CWE-321
Use of Hard-coded Cryptographic Key
The product uses a hard-coded, unchangeable cryptographic key.
CVE-2020-1764 (GCVE-0-2020-1764)
Vulnerability from cvelistv5 – Published: 2020-03-26 11:16 – Updated: 2024-08-04 06:46
VLAI
Summary
A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to 1.15.1. A remote attacker could abuse this flaw by creating their own JWT signed tokens and bypass Kiali authentication mechanisms, possibly gaining privileges to view and alter the Istio configuration.
Severity
8.6 (High)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://kiali.io/news/security-bulletins/kiali-se… | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:30.916Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kiali.io/news/security-bulletins/kiali-security-001/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1764"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kiali",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "all Kiali versions prior to 1.15.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to 1.15.1. A remote attacker could abuse this flaw by creating their own JWT signed tokens and bypass Kiali authentication mechanisms, possibly gaining privileges to view and alter the Istio configuration."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-26T11:16:09.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kiali.io/news/security-bulletins/kiali-security-001/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1764"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-1764",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "kiali",
"version": {
"version_data": [
{
"version_value": "all Kiali versions prior to 1.15.1"
}
]
}
}
]
},
"vendor_name": "Red Hat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to 1.15.1. A remote attacker could abuse this flaw by creating their own JWT signed tokens and bypass Kiali authentication mechanisms, possibly gaining privileges to view and alter the Istio configuration."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "8.6/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-321"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kiali.io/news/security-bulletins/kiali-security-001/",
"refsource": "MISC",
"url": "https://kiali.io/news/security-bulletins/kiali-security-001/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1764",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1764"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-1764",
"datePublished": "2020-03-26T11:16:09.000Z",
"dateReserved": "2019-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-04T06:46:30.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-2500 (GCVE-0-2020-2500)
Vulnerability from cvelistv5 – Published: 2020-07-01 15:53 – Updated: 2024-08-04 07:09
VLAI
Summary
This improper access control vulnerability in Helpdesk allows attackers to get control of QNAP Kayako service. Attackers can access the sensitive data on QNAP Kayako server with API keys. We have replaced the API key to mitigate the vulnerability, and already fixed the issue in Helpdesk 3.0.1 and later versions.
Severity
9.8 (Critical)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.qnap.com/zh-tw/security-advisory/qsa-20-03 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| QNAP Systems Inc. | Helpdesk |
Affected:
unspecified , < 3.0.1
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:09:54.662Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.qnap.com/zh-tw/security-advisory/qsa-20-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Helpdesk",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "3.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Yoni Ramon, security researcher"
}
],
"descriptions": [
{
"lang": "en",
"value": "This improper access control vulnerability in Helpdesk allows attackers to get control of QNAP Kayako service. Attackers can access the sensitive data on QNAP Kayako server with API keys. We have replaced the API key to mitigate the vulnerability, and already fixed the issue in Helpdesk 3.0.1 and later versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321 Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-01T15:53:50.000Z",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.qnap.com/zh-tw/security-advisory/qsa-20-03"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"ID": "CVE-2020-2500",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Helpdesk",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.0.1"
}
]
}
}
]
},
"vendor_name": "QNAP Systems Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Yoni Ramon, security researcher"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This improper access control vulnerability in Helpdesk allows attackers to get control of QNAP Kayako service. Attackers can access the sensitive data on QNAP Kayako server with API keys. We have replaced the API key to mitigate the vulnerability, and already fixed the issue in Helpdesk 3.0.1 and later versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-321 Use of Hard-coded Cryptographic Key"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-798 Use of Hard-coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/zh-tw/security-advisory/qsa-20-03",
"refsource": "MISC",
"url": "https://www.qnap.com/zh-tw/security-advisory/qsa-20-03"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2020-2500",
"datePublished": "2020-07-01T15:53:50.000Z",
"dateReserved": "2019-12-09T00:00:00.000Z",
"dateUpdated": "2024-08-04T07:09:54.662Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25173 (GCVE-0-2020-25173)
Vulnerability from cvelistv5 – Published: 2021-01-26 12:45 – Updated: 2024-09-16 20:47
VLAI
Title
Reolink P2P Cameras
Summary
An attacker with local network access can obtain a fixed cryptography key which may allow for further compromise of Reolink P2P cameras outside of local network access
Severity
No CVSS data available.
