A CWE-306: Missing Authentication for Critical Function vulnerability exists which could cause a modification of device IP configuration (IP address, network mask and gateway IP address) when a specific Ethernet frame is received in all versions of: Modicon M100, Modicon M200, Modicon M221, ATV IMC drive controller, Modicon M241, Modicon M251, Modicon M258, Modicon LMC058, Modicon LMC078, PacDrive Eco ,PacDrive Pro, PacDrive Pro2

Advantech WebAccess 8.3.4 allows unauthenticated, remote attackers to delete arbitrary files via IOCTL 10005 RPC.

An exploitable denial-of-service vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A single packet can cause a denial of service and weaken credentials resulting in the default documented credentials being applied to the device. An attacker can send an unauthenticated packet to trigger this vulnerability.

includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows unauthenticated arbitrary file deletion.

Power Line Communications PLC4TRUCKS J2497 trailer brake controllers implement diagnostic functions which can be invoked by replaying J2497 messages. There is no authentication or authorization for these functions.

An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. The device can be reset to its default configuration by accessing an unauthenticated URL.

An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It allows users to delete arbitrary files such as wp-config.php file, which could effectively take a site offline and allow an attacker to reinstall with a WordPress instance under their control. This occurred via qsm_remove_file_fd_question, which allowed unauthenticated deletions (even though it was only intended for a person to delete their own quiz-answer files).