CWE-319
Cleartext Transmission of Sensitive Information
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
CVE-2019-18248 (GCVE-0-2019-18248)
Vulnerability from cvelistv5 – Published: 2020-06-29 13:58 – Updated: 2024-08-05 01:47
VLAI
Summary
BIOTRONIK CardioMessenger II, The affected products transmit credentials in clear-text prior to switching to an encrypted communication channel. An attacker can disclose the product’s client credentials for connecting to the BIOTRONIK Remote Communication infrastructure.
Severity
No CVSS data available.
CWE
- CWE-319 - CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.us-cert.gov/ics/advisories/icsma-20-170-05 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | BIOTRONIK CardioMessenger II-S T-Line, CardioMessenger II-S GSM |
Affected:
CardioMessenger II-S T-Line T4APP 2.20, CardioMessenger II-S GSM T4APP 2.20
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:47:14.159Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-05"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIOTRONIK CardioMessenger II-S T-Line, CardioMessenger II-S GSM",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "CardioMessenger II-S T-Line T4APP 2.20, CardioMessenger II-S GSM T4APP 2.20"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "BIOTRONIK CardioMessenger II, The affected products transmit credentials in clear-text prior to switching to an encrypted communication channel. An attacker can disclose the product\u2019s client credentials for connecting to the BIOTRONIK Remote Communication infrastructure."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-29T13:58:22.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-05"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2019-18248",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIOTRONIK CardioMessenger II-S T-Line, CardioMessenger II-S GSM",
"version": {
"version_data": [
{
"version_value": "CardioMessenger II-S T-Line T4APP 2.20, CardioMessenger II-S GSM T4APP 2.20"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BIOTRONIK CardioMessenger II, The affected products transmit credentials in clear-text prior to switching to an encrypted communication channel. An attacker can disclose the product\u2019s client credentials for connecting to the BIOTRONIK Remote Communication infrastructure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsma-20-170-05",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-05"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-18248",
"datePublished": "2020-06-29T13:58:22.000Z",
"dateReserved": "2019-10-22T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:47:14.159Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18285 (GCVE-0-2019-18285)
Vulnerability from cvelistv5 – Published: 2019-12-12 19:08 – Updated: 2024-08-05 01:47
VLAI
Summary
A vulnerability has been identified in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). The RMI communication between the client and the Application Server is unencrypted. An attacker with access to the communication channel can read credentials of a valid user. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.
Severity
No CVSS data available.
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_MISC |
| http://packetstormsecurity.com/files/155665/Sieme… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | SPPA-T3000 Application Server |
Affected:
All versions < Service Pack R8.2 SP2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:47:14.213Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/155665/Siemens-Security-Advisory-SPPA-T3000-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SPPA-T3000 Application Server",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c Service Pack R8.2 SP2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions \u003c Service Pack R8.2 SP2). The RMI communication between the client and the Application Server is unencrypted. An attacker with access to the communication channel can read credentials of a valid user. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319: Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-22T17:51:12.000Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/155665/Siemens-Security-Advisory-SPPA-T3000-Code-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2019-18285",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SPPA-T3000 Application Server",
"version": {
"version_data": [
{
"version_value": "All versions \u003c Service Pack R8.2 SP2"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SPPA-T3000 Application Server (All versions \u003c Service Pack R8.2 SP2). The RMI communication between the client and the Application Server is unencrypted. An attacker with access to the communication channel can read credentials of a valid user. Please note that an attacker needs to have access to the Application Highway in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-319: Cleartext Transmission of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf"
},
{
"name": "http://packetstormsecurity.com/files/155665/Siemens-Security-Advisory-SPPA-T3000-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/155665/Siemens-Security-Advisory-SPPA-T3000-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2019-18285",
"datePublished": "2019-12-12T19:08:47.000Z",
"dateReserved": "2019-10-23T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:47:14.213Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-25278 (GCVE-0-2019-25278)
Vulnerability from cvelistv5 – Published: 2026-01-07 23:09 – Updated: 2026-02-18 20:37
VLAI
Title
FaceSentry Access Control System 6.4.8 Authentication Credentials MiTM Disclosure
Summary
FaceSentry Access Control System 6.4.8 contains a cleartext transmission vulnerability that allows remote attackers to intercept authentication credentials. Attackers can perform man-in-the-middle attacks to capture HTTP cookie authentication information during network communication.