CWE
- CWE-321 - USE OF HARD-CODED CRYPTOGRAPHIC KEY CWE-321
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-21-019-02 | x_refsource_MISC |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Reolink | RLC-4XX series |
Affected:
All versions
|
|
| Reolink | RLC-5XX series |
Affected:
All versions
|
|
| Reolink | RLN-X10 series |
Affected:
All versions
|
Date Public
2021-01-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:26:09.495Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-019-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RLC-4XX series",
"vendor": "Reolink",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "RLC-5XX series",
"vendor": "Reolink",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "RLN-X10 series",
"vendor": "Reolink",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"datePublic": "2021-01-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An attacker with local network access can obtain a fixed cryptography key which may allow for further compromise of Reolink P2P cameras outside of local network access"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "USE OF HARD-CODED CRYPTOGRAPHIC KEY CWE-321",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-26T12:45:53.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-019-02"
}
],
"source": {
"advisory": "ICSA-21-019-02",
"discovery": "UNKNOWN"
},
"title": "Reolink P2P Cameras",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2021-01-20T05:00:00.000Z",
"ID": "CVE-2020-25173",
"STATE": "PUBLIC",
"TITLE": "Reolink P2P Cameras"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RLC-4XX series",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "RLC-5XX series",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "RLN-X10 series",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "Reolink"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An attacker with local network access can obtain a fixed cryptography key which may allow for further compromise of Reolink P2P cameras outside of local network access"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "USE OF HARD-CODED CRYPTOGRAPHIC KEY CWE-321"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-019-02",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-019-02"
}
]
},
"source": {
"advisory": "ICSA-21-019-02",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-25173",
"datePublished": "2021-01-26T12:45:53.081Z",
"dateReserved": "2020-09-04T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:47:12.070Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25180 (GCVE-0-2020-25180)
Vulnerability from cvelistv5 – Published: 2022-03-18 18:00 – Updated: 2025-04-16 16:41
VLAI
Title
Rockwell Automation ISaGRAF5 Runtime Use of Hard-coded Cryptographic Key
Summary
Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x includes the functionality of setting a password that is required to execute privileged commands. The password value passed to ISaGRAF Runtime is the result of encryption performed with a fixed key value using the tiny encryption algorithm (TEA) on an entered or saved password. A remote, unauthenticated attacker could pass their own encrypted password to the ISaGRAF 5 Runtime, which may result in information disclosure on the device.
Severity
5.3 (Medium)
CWE
- CWE-321 - Use of Hard-coded Cryptographic Key
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-2… | x_refsource_CONFIRM |
| https://rockwellautomation.custhelp.com/app/answe… | x_refsource_CONFIRM |
| https://download.schneider-electric.com/files?p_D… | x_refsource_CONFIRM |
| https://www.xylem.com/siteassets/about-xylem/cybe… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Rockwell Automation | ISaGRAF Runtime |
Affected:
4.x
Affected: 5.x |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:26:09.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-25180",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:55:32.683113Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:41:46.019Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ISaGRAF Runtime",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "4.x"
},
{
"status": "affected",
"version": "5.x"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Kaspersky reported these vulnerabilities to Rockwell Automation."
