished": "2025-07-21T11:01:13.982Z",
"dateReserved": "2025-04-16T10:48:40.810Z",
"dateUpdated": "2025-07-21T12:28:22.467Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41647 (GCVE-0-2025-41647)
Vulnerability from cvelistv5 – Published: 2025-06-25 09:40 – Updated: 2025-06-25 12:41
VLAI
Title
Lenze: Plaintext Password Disclosure in PLC Designer V4 Interface
Summary
A local, low-privileged attacker can learn the password of the connected controller in PLC Designer V4 due to an incorrect implementation that results in the password being displayed in plain text under special conditions.
Severity
5.5 (Medium)
CWE
- CWE-312 - Cleartext Storage of Sensitive Information
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Lenze | PLC Designer V4 |
Affected:
0.0.0 , ≤ 4.0.0
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41647",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-25T12:21:31.948286Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T12:41:00.771Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PLC Designer V4",
"vendor": "Lenze",
"versions": [
{
"lessThanOrEqual": "4.0.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A local, low-privileged attacker can learn the password of the connected controller in PLC Designer V4 due to an incorrect implementation that results in the password being displayed in plain text under special conditions.\u003cbr\u003e"
}
],
"value": "A local, low-privileged attacker can learn the password of the connected controller in PLC Designer V4 due to an incorrect implementation that results in the password being displayed in plain text under special conditions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T09:40:37.325Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/en/advisories/VDE-2025-043/"
}
],
"source": {
"advisory": "VDE-2025-043",
"defect": [
"CERT@VDE#641784"
],
"discovery": "UNKNOWN"
},
"title": "Lenze: Plaintext Password Disclosure in PLC Designer V4 Interface",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41647",
"datePublished": "2025-06-25T09:40:37.325Z",
"dateReserved": "2025-04-16T11:17:48.305Z",
"dateUpdated": "2025-06-25T12:41:00.771Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phases: Implementation, System Configuration, Operation
Description:
- When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to encrypt the data at rest. [REF-1297] [REF-1299] [REF-1301]
Mitigation
Phases: Implementation, System Configuration, Operation
Description:
- In some systems/environments such as cloud, the use of "double encryption" (at both the software and hardware layer) might be required, and the developer might be solely responsible for both layers, instead of shared responsibility with the administrator of the broader system/environment.
CAPEC-37: Retrieve Embedded Sensitive Data
An attacker examines a target system to find sensitive data that has been embedded within it. This information can reveal confidential contents, such as account numbers or individual keys/credentials that can be used as an intermediate step in a larger attack.