Severity
5.9 (Medium)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.zeroscience.mk/en/vulnerabilities/ZSL… | third-party-advisory |
| https://packetstormsecurity.com/files/153498 | exploit |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| iWT Ltd. | FaceSentry Access Control System |
Affected:
6.4.8 build 264
Affected: 5.7.2 build 568 Affected: 5.7.0 build 539 |
Date Public
2019-06-30 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-25278",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-18T20:37:08.559359Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-18T20:37:19.697Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FaceSentry Access Control System",
"vendor": "iWT Ltd.",
"versions": [
{
"status": "affected",
"version": "6.4.8 build 264"
},
{
"status": "affected",
"version": "5.7.2 build 568"
},
{
"status": "affected",
"version": "5.7.0 build 539"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
}
],
"datePublic": "2019-06-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "FaceSentry Access Control System 6.4.8 contains a cleartext transmission vulnerability that allows remote attackers to intercept authentication credentials. Attackers can perform man-in-the-middle attacks to capture HTTP cookie authentication information during network communication."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-16T18:59:58.609Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "Zero Science Lab Vulnerability Advisory",
"tags": [
"third-party-advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5528.php"
},
{
"name": "Packet Storm Security Exploit Entry",
"tags": [
"exploit"
],
"url": "https://packetstormsecurity.com/files/153498"
},
{
"name": "IBM X-Force Vulnerability Exchange Entry",
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163192"
}
],
"title": "FaceSentry Access Control System 6.4.8 Authentication Credentials MiTM Disclosure",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2019-25278",
"datePublished": "2026-01-07T23:09:59.751Z",
"dateReserved": "2026-01-06T16:07:08.526Z",
"dateUpdated": "2026-02-18T20:37:19.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-5635 (GCVE-0-2019-5635)
Vulnerability from cvelistv5 – Published: 2019-08-22 13:51 – Updated: 2024-09-16 20:07
VLAI
Title
Hickory Smart Lock Cleartext Password
Summary
A cleartext transmission of sensitive information vulnerability is present in Hickory Smart Ethernet Bridge from Belwith Products, LLC. Captured data reveals that the Hickory Smart Ethernet Bridge device communicates over the network to an MQTT broker without using encryption. This exposed the default username and password used to authenticate to the MQTT broker. This issue affects Hickory Smart Ethernet Bridge, model number H077646. The firmware does not appear to contain versioning information.
Severity
6.5 (Medium)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://blog.rapid7.com/2019/08/01/r7-2019-18-mul… | x_refsource_MISC |
| https://hickoryhardware.com/products/hickory-smar… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Belwith Products, LLC | Hickory Smart Ethernet Bridge |
Affected:
unspecified , ≤ H077646
(custom)
|
Date Public
2019-08-01 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:52.146Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.rapid7.com/2019/08/01/r7-2019-18-multiple-hickory-smart-lock-vulnerabilities/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hickoryhardware.com/products/hickory-smart-ethernet-bridge?variant=20882150228086"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Hickory Smart Ethernet Bridge",
"vendor": "Belwith Products, LLC",
"versions": [
{
"lessThanOrEqual": "H077646",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered and reported by Deral Heiland of Rapid7. It has been disclosed in accordance with Rapid7\u0027s vulnerability disclosure policy (https://www.rapid7.com/disclosure/)."
