CVE-2023-40464

MEDIUM Year: 2023
CVSS v3 Score
6.8
Medium
Weakness Type
CWE-321
View all →

Vulnerability Description

Several versions of ALEOS, including ALEOS 4.16.0, use a hardcoded SSL certificate and private key. An attacker with access to these items could potentially perform a man in the middle attack between the ACEManager client and ACEManager server.

Related Vulnerabilities

CVE-2021-43587

MEDIUM
CVSS:6.7(Medium)

Dell PowerPath Management Appliance, versions 3.2, 3.1, 3.0 P01, 3.0, and 2.6, use hard-coded cryptographic key. A local high-privileged malicious user may potentially exploit this vulnerability to ga...

CWE-3212021

CVE-2019-10990

MEDIUM
CVSS:6.5(Medium)

Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, uses a hard-coded password to encrypt protected files in transit and at rest, which may allow an attacker to ...

CWE-3212019

CVE-2019-13929

MEDIUM
CVSS:6.5(Medium)

A vulnerability has been identified in SIMATIC IT UADM (All versions < V1.3). An authenticated remote attacker with network access to port 1434/tcp of SIMATIC IT UADM could potentially recover a passw...

CWE-3212019

CVE-2019-17098

MEDIUM
CVSS:6.5(Medium)

Use of hard-coded cryptographic key vulnerability in August Connect Wi-Fi Bridge App, Connect Firmware allows an attacker to decrypt an intercepted payload containing the Wi-Fi network authentication ...

CWE-3212019

CVE-2020-25180

MEDIUM
CVSS:6.5(Medium)

Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x includes the functionality of setting a password that is required to execute privileged commands. The password value passed to ISaGRAF Runtime ...

CWE-3212020

CVE-2021-23842

HIGH
CVSS:7.1(High)

Communication to the AMC2 uses a state-of-the-art cryptographic algorithm for symmetric encryption called Blowfish. An attacker could retrieve the key from the firmware to decrypt network traffic betw...

CWE-3212021