CVE-2017-8861

Missing authentication for the remote configuration port 1236/tcp on the Cohu 3960HD allows an attacker to change configuration parameters such as IP address and username/password via specially crafted XML SOAP packets...

JanTek JTC-200 RS232-NET Connector CSRF / Missing Authentication Vulnerability

JanTek JTC-200 RS232-NET Connector suffers from cross site request forgery and missing authentication vulnerabilities...

JanTek JTC-200 RS232-NET Connector CSRF / Missing Authentication

Vendor: JanTek Equipment: JTC-200 Vulnerabilities: Cross-site Request Forgery, Improper Authentication Advisory URL: https://ipositivesecurity.com/2017/10/28/ics-jantek-jtc-200-rs232-net-converter-advisory-published/ ICS-CERT Advisory https://ics-cert.us-cert.gov/advisories/ICSA-17-283-02 CVE-ID...

CVE-2017-13997

A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. InduSoft Web Studio provides the capability for an HMI client to trigger script execution on the server for the purposes ...

CVE-2017-13997

A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. InduSoft Web Studio provides the capability for an HMI client to trigger script execution on the server for the purposes ...

Authentication flaw

A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. InduSoft Web Studio provides the capability for an HMI client to trigger script execution on the server for the purposes ...

CVE-2017-1483

IBM Security Identity Manager Adapters 6.0 and 7.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 128621...

IBM Security Identity Manager Unauthorized Access Vulnerability

IBM Security Identity Manager ISIM is a suite of identity management and governance solutions from IBM in the United States that automates the creation, modification, re-authentication, and termination of user privileges throughout the user lifecycle and supports policy-based password...

Hewlett Packard Enterprise Application Performance Management Staging Data Replicator hpbsmsdr Missing Authentication for Critical Function Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Application Performance Management Staging Data Replicator. The specific flaw exists within the hpbsmsdr web service, which listens on TCP port 29921 by default. The...

Schneider Electric InduSoft Web Studio, InTouch Machine Edition

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Schneider Electric Equipment: InduSoft Web Studio, InTouch Machine Edition Vulnerability: Missing Authentication for Critical Function AFFECTED PRODUCTS Schneider Electric reports that the vulnerability affects the...

D-Link DIR Router Missing Authentication Check

The remote D-Link DIR router does not enforce authentication when a remote user requests registersend.php. An attacker can use this weakness to recover the administrator password. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid103219; scriptversion"1.5";...

CVE-2017-12733

A Missing Authentication for Critical Function issue was discovered in OPW Fuel Management Systems SiteSentinel Integra 100, SiteSentinel Integra 500, and SiteSentinel iSite ATG consoles with the following software versions: older than V175, V175-V189, V191-V195, and V16Q3.1. An attacker may crea...

Authentication flaw

A Missing Authentication for Critical Function issue was discovered in OPW Fuel Management Systems SiteSentinel Integra 100, SiteSentinel Integra 500, and SiteSentinel iSite ATG consoles with the following software versions: older than V175, V175-V189, V191-V195, and V16Q3.1. An attacker may crea...

CVE-2017-12733

CVE-2017-12733 affects OPW Fuel Management Systems SiteSentinel Integra 100, Integra 500, and SiteSentinel iSite ATG consoles with firmware older than V175, V175–V189, V191–V195, and V16Q3.1. The vulnerability arises from Missing Authentication for a Critical Function, allowing an attacker to cre...

Oracle MICROS POS missing authorisation check

Application: Oracle MICROS POS Versions Affected: Oracle Hospitality Simphony 2.7-2.9 Vendor URL: Oracle Bug: Missing Authentication for Critical Function Reported: 21.07.2017 Vendor response: 22.07.2017 Date of Public Advisory: 17.01.2018 Reference: Oracle CPU January 2018 Author: Dmitry Chastuh...

Junos OS Elevation of Privilege Vulnerability in Multiple Juniper Products

Juniper QFX5110 series and others are products of Juniper Networks, Inc. The QFX5110 series is a series of Ethernet switches; the Juniper vSRX series is a series of firewall emulator products; and the SRX1500 series is a series of firewall appliances. Junos OS is one of the operating systems. A...

Siemens OZW672 and OZW772

CVSS v3 7.4 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: OZW672 and OZW772 Vulnerabilities: Missing Authentication AFFECTED PRODUCTS Siemens reports that the vulnerability affects the following OZW672 and OZW772 devices for monitoring building controller...

HP SiteScope Multiple Vulnerabilities

HP SiteScope is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:hp:sitescope"; ifdescription...

HPE SiteScope contains multiple vulnerabilities

Overview HPE's SiteScope is vulnerable to several cryptographic issues, insufficiently protected credentials, and missing authentication. Description HPE's SiteScope is vulnerable to several vulnerabilities. The researcher reports that version 11.31.461 is affected; other versions may also be...

SAP POS Missing Authentication in XpressServer

Application: SAP POS Xpress Server Vendor URL: SAP Bug: Missing Authentication Check Reported: 15.05.2017 Vendor response: 16.05.2017 Date of Public Advisory: 11.07.2017 Reference: SAP Security Note 2520064 Author: Vladimir Egorov ERPScan VULNERABILITY INFORMATION Class: Missing Authentication...