Authentication flaw

Honeywell Experion LX through 2022-05-06 has Missing Authentication for a Critical Function. According to FSCT-2022-0055, there is a Honeywell Experion LX Control Data Access CDA EpicMo protocol with unauthenticated functionality issue. The affected components are characterized as: Honeywell...

CVE-2022-30317

Summary (CVE-2022-30317, Honeywell Experion LX) : The vulnerability arises from the EpicMo protocol (55565/TCP) used by the Honeywell Experion LX DCS for device diagnostics/maintenance, which exposes unauthenticated functionality. Affected products include Experion LX up to 2022-05-06. The issue ...

PEEL-CSRF

The request appears to be vulnerable to cross-site request forgery CSRF attacks against unauthenticated functionality. This is unlikely to constitute a security vulnerability in its own right, however, it may facilitate the exploitation of other vulnerabilities affecting application users. The...

CVE-2020-11453

Microstrategy Web 10.4 is vulnerable to Server-Side Request Forgery in the Test Web Service functionality exposed through the path /MicroStrategyWS/. The functionality requires no authentication and, while it is not possible to pass parameters in the SSRF request, it is still possible to exploit ...