2927 matches found
Omron CS/CJ Series
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Omron Equipment: SYSMAC CS/CJ Series Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access...
CVE-2023-29411
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow changes to administrative credentials, leading to potential remote code execution without requiring prior authentication on the Java RMI interface...
CVE-2023-29413
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause Denial-of-Service when accessed by an unauthenticated user on the Schneider UPS Monitor service...
CVE-2023-29411
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow changes to administrative credentials, leading to potential remote code execution without requiring prior authentication on the Java RMI interface...
CVE-2023-29413
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause Denial-of-Service when accessed by an unauthenticated user on the Schneider UPS Monitor service...
Authentication flaw
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause Denial-of-Service when accessed by an unauthenticated user on the Schneider UPS Monitor service...
CVE-2023-29413
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause Denial-of-Service when accessed by an unauthenticated user on the Schneider UPS Monitor service...
CVE-2023-29411
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow changes to administrative credentials, leading to potential remote code execution without requiring prior authentication on the Java RMI interface...
CVE-2023-29411
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow changes to administrative credentials, leading to potential remote code execution without requiring prior authentication on the Java RMI interface...
CVE-2023-29411
CVE-2023-29411 describes a Missing Authentication for Critical Function vulnerability in Schneider Electric’s Easy UPS Online Monitoring Software (Windows APC Easy UPS Online Monitoring Software and Schneider Electric Easy UPS Online Monitoring Software). The flaw allows changes to administrative...
PT-2023-2418 · Schneider +1 · Schneider Ups Monitor Service +1
Name of the Vulnerable Software and Affected Versions: Schneider UPS Monitor service affected versions not specified APC Easy UPS Online Monitoring Software affected versions not specified Description: A Missing Authentication for Critical Function issue exists, which could cause Denial-of-Servic...
CVE-2022-41331
A missing authentication for critical function vulnerability CWE-306 in FortiPresence infrastructure server before version 1.2.1 allows a remote, unauthenticated attacker to access the Redis and MongoDB instances via crafted authentication requests...
CVE-2022-41331
A missing authentication for critical function vulnerability CWE-306 in FortiPresence infrastructure server before version 1.2.1 allows a remote, unauthenticated attacker to access the Redis and MongoDB instances via crafted authentication requests...
CVE-2023-27497
Due to missing authentication and input sanitization of code the EventLogServiceCollector of SAP Diagnostics Agent - version 720, allows an attacker to execute malicious scripts on all connected Diagnostics Agents running on Windows. On successful exploitation, the attacker can completely...
CVE-2023-27267
Due to missing authentication and insufficient input validation, the OSCommand Bridge of SAP Diagnostics Agent - version 720, allows an attacker with deep knowledge of the system to execute scripts on all connected Diagnostics Agents. On successful exploitation, the attacker can completely...
CVE-2023-28761 Missing Authentication check in SAP NetWeaver Enterprise Portal
In SAP NetWeaver Enterprise Portal - version 7.50, an unauthenticated attacker can attach to an open interface and make use of an open API to access a service which will enable them to access or modify server settings and data, leading to limited impact on confidentiality and integrity...
PT-2023-21172 · Sap · Sap Diagnostic Agent
Name of the Vulnerable Software and Affected Versions: SAP Diagnostics Agent version 720 Description: The EventLogServiceCollector of SAP Diagnostics Agent is affected by missing authentication and input sanitization of code, allowing an attacker to execute malicious scripts on all connected...
PT-2023-2328 · Sap · Sap Diagnostic Agent
Name of the Vulnerable Software and Affected Versions: SAP Diagnostics Agent version 720 Description: The issue is related to missing authentication and insufficient input validation in the OSCommand Bridge of the SAP Diagnostics Agent. This allows an attacker with deep knowledge of the system to...
Honeywell OneWireless Wireless Device Manager
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Honeywell Equipment: OneWireless Wireless Device Manager WDM Vulnerabilities: Command Injection, Use of Insufficiently Random Values, Missing Authentication for Critical Function 2. RISK EVALUATION...
Multiple vulnerabilities in Seiko Solutions SkyBridge MB-A100/A110/A200/A130 SkySpider MB-R210
Overview SkyBridge MB-A100/A110/A200/A130 SkySpider MB-R210 provided by Seiko Solutions Inc. contain multiple vulnerabilities listed below. Exposure of sensitive information to an unauthorized actor CWE-200 - CVE-2016-2183 Command injection CWE-77 - CVE-2022-36556 Unrestricted upload of file with...