Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-22809

Summary
Assigner-schneider
Assigner Org ID-076d1eb6-cfab-4401-b34d-6dfc2a413bdb
Published At-09 Feb, 2022 | 00:00
Updated At-03 Aug, 2024 | 03:21
Rejected At-
Credits

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow modifications of the touch configurations in an unauthorized manner when an attacker attempts to modify the touch configurations. Affected Product: spaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), fellerLYnk (V2.6.2 and prior)

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:schneider
Assigner Org ID:076d1eb6-cfab-4401-b34d-6dfc2a413bdb
Published At:09 Feb, 2022 | 00:00
Updated At:03 Aug, 2024 | 03:21
Rejected At:
▼CVE Numbering Authority (CNA)

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow modifications of the touch configurations in an unauthorized manner when an attacker attempts to modify the touch configurations. Affected Product: spaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), fellerLYnk (V2.6.2 and prior)

Affected Products
Vendor
n/a
Product
spaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), fellerLYnk (V2.6.2 and prior)
Versions
Affected
  • spaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), fellerLYnk (V2.6.2 and prior)
Problem Types
TypeCWE IDDescription
CWECWE-306CWE-306: Missing Authentication for Critical Function
Type: CWE
CWE ID: CWE-306
Description: CWE-306: Missing Authentication for Critical Function
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-04
N/A
Hyperlink: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-04
Resource: N/A
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-04
x_transferred
Hyperlink: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-04
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cybersecurity@se.com
Published At:09 Feb, 2022 | 23:15
Updated At:22 Feb, 2023 | 17:54

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow modifications of the touch configurations in an unauthorized manner when an attacker attempts to modify the touch configurations. Affected Product: spaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), fellerLYnk (V2.6.2 and prior)

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
Type: Primary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N
CPE Matches
Schneider Electric SE
schneider-electric
>>spacelynk_firmware>>Versions up to 2.6.2(inclusive)
cpe:2.3:o:schneider-electric:spacelynk_firmware:*:*:*:*:*:*:*:*
Schneider Electric SE
schneider-electric
>>spacelynk>>-
cpe:2.3:h:schneider-electric:spacelynk:-:*:*:*:*:*:*:*
Schneider Electric SE
schneider-electric
>>wiser_for_knx_firmware>>Versions up to 2.6.2(inclusive)
cpe:2.3:o:schneider-electric:wiser_for_knx_firmware:*:*:*:*:*:*:*:*
Schneider Electric SE
schneider-electric
>>wiser_for_knx>>-
cpe:2.3:h:schneider-electric:wiser_for_knx:-:*:*:*:*:*:*:*
Schneider Electric SE
schneider-electric
>>fellerlynk_firmware>>Versions up to 2.6.2(inclusive)
cpe:2.3:o:schneider-electric:fellerlynk_firmware:*:*:*:*:*:*:*:*
Schneider Electric SE
schneider-electric
>>fellerlynk>>-
cpe:2.3:h:schneider-electric:fellerlynk:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-306Primarycybersecurity@se.com
CWE-306Secondarynvd@nist.gov
CWE ID: CWE-306
Type: Primary
Source: cybersecurity@se.com
CWE ID: CWE-306
Type: Secondary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-04cybersecurity@se.com
Patch
Vendor Advisory
Hyperlink: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-04
Source: cybersecurity@se.com
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

115Records found
CVE-2023-21743
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.3||MEDIUM
EPSS-2.23% / 83.84%
||
7 Day CHG-0.40%
Published-10 Jan, 2023 | 00:00
Updated-28 Feb, 2025 | 21:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Security Feature Bypass Vulnerability

Microsoft SharePoint Server Security Feature Bypass Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serverMicrosoft SharePoint Server 2019Microsoft SharePoint Enterprise Server 2016Microsoft SharePoint Server Subscription Edition
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-0188
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-5.3||MEDIUM
EPSS-0.26% / 49.43%
||
7 Day CHG~0.00%
Published-14 Feb, 2022 | 09:20
Updated-02 Aug, 2024 | 23:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Coming Soon & Maintenance Plugin by NiteoThemes < 4.0.19 - Unauthenticated Arbitrary CSS Update

The CMP WordPress plugin before 4.0.19 allows any user, even not logged in, to arbitrarily change the coming soon page layout.

