Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Credentials read locally from a config file (AV:L) with no further auth, and the recovered secrets unlock other back-end systems, justifying S:C with high C/I and low A impact.
Primary rating from Vendor (hq).
CVSS VectorVendor: hq
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
Storage Concentrator (SC & SCVM) contains hardcoded credentials for numerous internal services embedded within a configuration file. While the credentials are stored in an encoded format, the encoding can be reversed to plaintext. The exposed credentials span a broad range of internal services, including database accounts, licensing, replication services, and third-party integrations, meaning successful exploitation of this vulnerability could provide an attacker with unauthorized access to multiple interconnected systems.
AnalysisAI
Credential exposure in StoneFly Storage Concentrator (SC) and its virtual machine variant (SCVM) lets an attacker recover plaintext credentials for numerous internal services from a configuration file where they are stored using reversible encoding rather than encryption. The hardcoded accounts cover databases, licensing, replication, and third-party integrations, so recovering them grants pivoting access across multiple interconnected systems. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Requires local access to read the appliance configuration file on StoneFly Storage Concentrator (SC) or SCVM where the encoded credentials reside (CVSS AV:L), after which no further authentication or user interaction is modeled (PR:N/UI:N) - the attacker simply reverses the known encoding to obtain plaintext. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals partly conflict and warrant careful triage. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with local or administrative access to an SC/SCVM appliance - for example a semi-trusted operator, a contractor, or an adversary who has already gained an initial foothold - reads the configuration file and applies the known reversible decoding to recover plaintext service credentials. They then reuse the recovered database, replication, and integration passwords to authenticate to connected back-end systems and pivot laterally across the storage environment. … |
| Remediation | No vendor-released patch version is identified in the provided data - review the CISA advisory ICSA-26-181-06 (https://www.cisa.gov/news-events/ics-advisories/icsa-26-181-06) and contact StoneFly (https://stonefly.com/contact-us/) for the fixed firmware/SCVM release and apply it as the primary fix; if the vendor provides a build that rotates or randomizes the embedded credentials, deploy it and then force-rotate every affected back-end secret (database, licensing, replication, integration accounts), since the original cleartext values must be considered compromised. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: audit and restrict local access (physical console, SSH, RDP) to all StoneFly SC/SCVM instances; review access logs for unauthorized activity; notify teams managing systems that consume StoneFly credentials. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-798 – Use of Hard-coded Credentials
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40846
GHSA-7x9m-9r4j-r94f