}
],
"datePublic": "2019-08-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A cleartext transmission of sensitive information vulnerability is present in Hickory Smart Ethernet Bridge from Belwith Products, LLC. Captured data reveals that the Hickory Smart Ethernet Bridge device communicates over the network to an MQTT broker without using encryption. This exposed the default username and password used to authenticate to the MQTT broker. This issue affects Hickory Smart Ethernet Bridge, model number H077646. The firmware does not appear to contain versioning information."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319: Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-22T13:51:37.000Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.rapid7.com/2019/08/01/r7-2019-18-multiple-hickory-smart-lock-vulnerabilities/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hickoryhardware.com/products/hickory-smart-ethernet-bridge?variant=20882150228086"
}
],
"source": {
"advisory": "R7-2019-18.6",
"discovery": "INTERNAL"
},
"title": "Hickory Smart Lock Cleartext Password",
"x_generator": {
"engine": "Vulnogram 0.0.7"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2019-08-01T13:05:00.000Z",
"ID": "CVE-2019-5635",
"STATE": "PUBLIC",
"TITLE": "Hickory Smart Lock Cleartext Password"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hickory Smart Ethernet Bridge",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "H077646"
}
]
}
}
]
},
"vendor_name": "Belwith Products, LLC"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered and reported by Deral Heiland of Rapid7. It has been disclosed in accordance with Rapid7\u0027s vulnerability disclosure policy (https://www.rapid7.com/disclosure/)."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cleartext transmission of sensitive information vulnerability is present in Hickory Smart Ethernet Bridge from Belwith Products, LLC. Captured data reveals that the Hickory Smart Ethernet Bridge device communicates over the network to an MQTT broker without using encryption. This exposed the default username and password used to authenticate to the MQTT broker. This issue affects Hickory Smart Ethernet Bridge, model number H077646. The firmware does not appear to contain versioning information."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.7"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-319: Cleartext Transmission of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.rapid7.com/2019/08/01/r7-2019-18-multiple-hickory-smart-lock-vulnerabilities/",
"refsource": "MISC",
"url": "https://blog.rapid7.com/2019/08/01/r7-2019-18-multiple-hickory-smart-lock-vulnerabilities/"
},
{
"name": "https://hickoryhardware.com/products/hickory-smart-ethernet-bridge?variant=20882150228086",
"refsource": "MISC",
"url": "https://hickoryhardware.com/products/hickory-smart-ethernet-bridge?variant=20882150228086"
}
]
},
"source": {
"advisory": "R7-2019-18.6",
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2019-5635",
"datePublished": "2019-08-22T13:51:37.081Z",
"dateReserved": "2019-01-07T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:07:32.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6540 (GCVE-0-2019-6540)
Vulnerability from cvelistv5 – Published: 2019-03-26 17:47 – Updated: 2025-05-22 19:23
VLAI
Title
Medtronic Conexus Radio Frequency Telemetry Protocol Cleartext Transmission of Sensitive Information
Summary
The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro ICD, Nayamed ND ICD, Primo ICD, Protecta ICD and CRT-D, Secura ICD, Virtuoso ICD, Virtuoso II ICD, Visia AF ICD, and Viva CRT-D does not implement encryption. An attacker with adjacent short-range access to a target product can listen to communications, including the transmission of sensitive data.
Severity
6.5 (Medium)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSMA-19-080-01 | x_refsource_MISC |
| http://www.securityfocus.com/bid/107544 | vdb-entryx_refsource_BID |
Impacted products
24 products
| Vendor | Product | Version | |
|---|---|---|---|
| Medtronic | Conexus Radio Frequency Telemetry Protocol |
Affected:
All versions
|
|
| Medtronic | MyCareLink Monitor |
Affected:
24950
Affected: 24952 |
|
| Medtronic | CareLink Monitor |
Affected:
2490C
|
|
| Medtronic | CareLink 2090 Programmer |
Affected:
All versions
|
|
| Medtronic | Amplia CRT-D |
Affected:
All versions
|
|
| Medtronic | Claria CRT-D |
Affected:
All versions
|
|
| Medtronic | Compia CRT-D |
Affected:
All versions
|
|
| Medtronic | Concerto CRT-D |
Affected:
All versions
|
|
| Medtronic | Concerto II CRT-D |
Affected:
All versions
|
|
| Medtronic | Consulta CRT-D |
Affected:
All versions
|
|
| Medtronic | Evera ICD |
Affected:
All versions
|
|
| Medtronic | Maximo II CRT-D |
Affected:
All versions
|
|
| Medtronic | Maximo II ICD |
Affected:
All versions
|
|
| Medtronic | Mirro ICD |
Affected:
All versions
|
|
| Medtronic | Nayamed ND ICD |
Affected:
All versions
|
|
| Medtronic | Primo ICD |
Affected:
All versions
|
|
| Medtronic | Protecta ICD, Protecta CRT-D |
Affected:
All versions
|
|
| Medtronic | Secura ICD |
Affected:
All versions
|
|
| Medtronic | Virtuoso ICD |
Affected:
All versions
|
|
| Medtronic | Virtuoso II ICD |
Affected:
All versions
|
|
| Medtronic | Visia AF ICD |
Affected:
All versions
|
|
| Medtronic | Viva CRT-D |
Affected:
All versions
|
|
| Medtronic | Brava CRT-D |
Affected:
All versions
|
|
| Medtronic | Mirro MRI ICD |
Affected:
All versions
|
Date Public
2019-03-21 06:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:23:21.563Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-080-01"
},
{
"name": "107544",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107544"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Conexus Radio Frequency Telemetry Protocol",
"vendor": "Medtronic",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MyCareLink Monitor",
"vendor": "Medtronic",
"versions": [
{
"status": "affected",
"version": "24950"