}
],
"descriptions": [
{
"lang": "en",
"value": "Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x includes the functionality of setting a password that is required to execute privileged commands. The password value passed to ISaGRAF Runtime is the result of encryption performed with a fixed key value using the tiny encryption algorithm (TEA) on an entered or saved password. A remote, unauthenticated attacker could pass their own encrypted password to the ISaGRAF 5 Runtime, which may result in information disclosure on the device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321 Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-18T18:00:33.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf"
}
],
"solutions": [
{
"lang": "en",
"value": "Rockwell Automation recommends users update to ISaGRAF Runtime 5 Version 5.72.00. End users are encouraged to restrict or block access on TCP 1131 and TCP 1132 from outside the industrial control system. Confirm the least-privilege user principle is followed and user/service account access to Runtime\u0027s folder location is granted with a minimum amount of rights needed.\n\nRockwell Automation recommends users of affected versions evaluate the mitigations provided and apply the appropriate mitigations to deployed products. Users are encouraged to combine this guidance with the general security guidelines for a comprehensive defense-in-depth strategy.\n\nTo reduce risk, Rockwell Automation recommends users:\n Employ proper network segmentation and security controls.\n Minimize network exposure for all control system devices.\n Locate control systems behind firewalls.\n Isolate control systems from other networks when possible.\n Refer to the Converged Plantwide Ethernet (CPwE) Design and Implementation Guide for best practices deploying network segmentation and broader defense-in-depth strategies.\n Consider using proper network infrastructure controls, such as firewalls, UTM devices, VPN, or other security appliances.\n Ensure the least-privilege user principle is followed, and user/service account access to Runtime\u2019s folder location is granted with a minimum amount of rights, as needed.\n\nPlease see publications from Rockwell Automation and Schneider Electric, Xylem, or contact GE for further information about how to mitigate these vulnerabilities in additional affected products."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Rockwell Automation ISaGRAF5 Runtime Use of Hard-coded Cryptographic Key",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-25180",
"STATE": "PUBLIC",
"TITLE": "Rockwell Automation ISaGRAF5 Runtime Use of Hard-coded Cryptographic Key"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ISaGRAF Runtime",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.x"
},
{
"version_affected": "=",
"version_value": "5.x"
}
]
}
}
]
},
"vendor_name": "Rockwell Automation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Kaspersky reported these vulnerabilities to Rockwell Automation."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x includes the functionality of setting a password that is required to execute privileged commands. The password value passed to ISaGRAF Runtime is the result of encryption performed with a fixed key value using the tiny encryption algorithm (TEA) on an entered or saved password. A remote, unauthenticated attacker could pass their own encrypted password to the ISaGRAF 5 Runtime, which may result in information disclosure on the device."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-321 Use of Hard-coded Cryptographic Key"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-280-01"
},
{
"name": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699",
"refsource": "CONFIRM",
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131699"
},
{
"name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04",
"refsource": "CONFIRM",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04"
},
{
"name": "https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf",
"refsource": "CONFIRM",
"url": "https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-multismart-rockwell-isagraf.pdf"
}
]
},
"solution": [
{
"lang": "en",
"value": "Rockwell Automation recommends users update to ISaGRAF Runtime 5 Version 5.72.00. End users are encouraged to restrict or block access on TCP 1131 and TCP 1132 from outside the industrial control system. Confirm the least-privilege user principle is followed and user/service account access to Runtime\u0027s folder location is granted with a minimum amount of rights needed.\n\nRockwell Automation recommends users of affected versions evaluate the mitigations provided and apply the appropriate mitigations to deployed products. Users are encouraged to combine this guidance with the general security guidelines for a comprehensive defense-in-depth strategy.\n\nTo reduce risk, Rockwell Automation recommends users:\n Employ proper network segmentation and security controls.\n Minimize network exposure for all control system devices.\n Locate control systems behind firewalls.\n Isolate control systems from other networks when possible.\n Refer to the Converged Plantwide Ethernet (CPwE) Design and Implementation Guide for best practices deploying network segmentation and broader defense-in-depth strategies.\n Consider using proper network infrastructure controls, such as firewalls, UTM devices, VPN, or other security appliances.\n Ensure the least-privilege user principle is followed, and user/service account access to Runtime\u2019s folder location is granted with a minimum amount of rights, as needed.\n\nPlease see publications from Rockwell Automation and Schneider Electric, Xylem, or contact GE for further information about how to mitigate these vulnerabilities in additional affected products."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-25180",
"datePublished": "2022-03-18T18:00:33.000Z",
"dateReserved": "2020-09-04T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:41:46.019Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25193 (GCVE-0-2020-25193)
Vulnerability from cvelistv5 – Published: 2022-03-18 18:00 – Updated: 2025-04-16 16:41
VLAI
Title
GE Reason RT43X Clocks Use of Hard-coded Cryptographic Key
Summary
By having access to the hard-coded cryptographic key for GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06, attackers would be able to intercept and decrypt encrypted traffic through an HTTPS connection.
