PTC Axeda agent and Axeda Desktop Server (Update C)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: PTC Equipment: Axeda agent, Axeda Desktop Server Vulnerabilities: Use of Hard-coded Credentials, Missing Authentication for Critical Function, Exposure of Sensitive Information to an Unauthorized Actor,...

Trailer Power Line Communications (PLC) J2497

1. EXECUTIVE SUMMARY CVSS v3 9.3 ATTENTION: Exploitable remotely/low attack complexity Equipment: Power Line Communications PLC: J2497 a.k.a. PLC4TRUCKS Vulnerabilities: Missing Authentication for Critical Function, Improper Protection against Electromagnetic Fault Injection 2. RISK EVALUATION...

(Pwn2Own) Cisco RV340 NGINX Missing Authentication Information Disclosure Vulnerability

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Cisco RV340 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the NGINX web server. The issue results from...

CVE-2021-22805

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector dc.exe V15.0.0.21243...

CVE-2021-22823

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector dc.exe V15.0.0.21320...

CVE-2021-22805

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector dc.exe V15.0.0.21243...

Authentication flaw

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector dc.exe V15.0.0.21320...

CVE-2021-22823

CVE-2021-22823 affects Schneider Electric IGSS Interactive Graphical SCADA System Data Collector (dc.exe) on v15.0.0.21320 and earlier. It is a CWE-306 Missing Authentication for Critical Function vulnerability caused by lack of validation of network messages, which could lead to deletion of arbi...

CVE-2022-22809

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow modifications of the touch configurations in an unauthorized manner when an attacker attempts to modify the touch configurations. Affected Product: spaceLYnk V2.6.2 and prior, Wiser for KNX formerly...

CVE-2022-22809

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow modifications of the touch configurations in an unauthorized manner when an attacker attempts to modify the touch configurations. Affected Product: spaceLYnk V2.6.2 and prior, Wiser for KNX formerly...

Authentication flaw

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow modifications of the touch configurations in an unauthorized manner when an attacker attempts to modify the touch configurations. Affected Product: spaceLYnk V2.6.2 and prior, Wiser for KNX formerly...

CVE-2022-22809

CVE-2022-22809 describes a CWE-306 Missing Authentication for Critical Function affecting Schneider Electric spaceLYnk, Wiser for KNX (formerly homeLYnk), and fellerLYnk, all with version 2.6.2 and prior. The issue allows unauthorized modification of touch configurations due to missing authentica...

The vulnerability of the configuration of software solutions for Zoho ManageEngine ServiceDesk Plus, Zoho ManageEngine ServiceDesk Plus MSP, and Zoho ManageEngine SupportCenter Plus lies in the absence of authentication procedures, which allow attackers to execute arbitrary code.

The vulnerability of the configuration of software solutions for Zoho ManageEngine ServiceDesk Plus, Zoho ManageEngine ServiceDesk Plus MSP, and Zoho ManageEngine SupportCenter Plus lies in the absence of authentication procedures. Exploiting this vulnerability allows a malicious actor to execute...

Siemens SIPROTEC 4, SIPROTEC Compact, DIGSI 4, and EN100 Ethernet Module Missing Authentication For Critical Function (CVE-2018-4840)

A vulnerability has been identified in DIGSI 4 All versions V4.92, EN100 Ethernet module DNP3 variant All versions V1.05.00, EN100 Ethernet module IEC 104 variant All versions, EN100 Ethernet module IEC 61850 variant All versions V4.30, EN100 Ethernet module Modbus TCP variant All versions, EN100...

Siemens SICAM MMU, SICAM T, and SICAM SGU Missing Authentication For Critical Function (CVE-2020-10044)

A vulnerability has been identified in SICAM MMU All versions V2.05, SICAM SGU All versions, SICAM T All versions V2.18. An attacker with access to the network could be able to install specially crafted firmware to the device. This plugin only works with Tenable.ot. Please visit...

Schneider Electric Modicon Controllers Uncaught Exception (CVE-2019-6808)

A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a remote code execution by overwriting configuration settings of the controller over Modbus. This plugin only works with Tenable.ot...

Siemens SICAM MMU, SICAM T, and SICAM SGU Missing Authentication For Critical Function (CVE-2020-10038)

A vulnerability has been identified in SICAM MMU All versions V2.05, SICAM SGU All versions, SICAM T All versions V2.18. An attacker with access to the device's web server might be able to execute administrative commands without authentication. This plugin only works with Tenable.ot. Please visit...

Fleet 授权问题漏洞

Fleet is a suite of host monitoring platforms. fleet suffers from an authorization issue vulnerability that stems from a limited ability to spoof SAML authentication with missing user authentication. No detailed vulnerability details are currently available...

GHSA-7RJP-FGWJ-47RW Missing authentication in ShenYu

Missing authentication on ShenYu Admin when register by HTTP. This issue affected Apache ShenYu 2.4.0 and 2.4.1...

Missing authentication in ShenYu

Missing authentication on ShenYu Admin when register by HTTP. This issue affected Apache ShenYu 2.4.0 and 2.4.1...