CVE-2021-20597

CRITICAL Year: 2021
CVSS v3 Score
9.1
Critical
CVSS v2 Score
6.4
Medium
Weakness Type
CWE-522
View all →

Vulnerability Description

Insufficiently Protected Credentials vulnerability in Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU firmware versions "26" and prior and Mitsubishi Electric MELSEC iQ-R series SIL2 Process CPU modules R08/16/32/120PSFCPU firmware versions "11" and prior allows a remote unauthenticated attacker to login to the target unauthorizedly by sniffing network traffic and obtaining credentials when registering user information in the target or changing a password.

Related Vulnerabilities

CVE-2022-43969

CRITICAL
CVSS:9.1(Critical)

Ricoh mp_c4504ex devices with firmware 1.06 mishandle credentials.

CWE-5222022

CVE-2022-45157

HIGH
CVSS:9.1(Critical)

A vulnerability has been identified in the way that Rancher stores vSphere's CPI (Cloud Provider Interface) and CSI (Container Storage Interface) credentials used to deploy clusters through the vSpher...

CWE-5222022

CVE-2024-40583

CRITICAL
CVSS:9.1(Critical)

Pentaminds CuroVMS v2.0.1 was discovered to contain exposed credentials.

CWE-5222024

CVE-2025-25650

CRITICAL
CVSS:9.1(Critical)

An issue in the storage of NFC card data in Dorset DG 201 Digital Lock H5_433WBSK_v2.2_220605 allows attackers to produce cloned NFC cards to bypass authentication.

CWE-5222025

CVE-2025-26492

CRITICAL
CVSS:9.1(Critical)

In JetBrains TeamCity before 2024.12.2 improper Kubernetes connection settings could expose sensitive resources

CWE-5222025

CVE-2016-9593

HIGH
CVSS:8.8(High)

foreman-debug before version 1.15.0 is vulnerable to a flaw in foreman-debug's logging. An attacker with access to the foreman log file would be able to view passwords, allowing them to access those s...

CWE-5222016