CVE-2023-42493
7.1HIGH
EisBaer Scada - CWE-256: Plaintext Storage of a Password
EisBaer Scada - CWE-256: Plaintext Storage of a Password
10/25/2023CWE-256
Tipo de Debilidad
CWE-256
Todas las vulnerabilidades CVE clasificadas bajo este tipo de debilidad.
Ver en MITRE CWETotal CVEs
26
Críticos
1
En KEV
0
Con Exploits
0
CVE-2024-3082
4.2MEDIUM
A “CWE-256: Plaintext Storage of a Password” affecting the administrative account allows an attacker with physical access to the machine to retrieve the password in cleartext unless specific security
A “CWE-256: Plaintext Storage of a Password” affecting the administrative account allows an attacker with physical access to the machine to retrieve the password in cleartext unless specific security ...
7/31/2024CWE-256, CWE-522
CVE-2022-4308
6.1MEDIUM
Plaintext Storage of a Password vulnerability in Secomea GateManager (USB wizard) allows Authentication abuse on SiteManager, if the generated file is leaked.
Plaintext Storage of a Password vulnerability in Secomea GateManager (USB wizard) allows Authentication abuse on SiteManager, if the generated file is leaked.
4/19/2023CWE-256, CWE-522 +1
CVE-2023-26204
3.7LOW
A plaintext storage of a password vulnerability [CWE-256] in FortiSIEM 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions, 6.1 all versions, 5.4
A plaintext storage of a password vulnerability [CWE-256] in FortiSIEM 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions, 6.1 all versions, 5.4...
6/13/2023CWE-256, CWE-522
CVE-2024-26165
8.8HIGH
Visual Studio Code Elevation of Privilege Vulnerability
Visual Studio Code Elevation of Privilege Vulnerability
3/12/2024CWE-256
CVE-2022-0555
8.4HIGH
Subiquity Shows Guided Storage Passphrase in Plaintext with Read-all Permissions
Subiquity Shows Guided Storage Passphrase in Plaintext with Read-all Permissions
6/3/2024CWE-256
CVE-2025-56527
7.5HIGH
Plaintext password storage in Kotaemon 0.11.0 in the client's localStorage.
Plaintext password storage in Kotaemon 0.11.0 in the client's localStorage.
11/18/2025CWE-256
CVE-2025-1709
6.5MEDIUM
Several credentials for the local PostgreSQL database are stored in plain text (partially base64 encoded).
Several credentials for the local PostgreSQL database are stored in plain text (partially base64 encoded).
7/3/2025CWE-256
CVE-2024-4232
4.1MEDIUM
This vulnerability exists in Digisol Router (DG-GR1321: Hardware version 3.7L; Firmware version : v3.2.02) due to lack of encryption or hashing in storing of passwords within the router's firmware/ d
This vulnerability exists in Digisol Router (DG-GR1321: Hardware version 3.7L; Firmware version : v3.2.02) due to lack of encryption or hashing in storing of passwords within the router's firmware/ d...
5/14/2024CWE-256, CWE-256
CVE-2024-42197
5.5MEDIUM
HCL Workload Scheduler stores user credentials in plain text which can be read by a local user.
HCL Workload Scheduler stores user credentials in plain text which can be read by a local user.
12/11/2025CWE-256
CVE-2025-45702
6.5MEDIUM
SoftPerfect Pty Ltd Connection Quality Monitor v1.1 was discovered to store all credentials in plaintext.
SoftPerfect Pty Ltd Connection Quality Monitor v1.1 was discovered to store all credentials in plaintext.
7/24/2025CWE-256
CVE-2025-52164
8.2HIGH
Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to store credentials in plaintext.
Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to store credentials in plaintext.
7/18/2025CWE-256
CVE-2024-25138
6.5MEDIUM
In AutomationDirect C-MORE EA9 HMI, credentials used by the platform are stored as plain text on the device.
In AutomationDirect C-MORE EA9 HMI, credentials used by the platform are stored as plain text on the device.
