Lucene search
K

2963 matches found

ICS
ICS
added 2022/06/28 12:0 a.m.66 views

Motorola Solutions MOSCAD IP and ACE IP Gateways

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely Vendor: Motorola Solutions Equipment: MOSCAD IP Gateway and ACE IP Gateway Vulnerability: Missing Authentication for Critical Function CISA is aware of a public report, known as “OT:ICEFALL” that details vulnerabilities found in...

7.5CVSS8AI score0.00643EPSS
Exploits0References5
OSV
OSV
added 2022/06/24 3:15 p.m.3 views

CVE-2022-1521

LRM does not implement authentication or authorization by default. A malicious actor can inject, replay, modify, and/or intercept sensitive data...

9.1CVSS5.8AI score0.01024EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2022/06/23 12:0 a.m.39 views

JTEKT TOYOPUC Missing Authentication For Critical Function (CVE-2022-29951, CVE-2022-29958)

The device may be vulnerable to flaws related to OT:ICEFALL. These vulnerabilities identify the insecure-by-design nature of OT devices and may not have a clear remediation path. As such, Nessus is unable to test specifically for these vulnerabilities but has identified the device to be one that...

9.8CVSS8.2AI score0.00943EPSS
Exploits0References5
NVD
NVD
added 2022/06/22 10:15 a.m.20 views

CVE-2022-21952

A Missing Authentication for Critical Function vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to easily exhaust available disk resources leading to DoS. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46...

7.5CVSS0.01448EPSS
Exploits1References1
OSV
OSV
added 2022/06/22 10:15 a.m.3 views

CVE-2022-21952

A Missing Authentication for Critical Function vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to easily exhaust available disk resources leading to DoS. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46...

7.5CVSS7.3AI score0.01448EPSS
Exploits1References1
CVE
CVE
added 2022/06/22 10:5 a.m.89 views

CVE-2022-21952

CVE-2022-21952 is a Missing Authentication for Critical Function vulnerability in spacewalk-java of SUSE Manager Server 4.1 and 4.2. The issue allows remote attackers to exhaust disk resources and trigger a Denial of Service. Affected are: SUSE Manager Server 4.1 spacewalk-java versions prior to ...

7.5CVSS7.6AI score0.01448EPSS
Exploits1References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/06/22 12:0 a.m.59 views

Honeywell Safety Manager Missing Authentication For Critical Function (CVE-2022-30313, CVE-2022-30314, CVE-2022-30315, CVE-2022-30316, CVE-2022-30317)

The device may be vulnerable to flaws related to OT:ICEFALL. These vulnerabilities identify the insecure-by-design nature of OT devices and may not have a clear remediation path. As such, Nessus is unable to test specifically for these vulnerabilities but has identified the device to be one that...

9.8CVSS6.4AI score0.0073EPSS
Exploits0References8
Packet Storm
Packet Storm
added 2022/06/21 12:0 a.m.362 views

SAP FRUN Simple Diagnostics Agent 1.0 Missing Authentication

Onapsis Security Advisory 2022-0004: Missing Authentication check in SAP Focused Run Simple Diagnostics Agent 1.0 Impact on Business Because the Simple Diagnostic Agent SDA handles several important configuration and critical credential information, a successful attack could lead to the control o...

7.8CVSS0.7AI score0.00508EPSS
Exploits2
ICS
ICS
added 2022/06/21 12:0 a.m.69 views

Phoenix Contact Classic Line Industrial Controllers

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Phoenix Contact Equipment: ILC 131 ETH, ILC 131 ETH/XC, ILC 151 ETH, ILC 151 ETH/XC, ILC 171 ETH 2TX, ILC 191 ETH 2TX, ILC 191 ME/AN, and AXC 1050 Vulnerability: Missing Authentication for Critical...