},
{
"status": "affected",
"version": "24952"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CareLink Monitor",
"vendor": "Medtronic",
"versions": [
{
"status": "affected",
"version": "2490C"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CareLink 2090 Programmer",
"vendor": "Medtronic",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Amplia CRT-D",
"vendor": "Medtronic",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Claria CRT-D",
"vendor": "Medtronic",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Compia CRT-D",
"vendor": "Medtronic",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Concerto CRT-D",
"vendor": "Medtronic",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Concerto II CRT-D",
"vendor": "Medtronic",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Consulta CRT-D",
"vendor": "Medtronic",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Evera ICD",
"vendor": "Medtronic",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Maximo II CRT-D",
"vendor": "Medtronic",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Maximo II ICD",
"vendor": "Medtronic",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Mirro ICD",
"vendor": "Medtronic",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Nayamed ND ICD",
"vendor": "Medtronic",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Primo ICD",
"vendor": "Medtronic",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Protecta ICD, Protecta CRT-D",
"vendor": "Medtronic",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Secura ICD",
"vendor": "Medtronic",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Virtuoso ICD",
"vendor": "Medtronic",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Virtuoso II ICD",
"vendor": "Medtronic",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Visia AF ICD",
"vendor": "Medtronic",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Viva CRT-D",
"vendor": "Medtronic",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Brava CRT-D",
"vendor": "Medtronic",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Mirro MRI ICD",
"vendor": "Medtronic",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Peter Morgan of Clever Security; Dave Singel\u00e9e and Bart Preneel of KU Leuven; Eduard Marin formerly of KU Leuven, currently with University of Birmingham; Flavio D. Garcia; Tom Chothia of the University of Birmingham; and Rik Willems of University Hospital Gasthuisberg Leuven reported these vulnerabilities to CISA."
}
],
"datePublic": "2019-03-21T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro ICD, Nayamed ND ICD, Primo ICD, Protecta ICD and CRT-D, Secura ICD, Virtuoso ICD, Virtuoso II ICD, Visia AF ICD, and Viva CRT-D does not implement encryption. An attacker with adjacent short-range access to a target product can listen to communications, including the transmission of sensitive data.\u003c/p\u003e"
}
],
"value": "The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro ICD, Nayamed ND ICD, Primo ICD, Protecta ICD and CRT-D, Secura ICD, Virtuoso ICD, Virtuoso II ICD, Visia AF ICD, and Viva CRT-D does not implement encryption. An attacker with adjacent short-range access to a target product can listen to communications, including the transmission of sensitive data."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T19:23:42.770Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-080-01"
},
{
"name": "107544",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107544"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMedtronic has developed mitigating patches for a subset of the \naffected implanted cardiac device models. These patches are installed \nduring regular office visits. Medtronic has stated that patches for \nadditional impacted models are being developed by Medtronic and will be \ndeployed through future updates. Patches are currently available for the\n following affected models:\u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eProtecta CRT-D and implantable cardioverter defibrillators (ICDs), all models\u003c/li\u003e\u003c/ul\u003e\u003cul\u003e\u003cli\u003eAmplia MRI CRT-D, all models (patch available in U.S. only)\u003c/li\u003e\u003cli\u003eClaria MRI CRT-D, all models (patch available in U.S. only)\u003c/li\u003e\u003cli\u003eCompia MRI CRT-D, all models (patch available in U.S. only)\u003c/li\u003e\u003cli\u003eVisia AF MRI ICD, all models\u003c/li\u003e\u003cli\u003eVisia AF ICD, all models \u003c/li\u003e\u003cli\u003eBrava CRT-D, all models \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\u003c/li\u003e\u003cli\u003eEvera MRI ICD, all models\u003c/li\u003e\u003cli\u003eEvera ICD, all models\u003c/li\u003e\u003cli\u003eMirro MRI ICD, all models\u003c/li\u003e\u003cli\u003ePrimo MRI ICD, all models\u003c/li\u003e\u003cli\u003eViva CRT-D, all models\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "Medtronic has developed mitigating patches for a subset of the \naffected implanted cardiac device models. These patches are installed \nduring regular office visits. Medtronic has stated that patches for \nadditional impacted models are being developed by Medtronic and will be \ndeployed through future updates. Patches are currently available for the\n following affected models:\n\n\n * Protecta CRT-D and implantable cardioverter defibrillators (ICDs), all models\n\n\n * Amplia MRI CRT-D, all models (patch available in U.S. only)\n * Claria MRI CRT-D, all models (patch available in U.S. only)\n * Compia MRI CRT-D, all models (patch available in U.S. only)\n * Visia AF MRI ICD, all models\n * Visia AF ICD, all models \n * Brava CRT-D, all models \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0\n * Evera MRI ICD, all models\n * Evera ICD, all models\n * Mirro MRI ICD, all models\n * Primo MRI ICD, all models\n * Viva CRT-D, all models"
}
],
"source": {
"advisory": "ICSMA-19-080-01",
"discovery": "EXTERNAL"
},
