Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Credential Exposure vulnerability in MEPIS RM
Vulnerability Description
A vulnerability was identified in MEPIS RM, an industrial software product developed by Metronik. The application contained a hardcoded cryptographic key within the Mx.Web.ComponentModel.dll component. When the option to store domain passwords was enabled, this key was used to encrypt user passwords before storing them in the application’s database. An attacker with sufficient privileges to access the database could extract the encrypted passwords, decrypt them using the embedded key, and gain unauthorized access to the associated ICS/OT environment.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
使用硬编码的凭证
Vulnerability Title
MEPIS RM 安全漏洞
Vulnerability Description
MEPIS RM是斯洛文尼亚MEPIS公司的一款用于设备集中监控与远程控制的管理平台。 MEPIS RM存在安全漏洞,该漏洞源于Mx.Web.ComponentModel.dll组件中存在硬编码加密密钥,可能导致攻击者解密用户密码并获取未授权访问。
CVSS Information
N/A
Vulnerability Type
N/A