9.8CVSS10AI score0.03079EPSS
Exploits1References4
ICS
ICS
added 2022/06/21 12:0 a.m.80 views

JTEKT TOYOPUC

1. EXECUTIVE SUMMARY CVSS v3 7.7 ATTENTION: Exploitable remotely Vendor: JTEKT Equipment: TOYOPUC Products Vulnerability: Missing Authentication for Critical Function CISA is aware of a public report, known as “OT:ICEFALL” that details vulnerabilities found in multiple operational technology OT...

9.8CVSS10AI score0.00943EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2022/06/20 1:58 a.m.634 views

Exploit for Missing Authentication for Critical Function in F5 Big-Ip_Access_Policy_Manager

F5-CVE-2022-1388-Exploit Exploit and Check Script for CVE 2022...

9.8CVSS10AI score0.99956EPSS
Exploits63
ATTACKERKB
ATTACKERKB
added 2022/06/20 12:0 a.m.7 views

CVE-2022-21952

A Missing Authentication for Critical Function vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to easily exhaust available disk resources leading to DoS. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46...

7.5CVSS7.2AI score0.01448EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/06/20 12:0 a.m.11 views

PT-2022-15201 · Suse · Suse Manager Server +1

Name of the Vulnerable Software and Affected Versions: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46 SUSE Manager Server 4.2 spacewalk-java versions prior to 4.2.37 Description: A Missing Authentication for Critical Function issue in spacewalk-java of SUSE Manager Server allows...

9.8CVSS7.6AI score0.05994EPSS
Exploits4References64
OSV
OSV
added 2022/06/14 10:15 a.m.3 views

CVE-2022-32251

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.1. There is a missing authentication verification for a resource used to change the roles and permissions of a user. This could allow an attacker to change the permissions of any user and gain the privileges of an...

9.8CVSS5.7AI score
Exploits0References2
Prion
Prion
added 2022/06/14 10:15 a.m.19 views

Authentication flaw

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.1. There is a missing authentication verification for a resource used to change the roles and permissions of a user. This could allow an attacker to change the permissions of any user and gain the privileges of an...

7.5CVSS9.5AI score0.01098EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/06/14 9:22 a.m.23 views

CVE-2022-32251

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.1. There is a missing authentication verification for a resource used to change the roles and permissions of a user. This could allow an attacker to change the permissions of any user and gain the privileges of an...

8.8CVSS9.8AI score0.01098EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/06/14 12:0 a.m.6 views

PT-2022-21177 · Siemens · Sinema Remote Connect Server

Name of the Vulnerable Software and Affected Versions: SINEMA Remote Connect Server versions prior to V3.1 Description: A missing authentication verification for a resource used to change the roles and permissions of a user has been identified. This could allow an attacker to change the permissio...

9.8CVSS7.4AI score0.01098EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2022/06/01 12:0 a.m.5 views

The vulnerability of the REST API interface implementation of the software package for working with IoT devices, known as Open Automation Software, arises from the lack of authentication for a critical function. This allows a perpetrator to execute arbitrary code.

The vulnerability of the REST API interface implementation of the software package for working with IoT devices is related to the lack of authentication for critical functions. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending specially crafted HTTP...

9.7CVSS8.2AI score0.37606EPSS
Exploits1References5Affected Software1
Talos
Talos
added 2022/05/25 12:0 a.m.26 views

Open Automation Software Platform Engine SecureAddUser External config control vulnerability

Summary An external config control vulnerability exists in the OAS Engine SecureAddUser functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of an OAS user account. An attacker can send a sequence of requests t...

7.5CVSS7.8AI score0.01208EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2022/05/16 3:15 p.m.6 views

CVE-2022-1557

The ULeak Security & Monitoring WordPress plugin through 1.2.3 does not have authorisation and CSRF checks when updating its settings, and is also lacking sanitisation as well as escaping in some of them, which could allow any authenticated users such as subscriber to perform Stored Cross-Site...

5.4CVSS6.1AI score0.01073EPSS
Exploits2References3
Rows per page
Query Builder