How severe is CVE-2019-10920?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2019-10920?

This is classified as CWE-321, which is a common weakness in software security.

CVE-2019-10920 - HIGH Severity | CVSS 7.5

Vulnerability Description

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Project data stored on the device, which is accessible via port 10005/tcp, can be decrypted due to a hardcoded encryption key. The security vulnerability could be exploited by an unauthenticated attacker with network access to port 10005/tcp. No user interaction is required to exploit this security vulnerability. The vulnerability impacts confidentiality of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.

Related Vulnerabilities

CVE-2017-6054

HIGH

CVSS:7.5(High)

A Use of Hard-Coded Cryptographic Key issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. The application uses a hard-coded decryption password to protect sensitive user informati...

CWE-3212017

CVE-2019-5137

HIGH

CVSS:7.5(High)

The usage of hard-coded cryptographic keys within the ServiceAgent binary allows for the decryption of captured traffic across the network from or to the Moxa AWK-3131A firmware version 1.13.

CWE-3212019

CVE-2020-25229

HIGH

CVSS:7.5(High)

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). The implemented encryption for communication with affected devices is prone to replay attacks due to th...

CWE-3212020

CVE-2020-6979

HIGH

CVSS:7.5(High)

In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected products use a hard-coded cryptographic key, increasing the possibility that confidential data can be recovered.

CWE-3212020

CVE-2020-6983

HIGH

CVSS:7.5(High)

In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the affected products use a hard-coded cryptographic key, which increases the possibility that...

CWE-3212020

CVE-2022-1701

HIGH

CVSS:7.5(High)

SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions uses a shared and hard-coded encryption key to store data.

CWE-3212022