CVE-2022-48300

The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this vulnerability may affect data confidentiality...

LS ELECTRIC XBC-DN32U

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: LS ELECTRIC, LS Industrial Systems LSIS Co. Ltd Equipment: XBC-DN32U Vulnerabilities: Missing Authentication for Critical Function, Improper Access Control, Cleartext Transmission of Sensitive...

CVE-2022-43761

Missing authentication when creating and managing the B&R APROL database in versions R 4.2-07 allows reading and changing the system configuration...

Authentication flaw

Missing authentication when creating and managing the B&R APROL database in versions R 4.2-07 allows reading and changing the system configuration...

CVE-2022-3229

Because the web management interface for Unified Intents' Unified Remote solution does not itself require authentication, a remote, unauthenticated attacker can change or disable authentication requirements for the Unified Remote protocol, and leverage this now-unauthenticated access to run code ...

Exploit for Missing Authentication for Critical Function in Oracle E-Business_Suite

CVE-2022-21587-POC- CVE-2022-21587 POC file exploit.py w...

Exploit for Missing Authentication for Critical Function in Oracle E-Business_Suite

CVE-2022-21587-POC- CVE-2022-21587 POC file exploit.py w...

CVE-2022-42970

A CWE-306: Missing Authentication for Critical Function The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. Affected Products: APC Easy UPS Online Monitoring Software Windows 7, 10, 11 & Windows...

CVE-2022-42970

Schneider Electric APC Easy UPS Online Monitoring Software (Schneider Electric/APC Easy UPS Online Monitoring Software) versions prior to V2.5-GA (Windows 7/10/11 and Windows Server 2016/2019/2022) and prior to V2.5-GA-01-22261 (Windows 11/Server 2019/2022) are affected by CVE-2022-42970 due to m...

CVE-2022-42970

A CWE-306: Missing Authentication for Critical Function The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. Affected Products: APC Easy UPS Online Monitoring Software Windows 7, 10, 11 & Windows...

CVE-2022-32528

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause access to manipulate and read specific files in the IGSS project report directory, potentially leading to a denial-of-service condition when an attacker sends specific messages. Affected Products: IGSS...

CVE-2022-32528

The CVE-2022-32528 entry concerns Schneider Electric IGSS Data Server (IGSSdataServer.exe) prior to version V15.0.0.22170. The issue is a CWE-306 Missing Authentication for Critical Function vulnerability that could allow an attacker to manipulate and read files in the IGSS project report directo...

Phoenix Contact Classic Line Industrial Controllers Missing Authentication For Critical Function (CVE-2019-9201)

Multiple Phoenix Contact devices allow remote attackers to establish TCP sessions to port 1962 and obtain sensitive information or make changes, as demonstrated by using the Create Backup feature to traverse all directories. This plugin only works with Tenable.ot. Please visit...

CVE-2023-0052 SAUTER Controls Nova 200–220 Series Missing Authentication for Critical Function

SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior allows the execution of commands without credentials. As Telnet and file transfer protocol FTP are the only protocols available for device management, an unauthorized user could acce...

CVE-2023-0052 SAUTER Controls Nova 200–220 Series Missing Authentication for Critical Function

SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior allows the execution of commands without credentials. As Telnet and file transfer protocol FTP are the only protocols available for device management, an unauthorized user could acce...

CVE-2022-3738 WAGO: Missing authentication for config export functionality in multiple products

The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. That backup file might contain sensitive information like credentials and cryptographic material. A valid user has to create a backup after the last reboot for this attack to be successfull...

Exploit for Missing Authentication for Critical Function in Linuxfoundation Harbor

CVE-2022-46463 CVE-2022-46463POChttps://nvd.nist.gov/vuln...

SAUTER Controls Nova 200 - 220 Series (PLC 6)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: SAUTER Controls Equipment: Nova 200–220 Series PLC 6 Vulnerabilities: Missing Authentication for Critical Function, Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful...

SAP BusinessObjects Business Intelligence Platform 4.2 < 4.2 SP9 P11 / 4.3 < 4.3 SP2 P8 Multiple Vulnerabilities

The version of SAP BusinessObjects Business Intelligence Platform installed on the remote Windows host is prior to 4.2 SP9 P11, 4.3 SP2 P8 or 4.3 SP3. It is, therefore, affected by multiple vulnerabilities: - A server-side request forgery vulnerability SSRF where an attacker with normal BI user...

PT-2022-5821 · Schneider Electric · Apc Easy Ups Online Monitoring +1

Name of the Vulnerable Software and Affected Versions: APC Easy UPS Online Monitoring Software versions prior to V2.5-GA APC Easy UPS Online Monitoring Software versions prior to V2.5-GA-01-22261 Schneider Electric Easy UPS Online Monitoring Software versions prior to V2.5-GS Schneider Electric...