Action-Not Available
Vendor-niteothemesUnknown
Product-cmpCMP
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-8320
Matching Score-4
Assigner-Ivanti
ShareView Details
Matching Score-4
Assigner-Ivanti
CVSS Score-5.3||MEDIUM
EPSS-0.85% / 73.91%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 20:52
Updated-12 Sep, 2024 | 21:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to spoof Network Isolation status of managed devices.

Action-Not Available
Vendor-Ivanti Software
Product-endpoint_managerEndpoint Managerautomation
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2019-7390
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.6||HIGH
EPSS-1.02% / 76.34%
||
7 Day CHG~0.00%
Published-05 Feb, 2019 | 00:00
Updated-04 Aug, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to hijack the DNS service configuration of all clients in the WLAN, without authentication, via the SetWanSettings HNAP API.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-823gdir-823g_firmwaren/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2019-6451
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.31% / 53.37%
||
7 Day CHG~0.00%
Published-06 Jun, 2019 | 18:08
Updated-04 Aug, 2024 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On SOYAL AR-727H and AR-829Ev5 devices, all CGI programs allow unauthenticated POST access.

Action-Not Available
Vendor-soyaln/a
Product-ar-727har-829ev5ar-829ev5_firmwarear-727h_firmwaren/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2017-16241
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.27% / 50.38%
||
7 Day CHG~0.00%
Published-10 Dec, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect access control in AMAG Symmetry Door Edge Network Controllers (EN-1DBC Boot App 23611 03.60 and STD App 23603 03.60; EN-2DBC Boot App 24451 01.00 and STD App 2461 01.00) enables remote attackers to execute door controller commands (e.g., lock, unlock, add ID card value) by sending unauthenticated requests to the affected devices via Serial over TCP/IP, as demonstrated by a Ud command.

Action-Not Available
Vendor-amagn/a
Product-en-1dbcstd_firmwareen-2dbc_firmwareen-2dbcstden-1dbc_firmwaren/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2023-36846
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-5.3||MEDIUM
EPSS-94.28% / 99.93%
||
7 Day CHG~0.00%
Published-17 Aug, 2023 | 19:18
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-11-17||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Junos OS: SRX Series: A vulnerability in J-Web allows an unauthenticated attacker to upload arbitrary files

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to user.php that doesn't require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrity for a certain  part of the file system, which may allow chaining to other vulnerabilities. This issue affects Juniper Networks Junos OS on SRX Series: * All versions prior to 20.4R3-S8; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3; * 22.4 versions prior to 22.4R2-S1, 22.4R3.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-srx345srx110srx300srx100srx550_hmsrx3600srx240h2srx550msrx240srx1400srx4200srx5800srx380srx5400srx210srx340srx5000srx240msrx5600srx220srx3400junossrx4000srx4100srx320srx650srx4600srx1500srx550Junos OSJunos OS
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2023-36847
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-5.3||MEDIUM
EPSS-94.28% / 99.93%
||
7 Day CHG~0.00%
Published-17 Aug, 2023 | 19:16
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-11-17||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Junos OS: EX Series: A vulnerability in J-Web allows an unauthenticated attacker to upload arbitrary files

