Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2012-6440

Summary
Assigner-icscert
Assigner Org ID-7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At-24 Jan, 2013 | 21:00
Updated At-30 Jun, 2025 | 22:03
Rejected At-
Credits

Rockwell Automation ControlLogix PLC Improper Input Validation

The Web server password authentication mechanism used by the products is vulnerable to a MitM and Replay attack. Successful exploitation of this vulnerability will allow unauthorized access of the product’s Web server to view and alter product configuration and diagnostics information. Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:icscert
Assigner Org ID:7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At:24 Jan, 2013 | 21:00
Updated At:30 Jun, 2025 | 22:03
Rejected At:
▼CVE Numbering Authority (CNA)
Rockwell Automation ControlLogix PLC Improper Input Validation

The Web server password authentication mechanism used by the products is vulnerable to a MitM and Replay attack. Successful exploitation of this vulnerability will allow unauthorized access of the product’s Web server to view and alter product configuration and diagnostics information. Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400

Affected Products
Vendor
Rockwell Automation, Inc.Rockwell Automation
Product
1756-ENBT, 1756-EWEB, 1768-ENBT, 1768-EWEB communication modules
Default Status
unaffected
Versions
Affected
  • All
Vendor
Rockwell Automation, Inc.Rockwell Automation
Product
CompactLogix L32E and L35E controllers
Default Status
unaffected
Versions
Affected
  • All
Vendor
Rockwell Automation, Inc.Rockwell Automation
Product
1788-ENBT FLEXLogix adapter
Default Status
unaffected
Versions
Affected
  • All
Vendor
Rockwell Automation, Inc.Rockwell Automation
Product
1794-AENTR FLEX I/O EtherNet/IP adapter
Default Status
unaffected
Versions
Affected
  • All
Vendor
Rockwell Automation, Inc.Rockwell Automation
Product
ControlLogix, CompactLogix, GuardLogix, and SoftLogix
Default Status
unaffected
Versions
Affected
  • From 0 through 18 (custom)
Vendor
Rockwell Automation, Inc.Rockwell Automation
Product
CompactLogix and SoftLogix controllers
Default Status
unaffected
Versions
Affected
  • From 0 through 19 (custom)
Vendor
Rockwell Automation, Inc.Rockwell Automation
Product
ControlLogix and GuardLogix controllers
Default Status
unaffected
Versions
Affected
  • From 0 through 20 (custom)
Vendor
Rockwell Automation, Inc.Rockwell Automation
Product
MicroLogix
Default Status
unaffected
Versions
Affected
  • 1100
  • 1400
Problem Types
TypeCWE IDDescription
CWECWE-287CWE-287
Type: CWE
CWE ID: CWE-287
Description: CWE-287
Metrics
VersionBase scoreBase severityVector
2.09.3N/A
AV:N/AC:M/Au:N/C:C/I:C/A:C
Version: 2.0
Base score: 9.3
Base severity: N/A
Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

According to Rockwell, any of the above products that become affected by a vulnerability can be reset by rebooting or power cycling the affected product. After the reboot, the affected product may require some reconfiguration. To mitigate the vulnerabilities, Rockwell has developed and released security patches on July 18, 2012, to address each of the issues. To download and install the patches please refer to Rockwell’s Advisories at: https://rockwellautomation.custhelp.com/app/answers/detail/a_id/470154 https://rockwellautomation.custhelp.com/app/answers/detail/aid/470155 https://rockwellautomation.custhelp.com/app/answers/detail/aid/470156 For more information on security with Rockwell Automation products, please refer to Rockwell’s Security Advisory Index http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102 .

