Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-54848

Summary
Assigner-talos
Assigner Org ID-b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b
Published At-01 Dec, 2025 | 15:25
Updated At-01 Dec, 2025 | 20:15
Rejected At-
Credits

A denial of service vulnerability exists in the Modbus TCP and Modbus RTU over TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted series of network requests can lead to a denial of service. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.An attacker can trigger this denial-of-service condition by sending a sequence of Modbus TCP messages to port 502 using the Write Single Register function code (6). The attack sequence begins with a message to register 58112 with a value of 1000, indicating that a configuration change will follow. Next, a message is sent to register 29440 with a value corresponding to the new Modbus address to be configured. Finally, a message to register 57856 with a value of 161 commits the configuration change. After this configuration change, the device will be in a denial-of-service state.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:talos
Assigner Org ID:b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b
Published At:01 Dec, 2025 | 15:25
Updated At:01 Dec, 2025 | 20:15
Rejected At:
â–¼CVE Numbering Authority (CNA)

A denial of service vulnerability exists in the Modbus TCP and Modbus RTU over TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted series of network requests can lead to a denial of service. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.An attacker can trigger this denial-of-service condition by sending a sequence of Modbus TCP messages to port 502 using the Write Single Register function code (6). The attack sequence begins with a message to register 58112 with a value of 1000, indicating that a configuration change will follow. Next, a message is sent to register 29440 with a value corresponding to the new Modbus address to be configured. Finally, a message to register 57856 with a value of 161 commits the configuration change. After this configuration change, the device will be in a denial-of-service state.

Affected Products
Vendor
Socomec
Product
DIRIS Digiware M-70
Versions
Affected
  • 1.6.9
Problem Types
TypeCWE IDDescription
CWECWE-306CWE-306: Missing Authentication for Critical Function
Type: CWE
CWE ID: CWE-306
Description: CWE-306: Missing Authentication for Critical Function
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Discovered by Kelly Patterson of Cisco Talos.
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://talosintelligence.com/vulnerability_reports/TALOS-2025-2248
N/A
Hyperlink: https://talosintelligence.com/vulnerability_reports/TALOS-2025-2248
Resource: N/A
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:talos-cna@cisco.com
Published At:01 Dec, 2025 | 16:15
Updated At:08 Dec, 2025 | 19:29

A denial of service vulnerability exists in the Modbus TCP and Modbus RTU over TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted series of network requests can lead to a denial of service. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.An attacker can trigger this denial-of-service condition by sending a sequence of Modbus TCP messages to port 502 using the Write Single Register function code (6). The attack sequence begins with a message to register 58112 with a value of 1000, indicating that a configuration change will follow. Next, a message is sent to register 29440 with a value corresponding to the new Modbus address to be configured. Finally, a message to register 57856 with a value of 161 commits the configuration change. After this configuration change, the device will be in a denial-of-service state.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches

socomec
socomec
>>diris_digiware_m-70_firmware>>1.6.9
cpe:2.3:o:socomec:diris_digiware_m-70_firmware:1.6.9:*:*:*:*:*:*:*
socomec
socomec
>>diris_digiware_m-70>>-
cpe:2.3:h:socomec:diris_digiware_m-70:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-306Primarytalos-cna@cisco.com
CWE ID: CWE-306
Type: Primary
Source: talos-cna@cisco.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://talosintelligence.com/vulnerability_reports/TALOS-2025-2248talos-cna@cisco.com
Vendor Advisory
Hyperlink: https://talosintelligence.com/vulnerability_reports/TALOS-2025-2248
Source: talos-cna@cisco.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

79Records found

CVE-2025-54849
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-7.5||HIGH
EPSS-0.28% / 19.86%
||
7 Day CHG~0.00%
Published-01 Dec, 2025 | 15:25
Updated-08 Dec, 2025 | 19:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the Modbus TCP and Modbus RTU over TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted series of network requests can lead to a denial of service. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.An attacker can trigger this denial-of-service condition by sending a single Modbus TCP message to port 502 using the Write Single Register function code (6) to write the value 1 to register 4352. This action changes the Modbus address to 15. After this message is sent, the device will be in a denial-of-service state.

Action-Not Available
Vendor-socomecSocomec
Product-diris_digiware_m-70diris_digiware_m-70_firmwareDIRIS Digiware M-70
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-55221
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.36% / 28.61%
||
7 Day CHG~0.00%
Published-01 Dec, 2025 | 15:25
Updated-05 Dec, 2025 | 20:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the Modbus TCP and Modbus RTU over TCP USB Function functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted network packet can lead to a denial of service. An attacker can send an unauthenticated packet to trigger this vulnerability.This vulnerability is specific to the malicious message sent via Modbus TCP over port 502.