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to installAppPackage.php that doesn't require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrity for a certain part of the file system, which may allow chaining to other vulnerabilities. This issue affects Juniper Networks Junos OS on EX Series: * All versions prior to 20.4R3-S8; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S1; * 22.3 versions prior to 22.3R2-S2, 22.3R3; * 22.4 versions prior to 22.4R2-S1, 22.4R3.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-ex4300-48p-sex4400ex4300mex4200ex3400ex8200-vcex4650ex4300-32f-sex4550ex2200-vcex2300-24mpex9253ex4300-48tdc-afiex2300-24tex3200ex9214ex4300-48t-dc-afiex4300-48tex4300ex4300-48mpex2200-cex2200ex4300-48tafiex4300-24pex4300-48t-sjunosex4300-32f-dcex6200ex2300-48pex2300-cex9200ex9208ex2300ex4550\/vcex4600ex8208ex4300-48tdcex3300ex4200-vcex4500-vcex4300-24tex2300mex9204ex6210ex2300-48tex8216ex4300-48t-afiex4300-48pex4300-48t-dcex2300-48mpex4300-32fex3300-vcex4550-vcex4300-mpex9250ex4600-vcex4300-24t-sex9251ex2300-24pex8200ex4300-24p-sex4300-vcex4500ex4300-48mp-sJunos OSJunos OS
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2021-43974
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.26% / 49.21%
||
7 Day CHG~0.00%
Published-11 Jan, 2022 | 19:21
Updated-04 Aug, 2024 | 04:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in SysAid ITIL 20.4.74 b10. The /enduserreg endpoint is used to register end users anonymously, but does not respect the server-side setting that determines if anonymous users are allowed to register new accounts. Configuring the server-side setting to disable anonymous user registration only hides the client-side registration form. An attacker can still post registration data to create new accounts without prior authentication.

Action-Not Available
Vendor-n/aSysAid Technologies Ltd.
Product-itiln/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-47865
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-5.3||MEDIUM
EPSS-0.16% / 37.27%
||
7 Day CHG~0.00%
Published-20 Nov, 2024 | 07:30
Updated-20 Nov, 2024 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Missing authentication for critical function vulnerability exists in Rakuten Turbo 5G firmware version V1.3.18 and earlier. If this vulnerability is exploited, a remote unauthenticated attacker may update or downgrade the firmware on the device.

Action-Not Available
Vendor-Rakuten Mobile, Inc.rakuten
Product-Rakuten Turbo 5Gturbo_5g_firmware
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-23194
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-5.3||MEDIUM
EPSS-0.09% / 25.80%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 00:32
Updated-11 Mar, 2025 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Authentication check in SAP NetWeaver Enterprise Portal (OBN component)

SAP NetWeaver Enterprise Portal OBN does not perform proper authentication check for a particular configuration setting. As result, a non-authenticated user can set it to an undesired value causing low impact on integrity. There is no impact on confidentiality or availability of the application.

Action-Not Available
Vendor-SAP SE
Product-SAP NetWeaver Enterprise Portal (OBN component)
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2021-27569
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 20.18%
||
7 Day CHG~0.00%
Published-07 May, 2021 | 16:31
Updated-03 Aug, 2024 | 21:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Emote Remote Mouse through 4.0.0.0. Attackers can maximize or minimize the window of a running process by sending the process name in a crafted packet. This information is sent in cleartext and is not protected by any authentication logic.

Action-Not Available
Vendor-remotemousen/a
Product-emote_remote_mousen/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2021-22995
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.24% / 46.93%
||
7 Day CHG~0.00%
Published-31 Mar, 2021 | 16:45
Updated-03 Aug, 2024 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On all 7.x and 6.x versions (fixed in 8.0.0), BIG-IQ high availability (HA) when using a Quorum device for automatic failover does not implement any form of authentication with the Corosync daemon. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

Action-Not Available
Vendor-n/aF5, Inc.
Product-big-iq_centralized_managementBIG-IQ
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2021-20474
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 12.62%
||
7 Day CHG~0.00%
Published-07 Jul, 2021 | 16:30
Updated-17 Sep, 2024 | 02:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

Action-Not Available
Vendor-IBM Corporation
Product-guardium_data_encryptionGuardium Data Encryption
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-5780
Matching Score-4
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-4
Assigner-Tenable Network Security, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.32% / 54.16%
||
7 Day CHG~0.00%
Published-10 Sep, 2020 | 14:10
Updated-04 Aug, 2024 | 08:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Missing Authentication for Critical Function in Icegram Email Subscribers & Newsletters Plugin for WordPress prior to version 4.5.6 allows a remote, unauthenticated attacker to conduct unauthenticated email forgery/spoofing.

Action-Not Available
Vendor-icegramn/a
Product-email_subscribers_\&_newslettersIcegram Email Subscribers & Newsletters Plugin for WordPress
CWE ID-CWE-306
Missing Authentication for Critical Function
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found