"title": "Medtronic Conexus Radio Frequency Telemetry Protocol Cleartext Transmission of Sensitive Information",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMedtronic has applied additional controls for monitoring and responding to improper use of the Conexus telemetry protocol by the affected implanted cardiac devices. Additional mitigations are being developed and will be deployed through future updates, assuming regulatory approval.\u003c/p\u003e\u003cp\u003eMedtronic recommends that users take additional defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:\u003c/p\u003e\u003cul\u003e\u003cli\u003eMaintain good physical control over home monitors and programmers.\u003c/li\u003e\u003cli\u003eUse only home monitors, programmers, and implantable devices obtained directly from your healthcare provider or a Medtronic representative to ensure integrity of the system.\u003c/li\u003e\u003cli\u003eDo not connect unapproved devices to home monitors and programmers through USB ports or other physical connections.\u003c/li\u003e\u003cli\u003eOnly use programmers to connect and interact with implanted devices in physically controlled hospital and clinical environments.\u003c/li\u003e\u003cli\u003eOnly use home monitors in private environments such as a home, apartment, or otherwise physically controlled environment.\u003c/li\u003e\u003cli\u003eReport any concerning behavior regarding these products to your healthcare provider or a Medtronic representative.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eMedtronic has released additional \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.medtronic.com/security\"\u003epatient focused information\u003c/a\u003e.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Medtronic has applied additional controls for monitoring and responding to improper use of the Conexus telemetry protocol by the affected implanted cardiac devices. Additional mitigations are being developed and will be deployed through future updates, assuming regulatory approval.\n\nMedtronic recommends that users take additional defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:\n\n * Maintain good physical control over home monitors and programmers.\n * Use only home monitors, programmers, and implantable devices obtained directly from your healthcare provider or a Medtronic representative to ensure integrity of the system.\n * Do not connect unapproved devices to home monitors and programmers through USB ports or other physical connections.\n * Only use programmers to connect and interact with implanted devices in physically controlled hospital and clinical environments.\n * Only use home monitors in private environments such as a home, apartment, or otherwise physically controlled environment.\n * Report any concerning behavior regarding these products to your healthcare provider or a Medtronic representative.\n\n\nMedtronic has released additional patient focused information https://www.medtronic.com/security ."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2019-6540",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Conexus Radio Frequency Telemetry Protocol",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "MyCareLink Monitor",
"version": {
"version_data": [
{
"version_value": "24950"
},
{
"version_value": "24952"
}
]
}
},
{
"product_name": "CareLink Monitor",
"version": {
"version_data": [
{
"version_value": "2490C"
}
]
}
},
{
"product_name": "CareLink 2090 Programmer",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "Amplia CRT-D",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "Claria CRT-D",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "Compia CRT-D",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "Concerto CRT-D",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "Concerto II CRT-D",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "Consulta CRT-D",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "Evera ICD",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "Maximo II CRT-D",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "Maximo II ICD",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "Mirro ICD",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "Nayamed ND ICD",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "Primo ICD",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "Protecta ICD, Protecta CRT-D",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "Secura ICD",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "Virtuoso ICD",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "Virtuoso II ICD",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "Visia AF ICD",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
},
{
"product_name": "Viva CRT-D",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Medtronic"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro ICD, Nayamed ND ICD, Primo ICD, Protecta ICD and CRT-D, Secura ICD, Virtuoso ICD, Virtuoso II ICD, Visia AF ICD, and Viva CRT-D does not implement encryption. An attacker with adjacent short-range access to a target product can listen to communications, including the transmission of sensitive data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cleartext transmission of sensitive information CWE-319"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-080-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-080-01"
},
{
"name": "107544",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107544"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-6540",
"datePublished": "2019-03-26T17:47:23.000Z",
"dateReserved": "2019-01-22T00:00:00.000Z",
"dateUpdated": "2025-05-22T19:23:42.770Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6845 (GCVE-0-2019-6845)
Vulnerability from cvelistv5 – Published: 2019-10-29 14:49 – Updated: 2024-08-04 20:31
VLAI
Summary
A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions), which could cause the disclosure of information when transferring applications to the controller using Modbus TCP protocol.
