Skip to main content

CWE-317

Cleartext Storage of Sensitive Information in GUI

5 CVEs Avg CVSS 6.9 MITRE
1
CRITICAL
1
HIGH
3
MEDIUM
0
LOW
1
POC
0
KEV

Monthly

CVE-2025-14816 CRITICAL CISA Emergency

SQL Server credentials are displayed in cleartext within the Hyper Historian Splitter GUI across multiple Mitsubishi Electric SCADA/HMI platforms (GENESIS64, ICONICS Suite, MC Works64, and related products), allowing local authenticated attackers with low privileges to capture database credentials and subsequently gain unauthorized access to backend SQL Servers. This affects versions 10.97.3 and prior for most products and all versions of MC Works64. No active exploitation confirmed (not in CISA KEV), though CISA has issued ICS advisory ICSA-26-097-01. With a CVSS 9.3 (Critical) score reflecting high confidentiality, integrity, and availability impact on both vulnerable and subsequent systems, the risk centers on credential theft enabling downstream SQL Server compromise.

Information Disclosure Genesis64 Iconics Suite Mobilehmi Hyper Historian +3
NVD
CVSS 4.0
9.3
EPSS
0.0%
CVE-2026-24431 MEDIUM This Month

Tenda W30E V2 firmware through V16.01.0.19(5037) exposes stored administrative passwords in plaintext on the management interface, allowing any authenticated user to retrieve credentials. This information disclosure affects administrative account security and could enable privilege escalation or lateral movement. No patch is currently available.

Information Disclosure W30e Firmware
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2022-29090 MEDIUM This Month

Dell Wyse Management Suite 3.6.1 and below contains a Sensitive Data Exposure vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Dell Wyse Management Suite
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-0354 HIGH POC This Week

A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Lenovo Information Disclosure System Update
NVD VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2019-13947 MEDIUM This Month

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sinvr 3 Central Control Server Sinvr 3 Video Server
NVD
CVSS 3.1
4.9
EPSS
0.9%
EPSS 0% CVSS 9.3
CRITICAL Emergency

SQL Server credentials are displayed in cleartext within the Hyper Historian Splitter GUI across multiple Mitsubishi Electric SCADA/HMI platforms (GENESIS64, ICONICS Suite, MC Works64, and related products), allowing local authenticated attackers with low privileges to capture database credentials and subsequently gain unauthorized access to backend SQL Servers. This affects versions 10.97.3 and prior for most products and all versions of MC Works64. No active exploitation confirmed (not in CISA KEV), though CISA has issued ICS advisory ICSA-26-097-01. With a CVSS 9.3 (Critical) score reflecting high confidentiality, integrity, and availability impact on both vulnerable and subsequent systems, the risk centers on credential theft enabling downstream SQL Server compromise.

Information Disclosure Genesis64 Iconics Suite +5
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Tenda W30E V2 firmware through V16.01.0.19(5037) exposes stored administrative passwords in plaintext on the management interface, allowing any authenticated user to retrieve credentials. This information disclosure affects administrative account security and could enable privilege escalation or lateral movement. No patch is currently available.

Information Disclosure W30e Firmware
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Dell Wyse Management Suite 3.6.1 and below contains a Sensitive Data Exposure vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Dell Wyse Management Suite
NVD
EPSS 0% CVSS 7.3
HIGH POC This Week

A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Lenovo Information Disclosure System Update
NVD VulDB
EPSS 1% CVSS 4.9
MEDIUM This Month

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sinvr 3 Central Control Server Sinvr 3 Video Server
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy