CWE-522 - Insufficiently Protected Credentials

Description

This weakness occurs when the application transmits or stores authentication credentials and uses an insecure method that is susceptible to unauthorized interception and/or retrieval. An attacker can gain access to user accounts and access sensitive data used by the user accounts. The weakness is introduced during Architecture and Design, Implementation stages.

Latest vulnerabilities for CWE-522

Multiple vulnerabilities in Rockwell Automation FactoryTalk AssetCentre 2025-01-31
High Yes

Multiple vulnerabilities in ABB ASPECT-Enterprise, NEXUS, and MATRIX Series products 2025-01-13
High Yes

Multiple vulnerabilities in HPE Cloudline CL4150 Gen10 Server 2025-01-06
High Yes

Insufficiently protected credentials in Siemens CPCI85 Central Processing/Communication 2024-12-11
Low Yes

Insufficiently protected credentials in Zabbix 2024-12-05
Low Yes

Multiple vulnerabilities in Schneider Electric EcoStruxure Control Expert, EcoStruxure Process Expert and Modicon M340, M580 and M580 Safety PLCs 2024-11-29
High Yes

Insufficiently protected credentials in Zyxel USG FLEX H 2024-10-22
Low Yes

Multiple vulnerabilities in Elvaco M-Bus Metering Gateway CMe3100 2024-10-22
High No

Insufficiently protected credentials in HMS Networks EWON FLEXY 202 2024-10-18
High Yes

Multiple vulnerabilities in Kieback&Peter DDC4000 Series 2024-10-18
High Yes

References

Description of CWE-522 on Mitre website