3/26/2024CWE-256
CVE-2023-41610
8.8HIGH
Victure PC420 1.1.39 was discovered to contain a hardcoded root password which is stored in plaintext.
Victure PC420 1.1.39 was discovered to contain a hardcoded root password which is stored in plaintext.
9/18/2024CWE-256, CWE-798
CVE-2024-28325
6.1MEDIUM
Asus RT-N12+ B1 router stores credentials in cleartext, which could allow local attackers to obtain unauthorized access and modify router settings.
Asus RT-N12+ B1 router stores credentials in cleartext, which could allow local attackers to obtain unauthorized access and modify router settings.
4/26/2024CWE-256, CWE-522
CVE-2022-27548
4.9MEDIUM
HCL Launch stores user credentials in plain clear text which can be read by a local user.
HCL Launch stores user credentials in plain clear text which can be read by a local user.
7/6/2022CWE-256, CWE-522
CVE-2017-6049
7.5HIGH
Detcon Sitewatch Gateway, all versions without cellular, an attacker can edit settings on the device using a specially crafted URL.
Detcon Sitewatch Gateway, all versions without cellular, an attacker can edit settings on the device using a specially crafted URL.
4/2/2019CWE-256, CWE-287
CVE-2025-25727
6.2MEDIUM
Bosscomm IF740 Firmware versions:11001.7078 & v11001.0000 and System versions: 6.25 & 6.00 were discovered to store passwords in cleartext.
Bosscomm IF740 Firmware versions:11001.7078 & v11001.0000 and System versions: 6.25 & 6.00 were discovered to store passwords in cleartext.
2/28/2025CWE-256
CVE-2024-36460
8.1HIGH
The front-end audit log allows viewing of unprotected plaintext passwords, where the passwords are displayed in plain text.
The front-end audit log allows viewing of unprotected plaintext passwords, where the passwords are displayed in plain text.
8/12/2024CWE-256, CWE-522
CVE-2025-48046
NONE
An authenticated user can disclose the cleartext password of a configured SMTP server via an HTTP GET request to the /config.php endpoint.
An authenticated user can disclose the cleartext password of a configured SMTP server via an HTTP GET request to the /config.php endpoint.
5/29/2025CWE-256
CVE-2024-28736
7.1HIGH
An issue in Debezium Community debezium-ui v.2.5 allows a local attacker to execute arbitrary code via the refresh page function.
An issue in Debezium Community debezium-ui v.2.5 allows a local attacker to execute arbitrary code via the refresh page function.
5/31/2024CWE-256
CVE-2024-33375
9.8CRITICAL
LB-LINK BL-W1210M v2.0 was discovered to store user credentials in plaintext within the router's firmware.
LB-LINK BL-W1210M v2.0 was discovered to store user credentials in plaintext within the router's firmware.
6/14/2024CWE-256
CVE-2023-50945
6.2MEDIUM
IBM Common Licensing 9.0 stores user credentials in plain clear text which can be read by a local user.
IBM Common Licensing 9.0 stores user credentials in plain clear text which can be read by a local user.
1/26/2025CWE-256, CWE-522
CVE-2023-27315
6.5MEDIUM
SnapGathers versions prior to 4.9 are susceptible to a vulnerability which could allow a local authenticated attacker to discover plaintext domain user credentials
SnapGathers versions prior to 4.9 are susceptible to a vulnerability which could allow a local authenticated attacker to discover plaintext domain user credentials
10/12/2023CWE-256, CWE-522
CVE-2026-21660
NONE
Hardcoded Email Credentials Saved as Plaintext in Firmware (CWE-256: Plaintext Storage of a Password) vulnerability in Frick Controls Quantum HD version 10.22 and prior lead to unauthorized access, ex...
2/27/2026CWE-256
CVE-2024-45638
4.1MEDIUM
IBM Security QRadar 3.12 EDR stores user credentials in plain text which can be read by a local privileged user.
IBM Security QRadar 3.12 EDR stores user credentials in plain text which can be read by a local privileged user.
3/14/2025CWE-256