849 matches found
Honeywell OneWireless Wireless Device Manager
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Honeywell Equipment: OneWireless Wireless Device Manager WDM Vulnerabilities: Command Injection, Use of Insufficiently Random Values, Missing Authentication for Critical Function 2. RISK EVALUATION...
CVE-2023-27983
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow deletion of reports from the IGSS project report directory, this would lead to loss of data when an attacker abuses this functionality. Affected Products: IGSS Data...
CVE-2023-27983
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow deletion of reports from the IGSS project report directory, this would lead to loss of data when an attacker abuses this functionality. Affected Products: IGSS Data...
CVE-2023-27980
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow the creation of a malicious report file in the IGSS project report directory, this could lead to remote code execution when a victim eventually opens the report. Affected...
CVE-2023-27980
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow the creation of a malicious report file in the IGSS project report directory, this could lead to remote code execution when a victim eventually opens the report. Affected...
CVE-2023-27980
CVE-2023-27980 : A CWE-306 vulnerability exists in Schneider Electric IGSS components (Data Server, Dashboard, Custom Reports) with versions 16.0.0.23040 and prior. The issue is a missing authentication for a critical function in the Data Server TCP interface, enabling creation of a malicious rep...
CVE-2023-27983
CVE-2023-27983 is a Missing Authentication for Critical Function (CWE-306) vulnerability in Schneider Electric IGSS components. The issue resides in the Data Server TCP interface and could allow deletion of reports from the IGSS project report directory, leading to data loss. Affected products/ve...
Wago Multiple Products Web-based Management Missing Authentication for Critical Function (CVE-2022-45138)
The configuration backend of the web-based management can be used by unauthenticated users, although only authenticated users should be able to use the API. The vulnerability allows an unauthenticated attacker to read and set several device parameters that can lead to full compromise of the devic...
The vulnerability of the MKLogic-500 PLC configuration protocol, related to the lack of authentication for critical functions, allows attackers to alter the device’s operating logic.
The vulnerability of the MKLogic-500 PLC configuration protocol lies in the absence of authentication for a critical function. Exploiting this vulnerability allows an attacker, operating remotely, to alter the device’s operating logic...
The vulnerability in the web-based interface for controlling programmable logic controllers WAGO PFC100/PFC200, CC100, Edge Controller, and sensor panels WAGO Touch Panel 600 allows a intruder to execute arbitrary code.
The vulnerability of the web-based interface for controlling WAGO PFC100/PFC200, CC100, Edge Controller, and WAGO Touch Panel 600 programmable logic controllers is related to the absence of authentication for a critical function. Exploiting this vulnerability could allow an attacker operating...
CVE-2022-45138 WAGO: Missing Authentication for Critical Function
The configuration backend of the web-based management can be used by unauthenticated users, although only authenticated users should be able to use the API. The vulnerability allows an unauthenticated attacker to read and set several device parameters that can lead to full compromise of the devic...
Authentication flaw
Missing Authentication for Critical Function in SICK FX0-GENT v3 Firmware Version V3.04 and V3.05 allows an unprivileged remote attacker to achieve arbitrary remote code execution via maliciously crafted RK512 commands to the listener on TCP port 9000...
CVE-2023-0919
Missing Authentication for Critical Function in GitHub repository kareadita/kavita prior to 0.7.0...
CVE-2023-0919
Missing Authentication for Critical Function in GitHub repository kareadita/kavita prior to 0.7.0...
Authentication flaw
Missing Authentication for Critical Function in GitHub repository kareadita/kavita prior to 0.7.0...
CVE-2023-0919 Missing Authentication for Critical Function in kareadita/kavita
Missing Authentication for Critical Function in GitHub repository kareadita/kavita prior to 0.7.0...
CVE-2023-0919 Missing Authentication for Critical Function in kareadita/kavita
Missing Authentication for Critical Function in GitHub repository kareadita/kavita prior to 0.7.0...
PT-2023-6678 · Kareadita · Kavita
Name of the Vulnerable Software and Affected Versions: kareadita/kavita versions prior to 0.7.0 Description: The issue is related to a missing authentication for a critical function in the kareadita/kavita GitHub repository. This could allow a remote attacker to impact the confidentiality and...
CVE-2023-22803 CVE-2023-22803
LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication to perform critical functions to the PLC. This could allow an attacker to change the PLC's mode arbitrarily...
SUSE CVE-2021-36780
A Missing Authentication for Critical Function vulnerability in longhorn of SUSE Longhorn allows attackers to connect to a longhorn-engine replica instance granting it the ability to read and write data to and from a replica that they should not have access to. This issue affects: SUSE Longhorn...