Severity
5.3 (Medium)
CWE
- CWE-321 - Use of Hard-coded Cryptographic Key
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-2… | x_refsource_CONFIRM |
| https://www.gegridsolutions.com/app/DownloadFile.… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| GE | Reason RT43X Clocks |
Affected:
unspecified , < 08A06
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:26:10.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-005-03"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.gegridsolutions.com/app/DownloadFile.aspx?prod=RT430\u0026type=21\u0026file=5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-25193",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:59:19.792538Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:41:25.123Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Reason RT43X Clocks",
"vendor": "GE",
"versions": [
{
"lessThan": "08A06",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Tom Westenberg of Thales UK reported these vulnerabilities to GE."
}
],
"descriptions": [
{
"lang": "en",
"value": "By having access to the hard-coded cryptographic key for GE Reason RT430, RT431 \u0026 RT434 GNSS clocks in firmware versions prior to version 08A06, attackers would be able to intercept and decrypt encrypted traffic through an HTTPS connection."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321 Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-18T18:00:35.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-005-03"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.gegridsolutions.com/app/DownloadFile.aspx?prod=RT430\u0026type=21\u0026file=5"
}
],
"solutions": [
{
"lang": "en",
"value": "GE strongly recommends users of Reason RT43X products update their units to firmware Version 08A06 or greater to resolve these issues. The firmware update addresses both vulnerabilities as described in the Reason RT43X 08A06 Release Notes.\n\nPlease see GE publication GES-2020-006 (login required) for more details on these issues."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "GE Reason RT43X Clocks Use of Hard-coded Cryptographic Key",
"workarounds": [
{
"lang": "en",
"value": "GE recommends users evaluate current risk and implement appropriate network security mitigation measures as follows. The following mitigation actions do not ensure complete security but should be considered until the affected time synchronization product is upgraded:\n Use strong network and physical security protection to prevent an attacker from reaching the local network where Reason RT43X clocks are normally installed. \n Block TCP/IP Ports 80 and 443 to block the HTTP/HTTPS access to web interface with Reason RT43X products, avoiding all the vulnerabilities. This TCP/IP port blocking should be limited to the Ethernet port interface where the Reason RT43X clock is connected (e.g., using Access Control List (ACL)). Otherwise, other HTTP/HTTPS applications may be affected.\n Minimize network exposure for all control system devices and/or systems and ensure they are not accessible from the Internet.\n Analyze security events to early detect unexpected traffic/communication."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-25193",
"STATE": "PUBLIC",
"TITLE": "GE Reason RT43X Clocks Use of Hard-coded Cryptographic Key"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Reason RT43X Clocks",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "08A06"
}
]
}
}
]
},
"vendor_name": "GE"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Tom Westenberg of Thales UK reported these vulnerabilities to GE."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "By having access to the hard-coded cryptographic key for GE Reason RT430, RT431 \u0026 RT434 GNSS clocks in firmware versions prior to version 08A06, attackers would be able to intercept and decrypt encrypted traffic through an HTTPS connection."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-321 Use of Hard-coded Cryptographic Key"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-005-03",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-005-03"
},
{
"name": "https://www.gegridsolutions.com/app/DownloadFile.aspx?prod=RT430\u0026type=21\u0026file=5",
"refsource": "CONFIRM",
"url": "https://www.gegridsolutions.com/app/DownloadFile.aspx?prod=RT430\u0026type=21\u0026file=5"
}
]
},
"solution": [
{
"lang": "en",
"value": "GE strongly recommends users of Reason RT43X products update their units to firmware Version 08A06 or greater to resolve these issues. The firmware update addresses both vulnerabilities as described in the Reason RT43X 08A06 Release Notes.\n\nPlease see GE publication GES-2020-006 (login required) for more details on these issues."
