Storage Concentrator (SC & SCVM) contains hardcoded credentials for numerous internal services embedded within a configuration file. While the credentials are stored in an encoded format, the encoding can be reversed to plaintext. The exposed credentials span a broad range of internal services, including database accounts, licensing, replication services, and third-party integrations, meaning successful exploitation of this vulnerability could provide an attacker with unauthorized access to multiple interconnected systems.
Metrics
Affected Vendors & Products
References
History
Tue, 30 Jun 2026 23:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Storage Concentrator (SC & SCVM) contains hardcoded credentials for numerous internal services embedded within a configuration file. While the credentials are stored in an encoded format, the encoding can be reversed to plaintext. The exposed credentials span a broad range of internal services, including database accounts, licensing, replication services, and third-party integrations, meaning successful exploitation of this vulnerability could provide an attacker with unauthorized access to multiple interconnected systems. | |
| Title | Use of Hard-coded Credentials in StoneFly Storage Concentrator | |
| Weaknesses | CWE-798 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: icscert
Published:
Updated: 2026-06-30T22:54:42.362Z
Reserved: 2026-06-22T20:13:36.505Z
Link: CVE-2026-50110
No data.
No data.
No data.
OpenCVE Enrichment
No data.