CVE-2020-7561

The CVE-2020-7561 issue affects Schneider Electric Easergy T300 firmware 2.7 and older. The root cause is Missing Authentication for Critical Function (CWE-306), potentially allowing a remote attacker to access protected resources, leading to information exposure, denial of service, and remote co...

PT-2020-6314 · Schneider Electric · Easergy T300

Name of the Vulnerable Software and Affected Versions: Easergy T300 versions 2.7 and older Description: A missing authentication for critical function issue exists, which could cause problems including information exposure, denial of service, and command execution when access to a resource from a...

The vulnerability of the device controller in the Cisco Data Center Network Manager system allows a intruder to perform arbitrary actions on the vulnerable device.

The vulnerability of the Data Center Network Manager DCNM device relates to the absence of authentication for a critical function. Exploiting this vulnerability allows an attacker, operating remotely, to perform arbitrary actions on the vulnerable device...

Design/Logic Flaw

Missing Authentication for Critical Function in Icegram Email Subscribers & Newsletters Plugin for WordPress prior to version 4.5.6 allows a remote, unauthenticated attacker to conduct unauthenticated email forgery/spoofing...

CVE-2020-16167

Missing Authentication for Critical Function in temi Robox OS prior to 120, temi Android app up to 1.3.7931 allows remote attackers to receive and answer calls intended for another temi user. Answering the call this way grants motor control of the temi in addition to audio/video via unspecified...

Authentication flaw

Missing Authentication for Critical Function in temi Robox OS prior to 120, temi Android app up to 1.3.7931 allows remote attackers to receive and answer calls intended for another temi user. Answering the call this way grants motor control of the temi in addition to audio/video via unspecified...

CVE-2020-16167

Missing Authentication for Critical Function in temi Robox OS prior to 120, temi Android app up to 1.3.7931 allows remote attackers to receive and answer calls intended for another temi user. Answering the call this way grants motor control of the temi in addition to audio/video via unspecified...

CVE-2020-16167

CVE-2020-16167, CVE-2020-16168 and CVE-2020-16169 pertain to temi robot’s IoT stack. The Connected documents confirm: (1) Missing Authentication for Critical Functions allowed publishing/subscribing to MQTT topics and inter-app privilege escalation (CVE-16167) enabling an attacker to subscribe to...

The vulnerability of the Java RMI voice portal interface of Cisco Unified Customer Voice Portal allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Java RMI voice portal of Cisco Unified Customer Voice Portal is related to the lack of authentication for a critical function. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...

Grundfos CIM 500

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Grundfos Pumps Corporation Equipment: CIM 500 Vulnerabilities: Missing Authentication for Critical Function, Unprotected Storage of Credentials 2. RISK EVALUATION Successful exploitation of these...

CVE-2019-5620

ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function...

CVE-2019-5620

ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function...

PT-2020-11147 · Abb · Abb Microscada Pro Sys600

Name of the Vulnerable Software and Affected Versions: ABB MicroSCADA Pro SYS600 version 9.3 Description: The issue is related to missing authentication for a critical function, as described by the instance of CWE-306. This means that the software lacks proper authentication mechanisms, potential...

CVE-2019-16879

The Synergy Systems & Solutions SSS HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has a Missing Authentication for Critical Function CWE-306 vulnerability. The affected product does not require authentication for TELNET access, which may allow an attacker to change configuration or...

Advantech WebAccess/NMS UsersInputAction Missing Authentication for Critical Function Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the usersInputAction.action endpoint. Authentication i...

Schneider Electric IGSS SCADA Software

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: IGSS Interactive Graphical SCADA System Vulnerabilities: Path Traversal, Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of...

CVE-2020-7479

A CWE-306: Missing Authentication for Critical Function vulnerability exists in IGSS Versions 14 and prior using the service: IGSSupdate, which could allow a local user to execute processes that otherwise require escalation privileges when sending local network commands to the IGSS Update Service...

Exploit for Missing Authentication for Critical Function in Atlassian Jira

CVE-2019-8449 Proof Of Concept Exploit f...

CVE-2020-6769 Missing Authentication for Critical Function in Bosch Video Streaming Gateway

Missing Authentication for Critical Function in the Bosch Video Streaming Gateway VSG allows an unauthenticated remote attacker to retrieve and set arbitrary configuration data of the Video Streaming Gateway. A successful attack can impact the confidentiality and availability of live and recorded...

Schneider-electric Modicon Missing Authentication for Critical Function

A CWE-306: Missing Authentication for Critical Function vulnerability exists which could cause a modification of device IP configuration IP address, network mask and gateway IP address when a specific Ethernet frame is received in all versions of: Modicon M100, Modicon M200, Modicon M221, ATV IMC...