Configurations
Workarounds

Rockwell recommends updating to the newest firmware patches to fix the vulnerabilities, but if not able to do so right away, then Rockwell advises immediately employing the following mitigations for each of the affected products. To mitigate the vulnerability with the Web server password authentication mechanism: * Upgrade the MicroLogix 1400 firmware to FRN 12 or higher. * Because of limitations in the MicroLogix 1100 platform, none of the firmware updates will be able to fix this issue, so users should use the following techniques to help reduce the likelihood of compromise. * Where possible, disable the Web server and change all default Administrator and Guest passwords. * If Web server functionality is needed, then Rockwell recommends upgrading the product’s firmware to the most current version to have the newest enhanced protections available such as: * When a controller receives two consecutive invalid authentication requests from an HTTP client, the controller resets the Authentication Counter after 60 minutes. * When a controller receives 10 invalid authentication requests from any HTTP client, it will not accept any valid or invalid authentication packets until a 24-hour HTTP Server Lock Timer timeout. * If Web server functionality is needed, Rockwell also recommends configuring user accounts to have READ only access to the product so those accounts cannot be used to make configuration change In addition to the above, Rockwell recommends concerned customers remain vigilant and continue to follow security strategies that help reduce risk and enhance overall control system security. Where possible, they suggest you apply multiple recommendations and complement this list with your own best-practices: * Employ layered security and defense-in-depth methods in system design to restrict and control access to individual products and control networks. Refer to http://www.ab.com/networks/architectures.html for comprehensive information about implementing validated architectures designed to deliver these measures. * Restrict physical and electronic access to automation products, networks, and systems to only those individuals authorized to be in contact with control system equipment. * Employ firewalls with ingress/egress filtering, intrusion detection/prevention systems, and validate all configurations. Evaluate firewall configurations to ensure other appropriate inbound and outbound traffic is blocked. * Use up-to-date end-point protection software (e.g., antivirus/antimalware software) on all PC-based assets. * Make sure that software and control system device firmware is patched to current releases. * Periodically change passwords in control system components and infrastructure devices. * Where applicable, set the controller key-switch/mode-switch to RUN mode. For more information on security with Rockwell Automation products, please refer to Rockwell’s Security Advisory Index http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102 .

Exploits
Credits
finder
This vulnerability was discovered by Rockwell Automation engineers as they were investigating other vulnerabilities reported at the Digital Bond S4 2012 Conference.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.cisa.gov/news-events/ics-advisories/icsa-13-011-03
N/A
https://rockwellautomation.custhelp.com/app/answers/detail/a_id/470154
N/A
https://rockwellautomation.custhelp.com/app/answers/detail/aid/470155
N/A
https://rockwellautomation.custhelp.com/app/answers/detail/aid/470156
N/A
http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102
N/A
Hyperlink: https://www.cisa.gov/news-events/ics-advisories/icsa-13-011-03
Resource: N/A
Hyperlink: https://rockwellautomation.custhelp.com/app/answers/detail/a_id/470154
Resource: N/A
Hyperlink: https://rockwellautomation.custhelp.com/app/answers/detail/aid/470155
Resource: N/A
Hyperlink: https://rockwellautomation.custhelp.com/app/answers/detail/aid/470156
Resource: N/A
Hyperlink: http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102
Resource: N/A
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf
x_refsource_MISC
x_transferred
Hyperlink: http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:ics-cert@hq.dhs.gov
Published At:24 Jan, 2013 | 21:55
Updated At:30 Jun, 2025 | 22:15

