CVE-2022-21952

A Missing Authentication for Critical Function vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to easily exhaust available disk resources leading to DoS. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46...

CVE-2022-21952

CVE-2022-21952 is a Missing Authentication for Critical Function vulnerability in spacewalk-java of SUSE Manager Server 4.1 and 4.2. The issue allows remote attackers to exhaust disk resources and trigger a Denial of Service. Affected are: SUSE Manager Server 4.1 spacewalk-java versions prior to ...

Honeywell Safety Manager Missing Authentication For Critical Function (CVE-2022-30313, CVE-2022-30314, CVE-2022-30315, CVE-2022-30316, CVE-2022-30317)

The device may be vulnerable to flaws related to OT:ICEFALL. These vulnerabilities identify the insecure-by-design nature of OT devices and may not have a clear remediation path. As such, Nessus is unable to test specifically for these vulnerabilities but has identified the device to be one that...

JTEKT TOYOPUC

1. EXECUTIVE SUMMARY CVSS v3 7.7 ATTENTION: Exploitable remotely Vendor: JTEKT Equipment: TOYOPUC Products Vulnerability: Missing Authentication for Critical Function CISA is aware of a public report, known as “OT:ICEFALL” that details vulnerabilities found in multiple operational technology OT...

Exploit for Missing Authentication for Critical Function in Apache Airflow

CVE-2021-38540 Proof of Concept Missing Authentication on Crit...

The vulnerability of the TrueConf Server software lies in the lack of authentication for a critical function, which allows a perpetrator to trigger a service failure.

The vulnerability of the TrueConf Server software is related to the lack of authentication for a critical function. Exploiting this vulnerability allows a perpetrator to remotely cause service failures by sending specially crafted requests...

The vulnerability of the software for providing network connections for NGINX Service Mesh allows a hacker to bypass the authentication process.

The vulnerability of the NGINX Service Mesh software for providing network connections is related to the absence of authentication for a critical function. Exploiting this vulnerability allows a malicious actor to bypass the authentication process...

Exploit for Missing Authentication for Critical Function in F5 Big-Ip_Access_Policy_Manager

CVE-2022-1388 This repository conssists of the python exploit...

CVE-2021-33008 AVEVA System Platform Missing Authentication for Critical Function

AVEVA System Platform versions 2017 through 2020 R2 P01 does not perform any authentication for functionality that requires a provable user identity...

Philips e-Alert

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low attack complexity Vendor: Philips Equipment: e-Alert Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an unauthorized actor to...

CVE-2021-22823

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector dc.exe V15.0.0.21320...

CVE-2021-22805

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector dc.exe V15.0.0.21243...

Authentication flaw

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector dc.exe V15.0.0.21320...

CVE-2021-22823

CVE-2021-22823 affects Schneider Electric IGSS Interactive Graphical SCADA System Data Collector (dc.exe) on v15.0.0.21320 and earlier. It is a CWE-306 Missing Authentication for Critical Function vulnerability caused by lack of validation of network messages, which could lead to deletion of arbi...

The vulnerability of the graphical interface of the Apache APISIX Dashboard cloud API gateway lies in the lack of authentication for a critical function, allowing attackers to bypass the authentication process.

The vulnerability of the graphical interface of the Apache APISIX Dashboard cloud API gateway is related to the lack of authentication for a critical function. Exploiting this vulnerability could allow a malicious actor to bypass the authentication process...

Authentication flaw

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow modifications of the touch configurations in an unauthorized manner when an attacker attempts to modify the touch configurations. Affected Product: spaceLYnk V2.6.2 and prior, Wiser for KNX formerly...

CVE-2022-22809

CVE-2022-22809 describes a CWE-306 Missing Authentication for Critical Function affecting Schneider Electric spaceLYnk, Wiser for KNX (formerly homeLYnk), and fellerLYnk, all with version 2.6.2 and prior. The issue allows unauthorized modification of touch configurations due to missing authentica...

Siemens SICAM MMU, SICAM T, and SICAM SGU Missing Authentication For Critical Function (CVE-2020-10044)

A vulnerability has been identified in SICAM MMU All versions V2.05, SICAM SGU All versions, SICAM T All versions V2.18. An attacker with access to the network could be able to install specially crafted firmware to the device. This plugin only works with Tenable.ot. Please visit...

Schneider Electric Modicon Controllers Uncaught Exception (CVE-2019-6808)

A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a remote code execution by overwriting configuration settings of the controller over Modbus. This plugin only works with Tenable.ot...

CVE-2021-26264 Emerson DeltaV Missing Authentication for Critical Function

A specially crafted script could cause the DeltaV Distributed Control System Controllers All Versions to restart and cause a denial-of-service condition...