Primary

Context

Hanwha Device Manager Hardcoded Encryption Key Vulnerability Allowing Decryption of Sensitive Information

Vulnerability

A vulnerability has been identified in Hanwha Device Manager, where a hardcoded encryption key is available for decrypting sensitive information. This issue was discovered by Nozomi Networks Labs, which specializes in security for Industrial Control Systems (ICS) and OT/IoT environments. The manufacturer has released a patch for this vulnerability; details can be found in the manufacturer's report.

Impact

Exploitation of this vulnerability allows for the decryption of sensitive information, potentially leading to unauthorized access or disclosure of confidential data.

Remediation

Users are advised to update to the latest firmware version. Please refer to the manufacturer's report for specific details and workarounds.

Added: Dec 26, 2025, 6:16 AM

Updated: Dec 26, 2025, 6:16 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

7.7

relevance

1.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

7.7

relevance

1.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Hanwha Device Manager Hardcoded Encryption Key Vulnerability Allowing Decryption of Sensitive Information

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating