The vulnerability of the KrServerBDdemoRT.exe module of the SCADA system “KRUG-2000” lies in the lack of authentication for a critical function, which allows a intruder to trigger a service failure.

The vulnerability of the KrServerBDdemoRT.exe module of the “KRUG-2000” SCADA system is related to the absence of authentication for a critical function. Exploiting this vulnerability could allow an intruder, operating remotely, to cause service interruptions...

SAP NetWeaver Missing Authentication for Critical Function Vulnerability

SAP NetWeaver Application Server Java Platforms contains a missing authentication for critical function vulnerability allowing unauthenticated access to execute configuration tasks and create administrative users...

Siemens SIMATIC Process Historian

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC Process Historian Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could enable the execution of...

VulnCheck KEV: CVE-2022-1388

F5 BIG-IP contains a missing authentication in critical function vulnerability which can allow for remote code execution, creation or deletion of files, or disabling services...

Siemens SINEMA Server

1. EXECUTIVE SUMMARY CVSS v3 4.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINEMA Server Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain encoded...

The vulnerability of microprogrammed programmable logic controllers like Modicon and PacDrive lies in the lack of authentication for a critical function. This allows attackers to alter the device’s IP configuration.

The vulnerability of the microprogrammed logic controllers Modicon and PacDrive lies in the absence of authentication for the critical function. Exploiting this vulnerability allows an attacker to remotely alter the device’s IP configuration...

CVE-2021-33882

CVE-2021-33882 affects B. Braun SpaceCom2 prior to 012U000062 and is a Missing Authentication for Critical Function issue that lets a remote attacker reconfigure the device via unauthenticated commands on the SpaceCom/SpaceStation interface. Public Red Hat/US advisories and the McAfee/Trellix ana...

Siemens Sicam Missing Authentication for Critical Function

A vulnerability has been identified in SICAM MMU All versions V2.05, SICAM SGU All versions, SICAM T All versions V2.18. An attacker with access to the network could be able to install specially crafted firmware to the device. File data ot500482.nasl...

CVE-2020-7389 Sage X3 Syracuse Missing Authentication for Critical Function in Developer Environment

Sage X3 System CHAINE Variable Script Command Injection. An authenticated user with developer access can pass OS commands via this variable used by the web application. Note, this developer configuration should not be deployed in production...

CVE-2021-22784

A CWE-306: Missing Authentication for Critical Function vulnerability exists in C-Bus Toolkit v1.15.8 and prior that could allow an attacker to use a crafted webpage to obtain remote access to the system...

CVE-2021-28809 Missing Authentication for Critical Function in RTRR Server in HBS3

An improper access control vulnerability has been reported to affect certain legacy versions of HBS 3. If exploited, this vulnerability allows attackers to compromise the security of the operating system.QNAP have already fixed this vulnerability in the following versions of HBS 3: QTS 4.3.6: HBS...

Missing Authentication for Critical Function

Shopware is an open source eCommerce platform. Creation of order credits was not validated by ACL in admin orders. Users are recommend to update to the current version 6.4.1.1. You can get the update to 6.4.1.1 regularly via the Auto-Updater or directly via the download overview. For older versio...

SAP Netweaver JAVA 7.50 Missing Authorization

Onapsis Security Advisory 2021-0013: CVE-2020-26829 - Missing Authentication Check In SAP NetWeaver AS JAVA P2P Cluster communication Impact on Business A malicious unauthenticated user could abuse the lack of authentication check on SAP Java P2P cluster communication, in order to connect to the...

CVE-2021-22316

There is a Missing Authentication for Critical Function vulnerability in Huawei Smartphone. Attackers with physical access to the device can thereby exploit this vulnerability. A successful exploitation of this vulnerability can compromise the device's data security and functional availability...

CVE-2021-22322

There is a Missing Authentication for Critical Function vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may impair data confidentiality...

Authentication flaw

There is a Missing Authentication for Critical Function vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may impair data confidentiality...

CVE-2021-22322

Technical details are not publicly available in the provided documents. Monitor for updates.

Missing Authentication for Critical Function

Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos, the ConfigOpsController lets the user perform management operations like querying the database or even wiping it out. While the /data/remove endpoint is properly protected with the...

CVE-2021-20697

Missing authentication for critical function in DAP-1880AC firmware version 1.21 and earlier allows a remote attacker to login to the device as an authenticated user without the access privilege via unspecified vectors...

The vulnerability of Siemens LOGO!8 BM programmable logic controller’s microprogramming software lies in the lack of authentication for a critical function, allowing an intruder to gain unauthorized access to protected information.

The vulnerability of Siemens LOGO!8 BM programmable logic controller’s microprogramming software is related to the absence of authentication for a critical function. Exploiting this vulnerability could allow an intruder to gain unauthorized access to protected information...