The Web server password authentication mechanism used by the products is vulnerable to a MitM and Replay attack. Successful exploitation of this vulnerability will allow unauthorized access of the product’s Web server to view and alter product configuration and diagnostics information. Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary2.09.3HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
Primary2.09.3HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
Type: Secondary
Version: 2.0
Base score: 9.3
Base severity: HIGH
Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 9.3
Base severity: HIGH
Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CPE Matches
Rockwell Automation, Inc.
rockwellautomation
>>controllogix_controllers>>Versions up to 20(inclusive)
cpe:2.3:a:rockwellautomation:controllogix_controllers:*:*:*:*:*:*:*:*
Rockwell Automation, Inc.
rockwellautomation
>>guardlogix_controllers>>Versions up to 20(inclusive)
cpe:2.3:a:rockwellautomation:guardlogix_controllers:*:*:*:*:*:*:*:*
Rockwell Automation, Inc.
rockwellautomation
>>micrologix>>Versions up to 1100(inclusive)
cpe:2.3:a:rockwellautomation:micrologix:*:*:*:*:*:*:*:*
Rockwell Automation, Inc.
rockwellautomation
>>micrologix>>Versions up to 1400(inclusive)
cpe:2.3:a:rockwellautomation:micrologix:*:*:*:*:*:*:*:*
Rockwell Automation, Inc.
rockwellautomation
>>softlogix_controllers>>Versions up to 19(inclusive)
cpe:2.3:a:rockwellautomation:softlogix_controllers:*:*:*:*:*:*:*:*
Rockwell Automation, Inc.
rockwellautomation
>>1756-enbt>>-
cpe:2.3:h:rockwellautomation:1756-enbt:-:*:*:*:*:*:*:*
Rockwell Automation, Inc.
rockwellautomation
>>1756-eweb>>-
cpe:2.3:h:rockwellautomation:1756-eweb:-:*:*:*:*:*:*:*
Rockwell Automation, Inc.
rockwellautomation
>>1768-enbt>>-
cpe:2.3:h:rockwellautomation:1768-enbt:-:*:*:*:*:*:*:*
Rockwell Automation, Inc.
rockwellautomation
>>1768-eweb>>-
cpe:2.3:h:rockwellautomation:1768-eweb:-:*:*:*:*:*:*:*
Rockwell Automation, Inc.
rockwellautomation
>>1794-aentr_flex_i\/o_ethernet\/ip_adapter>>-
cpe:2.3:h:rockwellautomation:1794-aentr_flex_i\/o_ethernet\/ip_adapter:-:*:*:*:*:*:*:*
Rockwell Automation, Inc.
rockwellautomation
>>compactlogix>>Versions up to 18(inclusive)
cpe:2.3:h:rockwellautomation:compactlogix:*:*:*:*:*:*:*:*
Rockwell Automation, Inc.
rockwellautomation
>>compactlogix_controllers>>Versions up to 19(inclusive)
cpe:2.3:h:rockwellautomation:compactlogix_controllers:*:*:*:*:*:*:*:*
Rockwell Automation, Inc.
rockwellautomation
>>compactlogix_l32e_controller>>-
cpe:2.3:h:rockwellautomation:compactlogix_l32e_controller:-:*:*:*:*:*:*:*
Rockwell Automation, Inc.
rockwellautomation
>>compactlogix_l35e_controller>>-
cpe:2.3:h:rockwellautomation:compactlogix_l35e_controller:-:*:*:*:*:*:*:*
Rockwell Automation, Inc.
rockwellautomation
>>controllogix>>Versions up to 18(inclusive)
cpe:2.3:h:rockwellautomation:controllogix:*:*:*:*:*:*:*:*
Rockwell Automation, Inc.
rockwellautomation
>>flexlogix_1788-enbt_adapter>>-
cpe:2.3:h:rockwellautomation:flexlogix_1788-enbt_adapter:-:*:*:*:*:*:*:*
Rockwell Automation, Inc.
rockwellautomation
>>guardlogix>>Versions up to 18(inclusive)
cpe:2.3:h:rockwellautomation:guardlogix:*:*:*:*:*:*:*:*
Rockwell Automation, Inc.
rockwellautomation
>>softlogix>>Versions up to 18(inclusive)
cpe:2.3:h:rockwellautomation:softlogix:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-287Primaryics-cert@hq.dhs.gov
CWE-287Secondarynvd@nist.gov
CWE ID: CWE-287
Type: Primary
Source: ics-cert@hq.dhs.gov
CWE ID: CWE-287
Type: Secondary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102ics-cert@hq.dhs.gov
N/A
https://rockwellautomation.custhelp.com/app/answers/detail/a_id/470154ics-cert@hq.dhs.gov
N/A
https://rockwellautomation.custhelp.com/app/answers/detail/aid/470155ics-cert@hq.dhs.gov
N/A
https://rockwellautomation.custhelp.com/app/answers/detail/aid/470156ics-cert@hq.dhs.gov
N/A
https://www.cisa.gov/news-events/ics-advisories/icsa-13-011-03ics-cert@hq.dhs.gov
N/A
http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdfaf854a3a-2127-422b-91ae-364da2661108
US Government Resource
Hyperlink: http://rockwellautomation.custhelp.com/app/answers/detail/a_id/54102
Source: ics-cert@hq.dhs.gov
Resource: N/A
Hyperlink: https://rockwellautomation.custhelp.com/app/answers/detail/a_id/470154
Source: ics-cert@hq.dhs.gov
Resource: N/A
Hyperlink: https://rockwellautomation.custhelp.com/app/answers/detail/aid/470155
Source: ics-cert@hq.dhs.gov
Resource: N/A
Hyperlink: https://rockwellautomation.custhelp.com/app/answers/detail/aid/470156
Source: ics-cert@hq.dhs.gov
Resource: N/A
Hyperlink: https://www.cisa.gov/news-events/ics-advisories/icsa-13-011-03
Source: ics-cert@hq.dhs.gov
Resource: N/A
Hyperlink: http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
US Government Resource