}
],
"source": {
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "GE recommends users evaluate current risk and implement appropriate network security mitigation measures as follows. The following mitigation actions do not ensure complete security but should be considered until the affected time synchronization product is upgraded:\n Use strong network and physical security protection to prevent an attacker from reaching the local network where Reason RT43X clocks are normally installed. \n Block TCP/IP Ports 80 and 443 to block the HTTP/HTTPS access to web interface with Reason RT43X products, avoiding all the vulnerabilities. This TCP/IP port blocking should be limited to the Ethernet port interface where the Reason RT43X clock is connected (e.g., using Access Control List (ACL)). Otherwise, other HTTP/HTTPS applications may be affected.\n Minimize network exposure for all control system devices and/or systems and ensure they are not accessible from the Internet.\n Analyze security events to early detect unexpected traffic/communication."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-25193",
"datePublished": "2022-03-18T18:00:35.000Z",
"dateReserved": "2020-09-04T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:41:25.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25229 (GCVE-0-2020-25229)
Vulnerability from cvelistv5 – Published: 2020-12-14 21:05 – Updated: 2024-08-04 15:33
VLAI
Summary
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). The implemented encryption for communication with affected devices is prone to replay attacks due to the usage of a static key. An attacker could change the password or change the configuration on any affected device if using prepared messages that were generated for another device.
Severity
No CVSS data available.
CWE
- CWE-321 - Use of Hard-coded Cryptographic Key
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | LOGO! 8 BM (incl. SIPLUS variants) |
Affected:
All versions < V8.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:33:05.473Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480824.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LOGO! 8 BM (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions \u003c V8.3). The implemented encryption for communication with affected devices is prone to replay attacks due to the usage of a static key. An attacker could change the password or change the configuration on any affected device if using prepared messages that were generated for another device."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321: Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-14T21:05:18.000Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480824.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2020-25229",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LOGO! 8 BM (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V8.3"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions \u003c V8.3). The implemented encryption for communication with affected devices is prone to replay attacks due to the usage of a static key. An attacker could change the password or change the configuration on any affected device if using prepared messages that were generated for another device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-321: Use of Hard-coded Cryptographic Key"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-480824.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480824.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2020-25229",
"datePublished": "2020-12-14T21:05:18.000Z",
"dateReserved": "2020-09-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:33:05.473Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25231 (GCVE-0-2020-25231)
Vulnerability from cvelistv5 – Published: 2020-12-14 21:05 – Updated: 2024-08-04 15:33
VLAI
Summary
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3), LOGO! Soft Comfort (All versions < V8.3). The encryption of program data for the affected devices uses a static key. An attacker could use this key to extract confidential information from protected program files.
Severity
No CVSS data available.
CWE
- CWE-321 - Use of Hard-coded Cryptographic Key
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | LOGO! 8 BM (incl. SIPLUS variants) |
Affected:
All versions < V8.3
|
|
| Siemens | LOGO! Soft Comfort |
Affected:
All versions < V8.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:33:05.447Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480824.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LOGO! 8 BM (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.3"
}
]
},
{
"product": "LOGO! Soft Comfort",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions \u003c V8.3), LOGO! Soft Comfort (All versions \u003c V8.3). The encryption of program data for the affected devices uses a static key. An attacker could use this key to extract confidential information from protected program files."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321: Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-14T21:05:18.000Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480824.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2020-25231",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LOGO! 8 BM (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V8.3"
}
]
}
},
{
"product_name": "LOGO! Soft Comfort",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V8.3"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions \u003c V8.3), LOGO! Soft Comfort (All versions \u003c V8.3). The encryption of program data for the affected devices uses a static key. An attacker could use this key to extract confidential information from protected program files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-321: Use of Hard-coded Cryptographic Key"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-480824.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480824.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2020-25231",
"datePublished": "2020-12-14T21:05:18.000Z",
"dateReserved": "2020-09-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:33:05.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25233 (GCVE-0-2020-25233)
Vulnerability from cvelistv5 – Published: 2020-12-14 21:05 – Updated: 2024-08-04 15:33
VLAI
Summary
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). The firmware update of affected devices contains the private RSA key that is used as a basis for encryption of communication with the device.
Severity
No CVSS data available.