Severity
No CVSS data available.
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.schneider-electric.com/ww/en/download… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions) |
Affected:
Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:31:04.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions), which could cause the disclosure of information when transferring applications to the controller using Modbus TCP protocol."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319: Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-29T14:49:49.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2019-6845",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions)",
"version": {
"version_data": [
{
"version_value": "Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions), which could cause the disclosure of information when transferring applications to the controller using Modbus TCP protocol."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-319: Cleartext Transmission of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-03",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2019-6845",
"datePublished": "2019-10-29T14:49:49.000Z",
"dateReserved": "2019-01-25T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:31:04.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6846 (GCVE-0-2019-6846)
Vulnerability from cvelistv5 – Published: 2019-10-29 14:51 – Updated: 2024-08-04 20:31
VLAI
Summary
A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause information disclosure when using the FTP protocol.
Severity
No CVSS data available.
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.schneider-electric.com/ww/en/download… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions) |
Affected:
Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:31:04.392Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause information disclosure when using the FTP protocol."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319: Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-29T14:51:31.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2019-6846",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions)",
"version": {
"version_data": [
{
"version_value": "Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause information disclosure when using the FTP protocol."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-319: Cleartext Transmission of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2019-6846",
"datePublished": "2019-10-29T14:51:31.000Z",
"dateReserved": "2019-01-25T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:31:04.392Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9532 (GCVE-0-2019-9532)
Vulnerability from cvelistv5 – Published: 2019-10-10 20:09 – Updated: 2024-09-16 19:30
VLAI
Title
The web application portal of the Cobham EXPLORER 710, firmware version 1.07, sends the login password in cleartext
Summary
The web application portal of the Cobham EXPLORER 710, firmware version 1.07, sends the login password in cleartext. This could allow an unauthenticated, local attacker to intercept the password and gain access to the portal.
Severity
No CVSS data available.
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kb.cert.org/vuls/id/719689/ | third-party-advisoryx_refsource_CERT-VN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cobham plc | Explorer 710 |
Affected:
1.07
|
Date Public
2019-10-09 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:44.525Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#719689",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/719689/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Explorer 710",
"vendor": "Cobham plc",
"versions": [
{
"status": "affected",
"version": "1.07"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was found by Kyle O\u0027Meara and David Belasco."
}
],
"datePublic": "2019-10-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The web application portal of the Cobham EXPLORER 710, firmware version 1.07, sends the login password in cleartext. This could allow an unauthenticated, local attacker to intercept the password and gain access to the portal."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319: Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-10T20:09:47.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#719689",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://kb.cert.org/vuls/id/719689/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "The web application portal of the Cobham EXPLORER 710, firmware version 1.07, sends the login password in cleartext",
"x_generator": {
"engine": "Vulnogram 0.0.8"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"DATE_PUBLIC": "2019-10-09T04:00:00.000Z",
"ID": "CVE-2019-9532",
"STATE": "PUBLIC",
"TITLE": "The web application portal of the Cobham EXPLORER 710, firmware version 1.07, sends the login password in cleartext"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Explorer 710",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "1.07",
"version_value": "1.07"
}
]
}
}
]
},
"vendor_name": "Cobham plc"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was found by Kyle O\u0027Meara and David Belasco."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web application portal of the Cobham EXPLORER 710, firmware version 1.07, sends the login password in cleartext. This could allow an unauthenticated, local attacker to intercept the password and gain access to the portal."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-319: Cleartext Transmission of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#719689",
"refsource": "CERT-VN",
"url": "https://kb.cert.org/vuls/id/719689/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2019-9532",
"datePublished": "2019-10-10T20:09:47.739Z",
"dateReserved": "2019-03-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:30:16.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10281 (GCVE-0-2020-10281)
Vulnerability from cvelistv5 – Published: 2020-07-03 14:30 – Updated: 2024-09-16 20:37
VLAI
Title
RVD#3315: Cleartext transmission of sensitive information in MAVLink protocol version 1.0 and 2.0
Summary
This vulnerability applies to the Micro Air Vehicle Link (MAVLink) protocol and allows a remote attacker to gain access to sensitive information provided it has access to the communication medium. MAVLink is a header-based protocol that does not perform encryption to improve transfer (and reception speed) and efficiency by design. The increasing popularity of the protocol (used accross different autopilots) has led to its use in wired and wireless mediums through insecure communication channels exposing sensitive information to a remote attacker with ability to intercept network traffic.