Change History

0
Information is not available yet

Similar CVEs

79Records found
CVE-2008-1259
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-0.27% / 50.41%
||
7 Day CHG~0.00%
Published-10 Mar, 2008 | 17:00
Updated-07 Aug, 2024 | 08:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Zyxel P-2602HW-D1A router with 3.40(AJZ.1) firmware maintains authentication state by IP address, which allows remote attackers to bypass authentication by establishing a session from a source IP address of a user who previously authenticated within the previous 5 minutes.

Action-Not Available
Vendor-n/aZyxel Networks Corporation
Product-p-2602hw-d1an/a
CWE ID-CWE-287
Improper Authentication
CVE-2012-4614
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-9.3||HIGH
EPSS-0.58% / 67.86%
||
7 Day CHG~0.00%
Published-27 Nov, 2012 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The default configuration of EMC Smarts Network Configuration Manager (NCM) before 9.1 does not require authentication for database access, which allows remote attackers to have an unspecified impact via a network session.

Action-Not Available
Vendor-n/aELAN Microelectronics Corporation
Product-it_operations_intelligencen/a
CWE ID-CWE-287
Improper Authentication
CVE-2017-10784
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-2.06% / 83.17%
||
7 Day CHG-0.56%
Published-19 Sep, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name.

Action-Not Available
Vendor-n/aRuby
Product-rubyn/a
CWE ID-CWE-287
Improper Authentication
CVE-2011-4644
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-6.66% / 90.83%
||
7 Day CHG~0.00%
Published-03 Jan, 2012 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Splunk 4.2.5 and earlier, when a Free license is selected, enables potentially undesirable functionality within an environment that intentionally does not support authentication, which allows remote attackers to (1) read arbitrary files via a management-console session that leverages the ability to create crafted data sources, or (2) execute management commands via an HTTP request.

Action-Not Available
Vendor-n/aSplunk LLC (Cisco Systems, Inc.)
Product-splunkn/a
CWE ID-CWE-287
Improper Authentication
CVE-2011-4508
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-9.3||HIGH
EPSS-0.19% / 41.30%
||
7 Day CHG~0.00%
Published-03 Feb, 2012 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime generates predictable authentication tokens for cookies, which makes it easier for remote attackers to bypass authentication via a crafted cookie.

Action-Not Available
Vendor-n/aSiemens AG
Product-simatic_hmi_panelswincc_flexible_runtimewincc_flexiblewincc_runtime_advancedwinccn/a
CWE ID-CWE-287
Improper Authentication
CVE-2007-4419
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-9.08% / 92.31%
||
7 Day CHG~0.00%
Published-18 Aug, 2007 | 21:00
Updated-07 Aug, 2024 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Admin.php in Olate Download (od) 3.4.1 uses an MD5 hash of the admin username, user id, and group id, to compose the OD3_AutoLogin authentication cookie, which makes it easier for remote attackers to guess the cookie and access the Admin area.

