The vulnerability of microprogrammed software in Schneider Electric’s programmable logic controllers such as Modicon M340, Modicon Quantum, and Modicon Premium lies in the absence of authentication for a critical function, allowing attackers to execute arbitrary commands.

The vulnerability of microprogrammed software in Schneider Electric’s programmable logic controllers such as Modicon M340, Modicon Quantum, and Modicon Premium lies in the absence of authentication for critical functions. Exploiting this vulnerability allows an attacker operating remotely to...

The vulnerability of the if_get_addbook.php component of the White Shark System platform allows a intruder to gain unauthorized access to protected information.

The vulnerability of the ifgetaddbook.php component of the White Shark System is related to the lack of authentication for the critical function. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...

CVE-2021-23847 Unauthenticated Information Extraction Vulnerability

A Missing Authentication in Critical Function in Bosch IP cameras allows an unauthenticated remote attacker to extract sensitive information or change settings of the camera by sending crafted requests to the device. Only devices of the CPP6, CPP7 and CPP7.3 family with firmware 7.70, 7.72, and...

The vulnerability of Siemens LOGO!8 BM programmable logic controller’s microprogramming software lies in the lack of authentication for a critical function, allowing an intruder to gain unauthorized access to protected information.

The vulnerability of Siemens LOGO!8 BM programmable logic controller’s microprogramming software is related to the absence of authentication for a critical function. Exploiting this vulnerability could allow an intruder to gain unauthorized access to protected information...

The vulnerability of the _krb5_extract_ticket() function in the Samba networking software package arises from a lack of authentication mechanism checks. This vulnerability allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the krb5extractticket function in the Samba networking software package is related to the lack of a mechanism for verifying the authenticity of data. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its integrity, and cause...

F5 BIG-IP 访问控制错误漏洞

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. An information disclosure vulnerability exists in F5 BIG-IP, which stems from a failure to implement any form of authenticatio...

Apache Airflow 访问控制错误漏洞

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. A security vulnerability exists in Apache Airflow version 2.0.0, which stems from t...

CVE-2020-27276

SOOIL Developments Co Ltd DiabecareRS,AnyDana-i & AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i & AnyDana-A mobile apps doesn't use adequate measures to authenticate the communicating entities before exchanging keys, which allows unauthenticated, physically proximate...

Scalance X Products Critical Function Authentication Missing Vulnerability

SCALANCE X is a switch for connecting industrial components such as programmable logic controllers plc or human machine interfaces HMIs. The Scalance X Products Critical Function Authentication Missing vulnerability can be exploited by an attacker to reboot the device over a network...

The vulnerability of the web interface of the Cisco Vision Dynamic Signage Director system allows a perpetrator to access protected information.

The vulnerability of the Cisco Vision Dynamic Signage Director digital content management web interface is related to the lack of authentication for a critical function. Exploiting this vulnerability could allow an attacker to gain access to protected information...

D-link DSR-250 输入验证错误漏洞

The D-Link DSR-250 is an 8-port Gigabit VPN router with dynamic Web content filtering. A command injection vulnerability exists in the Unified Services Router web interface of the D-Link DSR-250 3.17. The vulnerability stems from a lack of authentication of input provided in a multipart HTTP POST...

The vulnerability of HiSilicon Hi3520D microprogramming chip software lies in the lack of authentication for a critical function, allowing attackers to trigger a service failure or execute arbitrary code.

The vulnerability of HiSilicon Hi3520D chipset’s microprogramming software is related to the absence of authentication for a critical function. Exploiting this vulnerability could allow an attacker to trigger a service failure or execute arbitrary code...

The vulnerability of the REST API interface of the Cisco IoT Field Network Director software, which allows a perpetrator to gain unauthorized access to protected information, enabling read, modify, or delete operations on data.

The vulnerability of the REST API interface of the Cisco IoT Field Network Director software lies in the absence of a authentication mechanism for accessing the database. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected informatio...

SAP Solution Manager Missing Authentication Check Vulnerability (CNVD-2020-62930)

SAP Solution Manager is a set of system monitoring, SAP support desktop, self-service, ASAP implementation and other functions of the German SAP company as one of the system management platform. The platform can help customers establish SAP solution lifecycle management, and provide system...

CVE-2020-24033

An issue was discovered in fs.com S3900 24T4S 1.7.0 and earlier. The form does not have an authentication or token authentication mechanism that allows remote attackers to forge requests on behalf of a site administrator to change all settings including deleting users, creating new users with...

CVE-2020-3461 Cisco Data Center Network Manager Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco Data Center Network Manager DCNM could allow an unauthenticated, remote attacker to obtain confidential information from an affected device. The vulnerability is due to missing authentication on a specific part of the web-based...

CVE-2020-6287

SAP NetWeaver AS JAVA LM Configuration Wizard, versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create ...

Micro Air Vehicle Link Access Control Error Vulnerability

Micro Air Vehicle Link MAVLink is a lightweight messaging protocol from the Dronecode project that is primarily used for communication between ground control terminals ground stations and UAVs as well as between airborne UAV components. An access control error vulnerability exists in MAVLink, whi...

The vulnerability of the software key storage mechanism of Cisco Application Services Engine allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Cisco Application Services Engine software repository is related to the lack of authentication for critical functions. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

CVE-2020-10272

MiR100, MiR200 and other MiR robots use the Robot Operating System ROS default packages exposing the computational graph without any sort of authentication. This allows attackers with access to the internal wireless and wired networks to take control of the robot seamlessly. In combination with...