Severity
7.5 (High)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://docs.google.com/document/d/1XtbD0ORNkhZ8e… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| unspecified | MAVLink |
Affected:
v2.0 and before
|
Date Public
2020-07-03 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:58:40.402Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.google.com/document/d/1XtbD0ORNkhZ8eKrsbSIZNLyg9sFRXMXbsR2mp37KbIg/edit"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MAVLink",
"vendor": "unspecified",
"versions": [
{
"status": "affected",
"version": "v2.0 and before"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "None"
}
],
"datePublic": "2020-07-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "This vulnerability applies to the Micro Air Vehicle Link (MAVLink) protocol and allows a remote attacker to gain access to sensitive information provided it has access to the communication medium. MAVLink is a header-based protocol that does not perform encryption to improve transfer (and reception speed) and efficiency by design. The increasing popularity of the protocol (used accross different autopilots) has led to its use in wired and wireless mediums through insecure communication channels exposing sensitive information to a remote attacker with ability to intercept network traffic."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-03T14:30:11.000Z",
"orgId": "dc524f69-879d-41dc-ab8f-724e78658a1a",
"shortName": "Alias"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.google.com/document/d/1XtbD0ORNkhZ8eKrsbSIZNLyg9sFRXMXbsR2mp37KbIg/edit"
}
],
"source": {
"defect": [
"RVD#3315"
],
"discovery": "EXTERNAL"
},
"title": "RVD#3315: Cleartext transmission of sensitive information in MAVLink protocol version 1.0 and 2.0",
"x_generator": {
"engine": "Robot Vulnerability Database (RVD)"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@aliasrobotics.com",
"DATE_PUBLIC": "2020-07-03T14:27:04 +00:00",
"ID": "CVE-2020-10281",
"STATE": "PUBLIC",
"TITLE": "RVD#3315: Cleartext transmission of sensitive information in MAVLink protocol version 1.0 and 2.0"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MAVLink",
"version": {
"version_data": [
{
"version_value": "v2.0 and before"
}
]
}
}
]
},
"vendor_name": ""
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "None"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability applies to the Micro Air Vehicle Link (MAVLink) protocol and allows a remote attacker to gain access to sensitive information provided it has access to the communication medium. MAVLink is a header-based protocol that does not perform encryption to improve transfer (and reception speed) and efficiency by design. The increasing popularity of the protocol (used accross different autopilots) has led to its use in wired and wireless mediums through insecure communication channels exposing sensitive information to a remote attacker with ability to intercept network traffic."
}
]
},
"generator": {
"engine": "Robot Vulnerability Database (RVD)"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "high",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-319"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.google.com/document/d/1XtbD0ORNkhZ8eKrsbSIZNLyg9sFRXMXbsR2mp37KbIg/edit",
"refsource": "CONFIRM",
"url": "https://docs.google.com/document/d/1XtbD0ORNkhZ8eKrsbSIZNLyg9sFRXMXbsR2mp37KbIg/edit"
}
]
},
"source": {
"defect": [
"RVD#3315"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dc524f69-879d-41dc-ab8f-724e78658a1a",
"assignerShortName": "Alias",
"cveId": "CVE-2020-10281",
"datePublished": "2020-07-03T14:30:11.491Z",
"dateReserved": "2020-03-10T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:37:09.108Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10624 (GCVE-0-2020-10624)
Vulnerability from cvelistv5 – Published: 2020-06-26 16:22 – Updated: 2024-08-04 11:06
VLAI
Summary
ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R140, R150, and R151) exposes a session token on the network.
Severity
No CVSS data available.