Action-Not Available
Vendor-olaten/a
Product-olatedownloadn/a
CWE ID-CWE-287
Improper Authentication
CVE-2007-4203
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-0.59% / 68.17%
||
7 Day CHG~0.00%
Published-08 Aug, 2007 | 01:11
Updated-07 Aug, 2024 | 14:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Session fixation vulnerability in Mambo 4.6.2 CMS allows remote attackers to hijack web sessions by setting the Cookie parameter.

Action-Not Available
Vendor-n/aMamboServer
Product-mambo_open_sourcen/a
CWE ID-CWE-287
Improper Authentication
CVE-2019-2018
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.08% / 24.27%
||
7 Day CHG~0.00%
Published-19 Jun, 2019 | 20:01
Updated-04 Aug, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In resetPasswordInternal of DevicePolicyManagerService.java, there is a possible bypass of password reset protection due to an unusual root cause. Remote user interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9Android ID: A-110172241

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-287
Improper Authentication
CVE-2021-36308
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-5.9||MEDIUM
EPSS-1.72% / 81.65%
||
7 Day CHG~0.00%
Published-20 Nov, 2021 | 01:40
Updated-16 Sep, 2024 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an authentication bypass vulnerability. A remote unauthenticated attacker could exploit this vulnerability to gain access and perform actions on the affected system.

Action-Not Available
Vendor-Dell Inc.
Product-networking_os10Networking OS
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-287
Improper Authentication
CVE-2021-36306
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-8.1||HIGH
EPSS-1.72% / 81.65%
||
7 Day CHG~0.00%
Published-20 Nov, 2021 | 01:40
Updated-17 Sep, 2024 | 02:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Networking OS10, versions prior to October 2021 with RESTCONF API enabled, contains an authentication bypass vulnerability. A remote unauthenticated attacker could exploit this vulnerability to gain access and perform actions on the affected system.

Action-Not Available
Vendor-Dell Inc.
Product-networking_os10Networking OS
CWE ID-CWE-287
Improper Authentication
CVE-2001-0537
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-93.45% / 99.82%
||
7 Day CHG~0.00%
Published-09 Mar, 2002 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-iosn/a
CWE ID-CWE-287
Improper Authentication
CVE-2014-0760
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.3||HIGH
EPSS-2.01% / 82.96%
||
7 Day CHG~0.00%
Published-25 Apr, 2014 | 01:00
Updated-02 Jul, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Festo CECX-X-(C1/M1) Controller Improper Authentication

The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion provide an undocumented access method involving the FTP protocol, which could allow a remote attacker to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.

Action-Not Available
Vendor-3s-softwaresoftmotion3dfestoFesto
Product-cecx-x-m1_modular_controllercecx-x-c1_modular_master_controllercodesys_runtime_systemsoftmotionCECX-X-M1 Modular Controller with CoDeSys and SoftMotionCECX-X-C1 Modular Master Controller with CoDeSys
CWE ID-CWE-287
Improper Authentication
CVE-2013-6439
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-9.3||HIGH
EPSS-0.41% / 60.41%
||
7 Day CHG~0.00%
Published-23 Dec, 2013 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Candlepin in Red Hat Subscription Asset Manager 1.0 through 1.3 uses a weak authentication scheme when the configuration file does not specify a scheme, which has unspecified impact and attack vectors.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-subscription_asset_managern/a
CWE ID-CWE-287
Improper Authentication
CVE-2013-4731
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-1.17% / 77.80%
||
7 Day CHG~0.00%
Published-29 Jun, 2013 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ajax.cgi in the web interface on the Choice Wireless Green Packet WIXFMR-111 4G WiMax modem allows remote attackers to execute arbitrary commands via shell metacharacters in the pip parameter in an Ajax tag_ipPing request, a different vulnerability than CVE-2013-3581.

