Siemens SCALANCE X Products (Update B)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE X Products Vulnerabilities: Missing Authentication for Critical Function, Heap-based Buffer Overflow 2. UPDATE INFORMATION This updated advisory is a follow-up to the...

The vulnerability of HiSilicon Hi3520D microprogramming chip software lies in the lack of authentication for a critical function, allowing attackers to trigger a service failure or execute arbitrary code.

The vulnerability of HiSilicon Hi3520D chipset’s microprogramming software is related to the absence of authentication for a critical function. Exploiting this vulnerability could allow an attacker to trigger a service failure or execute arbitrary code...

CVE-2020-7540

CVE-2020-7540 affects Schneider Electric Modicon Web Server components on Modicon M340, and legacy Modicon Quantum and Premium, plus associated communication modules. The root cause is CWE-306 Missing Authentication for Critical Function, enabling unauthenticated command execution via specially c...

CVE-2020-7561

A CWE-306: Missing Authentication for Critical Function vulnerability exists in Easergy T300 with firmware 2.7 and older that could cause a wide range of problems, including information exposure, denial of service, and command execution when access to a resource from an attacker is not restricted...

Authentication flaw

A CWE-306: Missing Authentication for Critical Function vulnerability exists in Easergy T300 with firmware 2.7 and older that could cause a wide range of problems, including information exposure, denial of service, and command execution when access to a resource from an attacker is not restricted...

PT-2020-6314 · Schneider Electric · Easergy T300

Name of the Vulnerable Software and Affected Versions: Easergy T300 versions 2.7 and older Description: A missing authentication for critical function issue exists, which could cause problems including information exposure, denial of service, and command execution when access to a resource from a...

CVE-2020-7561

The CVE-2020-7561 issue affects Schneider Electric Easergy T300 firmware 2.7 and older. The root cause is Missing Authentication for Critical Function (CWE-306), potentially allowing a remote attacker to access protected resources, leading to information exposure, denial of service, and remote co...

The vulnerability of the device controller in the Cisco Data Center Network Manager system allows a intruder to perform arbitrary actions on the vulnerable device.

The vulnerability of the Data Center Network Manager DCNM device relates to the absence of authentication for a critical function. Exploiting this vulnerability allows an attacker, operating remotely, to perform arbitrary actions on the vulnerable device...

Design/Logic Flaw

Missing Authentication for Critical Function in Icegram Email Subscribers & Newsletters Plugin for WordPress prior to version 4.5.6 allows a remote, unauthenticated attacker to conduct unauthenticated email forgery/spoofing...

CVE-2020-16167

Missing Authentication for Critical Function in temi Robox OS prior to 120, temi Android app up to 1.3.7931 allows remote attackers to receive and answer calls intended for another temi user. Answering the call this way grants motor control of the temi in addition to audio/video via unspecified...

Authentication flaw

Missing Authentication for Critical Function in temi Robox OS prior to 120, temi Android app up to 1.3.7931 allows remote attackers to receive and answer calls intended for another temi user. Answering the call this way grants motor control of the temi in addition to audio/video via unspecified...

CVE-2020-16167

Missing Authentication for Critical Function in temi Robox OS prior to 120, temi Android app up to 1.3.7931 allows remote attackers to receive and answer calls intended for another temi user. Answering the call this way grants motor control of the temi in addition to audio/video via unspecified...

CVE-2020-16167

CVE-2020-16167, CVE-2020-16168 and CVE-2020-16169 pertain to temi robot’s IoT stack. The Connected documents confirm: (1) Missing Authentication for Critical Functions allowed publishing/subscribing to MQTT topics and inter-app privilege escalation (CVE-16167) enabling an attacker to subscribe to...

The vulnerability of the Java RMI voice portal interface of Cisco Unified Customer Voice Portal allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Java RMI voice portal of Cisco Unified Customer Voice Portal is related to the lack of authentication for a critical function. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...

Grundfos CIM 500

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Grundfos Pumps Corporation Equipment: CIM 500 Vulnerabilities: Missing Authentication for Critical Function, Unprotected Storage of Credentials 2. RISK EVALUATION Successful exploitation of these...

CVE-2019-5620

ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function...

CVE-2019-5620

ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function...

PT-2020-11147 · Abb · Abb Microscada Pro Sys600

Name of the Vulnerable Software and Affected Versions: ABB MicroSCADA Pro SYS600 version 9.3 Description: The issue is related to missing authentication for a critical function, as described by the instance of CWE-306. This means that the software lacks proper authentication mechanisms, potential...

CVE-2019-16879

The Synergy Systems & Solutions SSS HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has a Missing Authentication for Critical Function CWE-306 vulnerability. The affected product does not require authentication for TELNET access, which may allow an attacker to change configuration or...

Advantech WebAccess/NMS UsersInputAction Missing Authentication for Critical Function Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the usersInputAction.action endpoint. Authentication i...