9.8
CVE-2026-22906
- EPSS 0.07%
- Veröffentlicht 09.02.2026 07:40:33
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle info@cert.vde.com
- CVE-Watchlists
- Unerledigt
Hardcoded Key Allows Credential Disclosure
User credentials are stored using AES‑ECB encryption with a hardcoded key. An unauthenticated remote attacker obtaining the configuration file can decrypt and recover plaintext usernames and passwords, especially when combined with the authentication bypass.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerWAGO
≫
Produkt
0852-1322
Default Statusunaffected
Version <=
2.64
Version
0.0.0
Status
affected
HerstellerWAGO
≫
Produkt
0852-1328
Default Statusunaffected
Version <=
2.64
Version
0.0.0
Status
affected
HerstellerWAGO
≫
Produkt
0852-1322
Default Statusunaffected
Version
2.64
Status
affected
HerstellerWAGO
≫
Produkt
0852-1328
Default Statusunaffected
Version
2.64
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.07% | 0.2 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| info@cert.vde.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-321 Use of Hard-coded Cryptographic Key
The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.