Action-Not Available
Vendor-choice-wirelessn/a
Product-wixfmr-111n/a
CWE ID-CWE-287
Improper Authentication
CVE-2003-0216
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-0.43% / 61.80%
||
7 Day CHG~0.00%
Published-26 Apr, 2003 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unknown vulnerability in Cisco Catalyst 7.5(1) allows local users to bypass authentication and gain access to the enable mode without a password.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-catosn/a
CWE ID-CWE-287
Improper Authentication
CVE-2012-5975
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-25.75% / 96.04%
||
7 Day CHG~0.00%
Published-04 Dec, 2012 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6.2.5, and 6.3.0 through 6.3.2 on UNIX and Linux, when old-style password authentication is enabled, allows remote attackers to bypass authentication via a crafted session involving entry of blank passwords, as demonstrated by a root login session from a modified OpenSSH client with an added input_userauth_passwd_changereq call in sshconnect2.c.

Action-Not Available
Vendor-sshn/aLinux Kernel Organization, Inc
Product-tectia_serverlinux_kerneln/a
CWE ID-CWE-287
Improper Authentication
CVE-2016-5686
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-9.8||CRITICAL
EPSS-3.01% / 86.07%
||
7 Day CHG~0.00%
Published-05 Oct, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Johnson & Johnson Animas OneTouch Ping devices mishandle acknowledgements, which makes it easier for remote attackers to bypass authentication via a custom communication protocol.

Action-Not Available
Vendor-animasn/a
Product-onetouch_pingonetouch_ping_firmwaren/a
CWE ID-CWE-287
Improper Authentication
CVE-2016-5086
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-9.8||CRITICAL
EPSS-3.01% / 86.09%
||
7 Day CHG~0.00%
Published-05 Oct, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Johnson & Johnson Animas OneTouch Ping devices allow remote attackers to bypass authentication via replay attacks.

Action-Not Available
Vendor-animasn/a
Product-onetouch_pingonetouch_ping_firmwaren/a
CWE ID-CWE-287
Improper Authentication
CVE-2017-6549
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-24.52% / 95.91%
||
7 Day CHG~0.00%
Published-09 Mar, 2017 | 09:26
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Session hijack vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers with firmware before 3.0.0.4.380.7378; RT-AC68W routers with firmware before 3.0.0.4.380.7266; and RT-N600, RT-N12+ B1, RT-N11P B1, RT-N12VP B1, RT-N12E C1, RT-N300 B1, and RT-N12+ Pro routers with firmware before 3.0.0.4.380.9488; and Asuswrt-Merlin firmware before 380.65_2 allows remote attackers to steal any active admin session by sending cgi_logout and asusrouter-Windows-IFTTT-1.0 in certain HTTP headers.

Action-Not Available
Vendor-n/aASUS (ASUSTeK Computer Inc.)
Product-rt-ac53_firmwarert-ac53n/a
CWE ID-CWE-287
Improper Authentication
CVE-2021-34746
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-2.69% / 85.29%
||
7 Day CHG~0.00%
Published-02 Sep, 2021 | 03:05
Updated-07 Nov, 2024 | 22:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Enterprise NFV Infrastructure Software Authentication Bypass Vulnerability

A vulnerability in the TACACS+ authentication, authorization and accounting (AAA) feature of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to bypass authentication and log in to an affected device as an administrator. This vulnerability is due to incomplete validation of user-supplied input that is passed to an authentication script. An attacker could exploit this vulnerability by injecting parameters into an authentication request. A successful exploit could allow the attacker to bypass authentication and log in as an administrator to the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-enterprise_nfv_infrastructure_softwareCisco Enterprise NFV Infrastructure Software
CWE ID-CWE-289
Authentication Bypass by Alternate Name
CWE ID-CWE-287
Improper Authentication
CVE-2010-2620
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-55.67% / 98.00%
||
7 Day CHG~0.00%
Published-02 Jul, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open&Compact FTP Server (Open-FTPD) 1.2 and earlier allows remote attackers to bypass authentication by sending (1) LIST, (2) RETR, (3) STOR, or other commands without performing the required login steps first.

Action-Not Available
Vendor-open-ftpdn/a
Product-open-ftpdn/a
CWE ID-CWE-287
Improper Authentication
CVE-2015-7914
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.1||HIGH
EPSS-0.78% / 72.69%
||
7 Day CHG~0.00%
Published-06 Feb, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 allows remote attackers to bypass authentication by leveraging knowledge of a password hash without knowledge of the associated password.