CWE
- CWE-321 - Use of Hard-coded Cryptographic Key
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | LOGO! 8 BM (incl. SIPLUS variants) |
Affected:
All versions < V8.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:33:05.472Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480824.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LOGO! 8 BM (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions \u003c V8.3). The firmware update of affected devices contains the private RSA key that is used as a basis for encryption of communication with the device."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321: Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-14T21:05:19.000Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480824.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2020-25233",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LOGO! 8 BM (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V8.3"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions \u003c V8.3). The firmware update of affected devices contains the private RSA key that is used as a basis for encryption of communication with the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-321: Use of Hard-coded Cryptographic Key"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-480824.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480824.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2020-25233",
"datePublished": "2020-12-14T21:05:19.000Z",
"dateReserved": "2020-09-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:33:05.472Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25234 (GCVE-0-2020-25234)
Vulnerability from cvelistv5 – Published: 2020-12-14 21:05 – Updated: 2024-08-04 15:33
VLAI
Summary
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3), LOGO! Soft Comfort (All versions < V8.3). The LOGO! program files generated and used by the affected components offer the possibility to save user-defined functions (UDF) in a password protected way. This protection is implemented in the software that displays the information. An attacker could reverse engineer the UDFs directly from stored program files.
Severity
No CVSS data available.
CWE
- CWE-321 - Use of Hard-coded Cryptographic Key
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | LOGO! 8 BM (incl. SIPLUS variants) |
Affected:
All versions < V8.3
|
|
| Siemens | LOGO! Soft Comfort |
Affected:
All versions < V8.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:33:05.332Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480824.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LOGO! 8 BM (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.3"
}
]
},
{
"product": "LOGO! Soft Comfort",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions \u003c V8.3), LOGO! Soft Comfort (All versions \u003c V8.3). The LOGO! program files generated and used by the affected components offer the possibility to save user-defined functions (UDF) in a password protected way. This protection is implemented in the software that displays the information. An attacker could reverse engineer the UDFs directly from stored program files."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321: Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-14T21:05:19.000Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480824.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2020-25234",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LOGO! 8 BM (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V8.3"
}
]
}
},
{
"product_name": "LOGO! Soft Comfort",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V8.3"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions \u003c V8.3), LOGO! Soft Comfort (All versions \u003c V8.3). The LOGO! program files generated and used by the affected components offer the possibility to save user-defined functions (UDF) in a password protected way. This protection is implemented in the software that displays the information. An attacker could reverse engineer the UDFs directly from stored program files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-321: Use of Hard-coded Cryptographic Key"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-480824.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480824.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2020-25234",
"datePublished": "2020-12-14T21:05:19.000Z",
"dateReserved": "2020-09-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:33:05.332Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25688 (GCVE-0-2020-25688)
Vulnerability from cvelistv5 – Published: 2020-11-23 21:07 – Updated: 2024-08-04 15:40
VLAI
Summary
A flaw was found in rhacm versions before 2.0.5 and before 2.1.0. Two internal service APIs were incorrectly provisioned using a test certificate from the source repository. This would result in all installations using the same certificates. If an attacker could observe network traffic internal to a cluster, they could use the private key to decode API requests that should be protected by TLS sessions, potentially obtaining information they would not otherwise be able to. These certificates are not used for service authentication, so no opportunity for impersonation or active MITM attacks were made possible.
Severity
No CVSS data available.
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1892551 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:40:36.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1892551"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "rhacm",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All rhacm versions before 2.0.5 and before 2.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in rhacm versions before 2.0.5 and before 2.1.0. Two internal service APIs were incorrectly provisioned using a test certificate from the source repository. This would result in all installations using the same certificates. If an attacker could observe network traffic internal to a cluster, they could use the private key to decode API requests that should be protected by TLS sessions, potentially obtaining information they would not otherwise be able to. These certificates are not used for service authentication, so no opportunity for impersonation or active MITM attacks were made possible."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-23T21:07:06.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1892551"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-25688",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "rhacm",
"version": {
"version_data": [
{
"version_value": "All rhacm versions before 2.0.5 and before 2.1.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in rhacm versions before 2.0.5 and before 2.1.0. Two internal service APIs were incorrectly provisioned using a test certificate from the source repository. This would result in all installations using the same certificates. If an attacker could observe network traffic internal to a cluster, they could use the private key to decode API requests that should be protected by TLS sessions, potentially obtaining information they would not otherwise be able to. These certificates are not used for service authentication, so no opportunity for impersonation or active MITM attacks were made possible."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-321"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1892551",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1892551"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-25688",
"datePublished": "2020-11-23T21:07:06.000Z",
"dateReserved": "2020-09-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:40:36.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Architecture and Design
Description:
- Prevention schemes mirror that of hard-coded password storage.
No CAPEC attack patterns related to this CWE.