Siemens SIMATIC eaSie Core Package

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC eaSie Vulnerabilities: Improper Input Validation, Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow...

Bently Nevada ADAPT 3701/4X Series and 60M100

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Bently Nevada Equipment: 3701/4X series and 60M100 3701/60 Condition Monitoring System Vulnerabilities: Use of Hard-coded Credentials, Missing Authentication for Critical Function CISA is aware of a...

Exploit for Missing Authentication for Critical Function in F5 Big-Ip_Access_Policy_Manager

CVE-2022-1388 - refresh PoC for exploiting CVE-2022-1388 on B...

Motorola Solutions MOSCAD IP and ACE IP Gateways

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely Vendor: Motorola Solutions Equipment: MOSCAD IP Gateway and ACE IP Gateway Vulnerability: Missing Authentication for Critical Function CISA is aware of a public report, known as “OT:ICEFALL” that details vulnerabilities found in...

Advantech iView

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Advantech Equipment: iView Vulnerabilities: SQL Injection, Missing Authentication for Critical Function, Relative Path Traversal, Command Injection 2. RISK EVALUATION Successful exploitation of these...

CVE-2022-1521

LRM does not implement authentication or authorization by default. A malicious actor can inject, replay, modify, and/or intercept sensitive data...

JTEKT TOYOPUC Missing Authentication For Critical Function (CVE-2022-29951, CVE-2022-29958)

The device may be vulnerable to flaws related to OT:ICEFALL. These vulnerabilities identify the insecure-by-design nature of OT devices and may not have a clear remediation path. As such, Nessus is unable to test specifically for these vulnerabilities but has identified the device to be one that...

CVE-2022-21952

A Missing Authentication for Critical Function vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to easily exhaust available disk resources leading to DoS. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46...

CVE-2022-21952

A Missing Authentication for Critical Function vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to easily exhaust available disk resources leading to DoS. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46...

CVE-2022-21952

CVE-2022-21952 is a Missing Authentication for Critical Function vulnerability in spacewalk-java of SUSE Manager Server 4.1 and 4.2. The issue allows remote attackers to exhaust disk resources and trigger a Denial of Service. Affected are: SUSE Manager Server 4.1 spacewalk-java versions prior to ...

Honeywell Safety Manager Missing Authentication For Critical Function (CVE-2022-30313, CVE-2022-30314, CVE-2022-30315, CVE-2022-30316, CVE-2022-30317)

The device may be vulnerable to flaws related to OT:ICEFALL. These vulnerabilities identify the insecure-by-design nature of OT devices and may not have a clear remediation path. As such, Nessus is unable to test specifically for these vulnerabilities but has identified the device to be one that...

SAP FRUN Simple Diagnostics Agent 1.0 Missing Authentication

Onapsis Security Advisory 2022-0004: Missing Authentication check in SAP Focused Run Simple Diagnostics Agent 1.0 Impact on Business Because the Simple Diagnostic Agent SDA handles several important configuration and critical credential information, a successful attack could lead to the control o...

JTEKT TOYOPUC

1. EXECUTIVE SUMMARY CVSS v3 7.7 ATTENTION: Exploitable remotely Vendor: JTEKT Equipment: TOYOPUC Products Vulnerability: Missing Authentication for Critical Function CISA is aware of a public report, known as “OT:ICEFALL” that details vulnerabilities found in multiple operational technology OT...

Phoenix Contact Classic Line Industrial Controllers

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Phoenix Contact Equipment: ILC 131 ETH, ILC 131 ETH/XC, ILC 151 ETH, ILC 151 ETH/XC, ILC 171 ETH 2TX, ILC 191 ETH 2TX, ILC 191 ME/AN, and AXC 1050 Vulnerability: Missing Authentication for Critical...

Exploit for Missing Authentication for Critical Function in F5 Big-Ip_Access_Policy_Manager

F5-CVE-2022-1388-Exploit Exploit and Check Script for CVE 2022...

CVE-2022-21952

A Missing Authentication for Critical Function vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to easily exhaust available disk resources leading to DoS. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46...

PT-2022-15201 · Suse · Suse Manager Server +1

Name of the Vulnerable Software and Affected Versions: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46 SUSE Manager Server 4.2 spacewalk-java versions prior to 4.2.37 Description: A Missing Authentication for Critical Function issue in spacewalk-java of SUSE Manager Server allows...

CVE-2022-32251

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.1. There is a missing authentication verification for a resource used to change the roles and permissions of a user. This could allow an attacker to change the permissions of any user and gain the privileges of an...

Authentication flaw

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.1. There is a missing authentication verification for a resource used to change the roles and permissions of a user. This could allow an attacker to change the permissions of any user and gain the privileges of an...

CVE-2022-32251

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.1. There is a missing authentication verification for a resource used to change the roles and permissions of a user. This could allow an attacker to change the permissions of any user and gain the privileges of an...