Action-Not Available
Vendor-sautern/a
Product-moduweb_visionn/a
CWE ID-CWE-287
Improper Authentication
CVE-2017-5554
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-2.13% / 83.49%
||
7 Day CHG~0.00%
Published-23 Jan, 2017 | 06:49
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in ABOOT in OnePlus 3 and 3T OxygenOS before 4.0.2. The attacker can reboot the device into the fastboot mode, which could be done without any authentication. A physical attacker can press the "Volume Up" button during device boot, where an attacker with ADB access can issue the adb reboot bootloader command. Then, the attacker can put the platform's SELinux in permissive mode, which severely weakens it, by issuing: fastboot oem selinux permissive.

Action-Not Available
Vendor-oneplusn/a
Product-oxygenosoneplus_3oneplus_3tn/a
CWE ID-CWE-287
Improper Authentication
CVE-2009-3232
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-0.54% / 66.60%
||
7 Day CHG~0.00%
Published-17 Sep, 2009 | 10:00
Updated-07 Aug, 2024 | 06:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

pam-auth-update for PAM, as used in Ubuntu 8.10 and 9.4, and Debian GNU/Linux, does not properly handle an "empty selection" for system authentication modules in certain rare configurations, which causes any attempt to be successful and allows remote attackers to bypass authentication.

Action-Not Available
Vendor-n/aCanonical Ltd.
Product-ubuntu_linuxn/a
CWE ID-CWE-287
Improper Authentication
CVE-2015-7361
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-0.74% / 71.90%
||
7 Day CHG~0.00%
Published-15 Oct, 2015 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FortiOS 5.2.3, when configured to use High Availability (HA) and the dedicated management interface is enabled, does not require authentication for access to the ZebOS shell on the HA dedicated management interface, which allows remote attackers to obtain shell access via unspecified vectors.

Action-Not Available
Vendor-n/aFortinet, Inc.
Product-fortiosn/a
CWE ID-CWE-287
Improper Authentication
CVE-2014-9320
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-9.49% / 92.52%
||
7 Day CHG~0.00%
Published-09 Aug, 2021 | 18:03
Updated-06 Aug, 2024 | 13:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and consequently gain SYSTEM privileges via vectors involving CORBA calls, aka SAP Note 2039905.

Action-Not Available
Vendor-n/aSAP SE
Product-businessobjects_edgen/a
CWE ID-CWE-287
Improper Authentication
CVE-2014-9952
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.14%
||
7 Day CHG~0.00%
Published-06 Jun, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the Secure File System in all Android releases from CAF using the Linux kernel, a capture-replay vulnerability could potentially exist.

Action-Not Available
Vendor-Google LLCQualcomm Technologies, Inc.
Product-androidAll Qualcomm products
CWE ID-CWE-287
Improper Authentication
CVE-2014-0769
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.3||HIGH
EPSS-0.33% / 54.83%
||
7 Day CHG~0.00%
Published-25 Apr, 2014 | 01:00
Updated-02 Jul, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Festo CECX-X-(C1/M1) Controller Improper Authentication

The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to (1) modify the configuration via a request to the debug service on port 4000 or (2) delete log entries via a request to the log service on port 4001.

Action-Not Available
Vendor-3s-softwaresoftmotion3dfestoFesto
Product-cecx-x-m1_modular_controllercecx-x-c1_modular_master_controllercodesys_runtime_systemsoftmotionCECX-X-M1 Modular Controller with CoDeSys and SoftMotionCECX-X-C1 Modular Master Controller with CoDeSys
CWE ID-CWE-287
Improper Authentication
CVE-2012-6066
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-73.27% / 98.74%
||
7 Day CHG-4.77%
Published-04 Dec, 2012 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

freeSSHd.exe in freeSSHd through 1.2.6 allows remote attackers to bypass authentication via a crafted session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c.

Action-Not Available
Vendor-freesshdn/a
Product-freesshdn/a
CWE ID-CWE-287
Improper Authentication
  • Previous
  • 1
  • 2
  • Next
Details not found