CWE-836

Use of Password Hash Instead of Password for Authentication

2 CVEs Avg CVSS 4.8 MITRE
0
CRITICAL
0
HIGH
2
MEDIUM
0
LOW
0
POC
0
KEV

Monthly

CVE-2025-52543 MEDIUM This Month

E3 Site Supervisor Control (firmware version < 2.31F01) application services (MGW and RCI) uses client side hashing for authentication. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure E3 Supervisory Controller Firmware
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-48925 MEDIUM Monitor

The TeleMessage service through 2025-05-05 relies on the client side (e.g., the TM SGNL app) to do MD5 hashing, and then accepts the hash as the authentication credential. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Telemessage
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-52543
EPSS 0% CVSS 5.3
MEDIUM This Month

E3 Site Supervisor Control (firmware version < 2.31F01) application services (MGW and RCI) uses client side hashing for authentication. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure E3 Supervisory Controller Firmware
NVD
CVE-2025-48925
EPSS 0% CVSS 4.3
MEDIUM Monitor

The TeleMessage service through 2025-05-05 relies on the client side (e.g., the TM SGNL app) to do MD5 hashing, and then accepts the hash as the authentication credential. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Telemessage
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy