CWE-1240

5 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →

CVEs classified under CWE-1240page 1 of 1

CVE-2023-51392MEDIUMCVSS 6.2EG 6.2
2024-02-23
Ember ZNet between v7.2.0 and v7.4.0 used software AES-CCM instead of integrated hardware cryptographic accelerators, potentially increasing risk of electromagnetic and differential power analysis sidechannel attacks.
CVE-2024-0220HIGHCVSS 8.3EG 8.3
2024-02-22
B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code …
CVE-2024-0323CRITICALCVSS 9.8EG 9.8
2024-02-05
The FTP server used on the B&R Automation Runtime supports unsecure encryption mechanisms, such as SSLv3, TLSv1.0 and TLS1.1. An network-based attacker can exploit the flaws to conduct man-in-the-middle attacks or to decrypt communications…
CVE-2024-37137LOWCVSS 3.8EG 5.5
2024-06-28
Dell Key Trust Platform, v3.0.6 and prior, contains Use of a Cryptographic Primitive with a Risky Implementation vulnerability. A local privileged attacker could potentially exploit this vulnerability, leading to privileged information dis…
CVE-2026-44410LOWCVSS 3.8EG 3.8
2026-05-26
This vulnerability stems from a business logic flaw.Attackers can exploit legitimate application functions in unintended and abnormal ways, deviating from the designer's expectations, to carry out malicious attacks.

Map vulnerabilities like CWE-1240 to your infrastructure

EchelonGraph correlates every CVE — across CWE-1240 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.

Start Free Scan →