CWE
- CWE-319 - CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.us-cert.gov/ics/advisories/icsa-20-175-02 | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | ControlEdge PLC |
Affected:
R130.2
Affected: R140 Affected: R150 Affected: R151 |
|
| n/a | ControlEdge RTU |
Affected:
R101
Affected: R110 Affected: R140 Affected: R150 Affected: R151 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:06:10.188Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-175-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ControlEdge PLC",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "R130.2"
},
{
"status": "affected",
"version": "R140"
},
{
"status": "affected",
"version": "R150"
},
{
"status": "affected",
"version": "R151"
}
]
},
{
"product": "ControlEdge RTU",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "R101"
},
{
"status": "affected",
"version": "R110"
},
{
"status": "affected",
"version": "R140"
},
{
"status": "affected",
"version": "R150"
},
{
"status": "affected",
"version": "R151"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R140, R150, and R151) exposes a session token on the network."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-26T16:22:46.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-175-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-10624",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ControlEdge PLC",
"version": {
"version_data": [
{
"version_value": "R130.2"
},
{
"version_value": "R140"
},
{
"version_value": "R150"
},
{
"version_value": "R151"
}
]
}
},
{
"product_name": "ControlEdge RTU",
"version": {
"version_data": [
{
"version_value": "R101"
},
{
"version_value": "R110"
},
{
"version_value": "R140"
},
{
"version_value": "R150"
},
{
"version_value": "R151"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R140, R150, and R151) exposes a session token on the network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-175-02",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-175-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-10624",
"datePublished": "2020-06-26T16:22:46.000Z",
"dateReserved": "2020-03-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:06:10.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Architecture and Design
Description:
- Before transmitting, encrypt the data using reliable, confidentiality-protecting cryptographic protocols.
Mitigation
Phase: Implementation
Description:
- When using web applications with SSL, use SSL for the entire session from login to logout, not just for the initial login page.
Mitigation
Phase: Implementation
Description:
- When designing hardware platforms, ensure that approved encryption algorithms (such as those recommended by NIST) protect paths from security critical data to trusted user applications.
Mitigation
Phase: Testing
Description:
- Use tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session. These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules.
Mitigation
Phase: Operation
Description:
- Configure servers to use encrypted channels for communication, which may include SSL or other secure protocols.
CAPEC-102: Session Sidejacking
Session sidejacking takes advantage of an unencrypted communication channel between a victim and target system. The attacker sniffs traffic on a network looking for session tokens in unencrypted traffic. Once a session token is captured, the attacker performs malicious actions by using the stolen token with the targeted application to impersonate the victim. This attack is a specific method of session hijacking, which is exploiting a valid session token to gain unauthorized access to a target system or information. Other methods to perform a session hijacking are session fixation, cross-site scripting, or compromising a user or server machine and stealing the session token.
CAPEC-117: Interception
An adversary monitors data streams to or from the target for information gathering purposes. This attack may be undertaken to solely gather sensitive information or to support a further attack against the target. This attack pattern can involve sniffing network traffic as well as other types of data streams (e.g. radio). The adversary can attempt to initiate the establishment of a data stream or passively observe the communications as they unfold. In all variants of this attack, the adversary is not the intended recipient of the data stream. In contrast to other means of gathering information (e.g., targeting data leaks), the adversary must actively position themself so as to observe explicit data channels (e.g. network traffic) and read the content. However, this attack differs from a Adversary-In-the-Middle (CAPEC-94) attack, as the adversary does not alter the content of the communications nor forward data to the intended recipient.
CAPEC-383: Harvesting Information via API Event Monitoring
An adversary hosts an event within an application framework and then monitors the data exchanged during the course of the event for the purpose of harvesting any important data leaked during the transactions. One example could be harvesting lists of usernames or userIDs for the purpose of sending spam messages to those users. One example of this type of attack involves the adversary creating an event within the sub-application. Assume the adversary hosts a "virtual sale" of rare items. As other users enter the event, the attacker records via AiTM (CAPEC-94) proxy the user_ids and usernames of everyone who attends. The adversary would then be able to spam those users within the application using an automated script.
CAPEC-477: Signature Spoofing by Mixing Signed and Unsigned Content
An attacker exploits the underlying complexity of a data structure that allows for both signed and unsigned content, to cause unsigned data to be processed as though it were signed data.
CAPEC-65: Sniff Application Code
An adversary passively sniffs network communications and captures application code bound for an authorized client. Once obtained, they can use it as-is, or through reverse-engineering glean sensitive information or exploit the trust relationship between the client and server. Such code may belong to a dynamic update to the client, a patch being applied to a client component or any such interaction where the client is authorized to communicate with the server.