CVE-2024-46889

MEDIUM Year: 2024
CVSS v3 Score
5.3
Medium
Weakness Type
CWE-321
View all →

Vulnerability Description

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application uses hard-coded cryptographic key material to obfuscate configuration files. This could allow an attacker to learn that cryptographic key material through reverse engineering of the application binary and decrypt arbitrary backup files.

Related Vulnerabilities

CVE-2020-25193

MEDIUM
CVSS:5.3(Medium)

By having access to the hard-coded cryptographic key for GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06, attackers would be able to intercept and decrypt encryp...

CWE-3212020

CVE-2023-6482

MEDIUM
CVSS:5.2(Medium)

Use of encryption key derived from static information in Synaptics Fingerprint Driver allows an attacker to set up a TLS session with the fingerprint sensor and send restricted commands to the fingerp...

CWE-3212023

CVE-2024-45837

MEDIUM
CVSS:5.4(Medium)

Use of hard-coded cryptographic key issue exists in AIPHONE IX SYSTEM, IXG SYSTEM, and System Support Software. A network-adjacent unauthenticated attacker may log in to SFTP service and obtain and/or...

CWE-3212024

CVE-2020-25231

MEDIUM
CVSS:5.5(Medium)

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3), LOGO! Soft Comfort (All versions < V8.3). The encryption of program data for the affected devices uses ...

CWE-3212020

CVE-2020-25233

MEDIUM
CVSS:5.5(Medium)

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). The firmware update of affected devices contains the private RSA key that is used as a basis for encryp...

CWE-3212020

CVE-2021-27481

MEDIUM
CVSS:5.5(Medium)

ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products utilize an encryption key in the data exchange process, which is hardcoded. This could allow an attacker to gain access to sensitive...

CWE-3212021