CVE-2019-10921

HIGH Year: 2019
CVSS v3 Score
7.5
High
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-256
View all →

Vulnerability Description

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Unencrypted storage of passwords in the project could allow an attacker with access to port 10005/tcp to obtain passwords of the device. The security vulnerability could be exploited by an unauthenticated attacker with network access to port 10005/tcp. No user interaction is required to exploit this security vulnerability. The vulnerability impacts confidentiality of the device. At the time of advisory publication no public exploitation of this security vulnerability was known

Related Vulnerabilities

CVE-2017-6049

HIGH
CVSS:7.5(High)

Detcon Sitewatch Gateway, all versions without cellular, an attacker can edit settings on the device using a specially crafted URL.

CWE-2562017

CVE-2019-6518

HIGH
CVSS:7.5(High)

Moxa IKS and EDS store plaintext passwords, which may allow sensitive information to be read by someone with access to the device.

CWE-2562019

CVE-2020-10609

HIGH
CVSS:7.5(High)

Grundfos CIM 500 v06.16.00 stores plaintext credentials, which may allow sensitive information to be read or allow modification to system settings by someone with access to the device.

CWE-2562020

CVE-2020-5374

HIGH
CVSS:7.5(High)

Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain a hard-coded cryptographic key vulnerability. A remote unauthenticated attacker...

CWE-2562020

CVE-2020-8183

HIGH
CVSS:7.5(High)

A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call.

CWE-2562020

CVE-2021-32978

HIGH
CVSS:7.5(High)

The programming protocol allows for a previously entered password and lock state to be read by an attacker. If the previously entered password was successful, the attacker can then use the password to...

CWE-2562021