Action-Not Available
Vendor-socomecSocomec
Product-diris_m-70diris_m-70_firmwareDIRIS Digiware M-70
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-54850
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-7.5||HIGH
EPSS-0.28% / 19.86%
||
7 Day CHG~0.00%
Published-01 Dec, 2025 | 15:25
Updated-05 Dec, 2025 | 20:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the Modbus TCP and Modbus RTU over TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted series of network requests can lead to a denial of service. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.An attacker can trigger this denial-of-service condition by sending a sequence of Modbus RTU over TCP messages to port 503 using the Write Single Register function code (6). The attack sequence begins with a message to register 58112 with a value of 1000, indicating that a configuration change will follow. Next, a message is sent to register 29440 with a value corresponding to the new Modbus address to be configured. Finally, a message to register 57856 with a value of 161 commits the configuration change. After this configuration change, the device will be in a denial-of-service state.

Action-Not Available
Vendor-socomecSocomec
Product-diris_m-70diris_m-70_firmwareDIRIS Digiware M-70
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-23417
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.38% / 29.75%
||
7 Day CHG~0.00%
Published-01 Dec, 2025 | 15:25
Updated-05 Dec, 2025 | 20:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the Modbus RTU over TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted network packet can lead to denial of service. An attacker can send an unauthenticated packet to trigger this vulnerability.

Action-Not Available
Vendor-socomecSocomec
Product-diris_m-70diris_m-70_firmwareDIRIS Digiware M-70
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-48882
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.38% / 29.75%
||
7 Day CHG~0.00%
Published-01 Dec, 2025 | 15:25
Updated-05 Dec, 2025 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the Modbus TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted network packet can lead to denial of service. An attacker can send an unauthenticated packet to trigger this vulnerability.

Action-Not Available
Vendor-socomecSocomec
Product-diris_m-70diris_m-70_firmwareDIRIS Digiware M-70
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-54851
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-7.5||HIGH
EPSS-0.37% / 29.30%
||
7 Day CHG~0.00%
Published-01 Dec, 2025 | 15:25
Updated-05 Dec, 2025 | 20:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the Modbus TCP and Modbus RTU over TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted series of network requests can lead to a denial of service. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.An attacker can trigger this denial-of-service condition by sending a single Modbus TCP message to port 503 using the Write Single Register function code (6) to write the value 1 to register 4352. This action changes the Modbus address to 15. After this message is sent, the device will be in a denial-of-service state.

Action-Not Available
Vendor-socomecSocomec
Product-diris_m-70diris_m-70_firmwareDIRIS Digiware M-70
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-55222
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.36% / 28.61%
||
7 Day CHG~0.00%
Published-01 Dec, 2025 | 15:25
Updated-05 Dec, 2025 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the Modbus TCP and Modbus RTU over TCP USB Function functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted network packet can lead to a denial of service. An attacker can send an unauthenticated packet to trigger this vulnerability.This vulnerability is specific to the malicious message sent via Modbus RTU over TCP on port 503.

Action-Not Available
Vendor-socomecSocomec
Product-diris_m-70diris_m-70_firmwareDIRIS Digiware M-70
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-26858
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-8.6||HIGH
EPSS-0.45% / 36.19%
||
7 Day CHG~0.00%
Published-01 Dec, 2025 | 15:25
Updated-05 Dec, 2025 | 20:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability exists in the Modbus TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted set of network packets can lead to denial of service. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.

Action-Not Available
Vendor-socomecSocomec
Product-diris_m-70diris_m-70_firmwareDIRIS Digiware M-70
CWE ID-CWE-20
Improper Input Validation
CVE-2025-20085
Matching Score-6
Assigner-Talos
ShareView Details
Matching Score-6
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.24% / 14.78%
||
7 Day CHG~0.00%
Published-01 Dec, 2025 | 15:25
Updated-05 Dec, 2025 | 20:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the Modbus RTU over TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted network packet can lead to denial of service and weaken credentials resulting in default documented credentials being applied to the device. An attacker can send an unauthenticated packet to trigger this vulnerability.

Action-Not Available
Vendor-socomecSocomec
Product-diris_m-70diris_m-70_firmwareDIRIS Digiware M-70
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-49572
Matching Score-6
Assigner-Talos
ShareView Details
Matching Score-6
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.24% / 14.78%
||
7 Day CHG~0.00%
Published-01 Dec, 2025 | 15:25
Updated-05 Dec, 2025 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the Modbus TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted network packet can lead to denial of service and weaken credentials resulting in default documented credentials being applied to the device. An attacker can send an unauthenticated packet to trigger this vulnerability.

Action-Not Available
Vendor-socomecSocomec
Product-diris_m-70diris_m-70_firmwareDIRIS Digiware M-70
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-2491
Matching Score-6
Assigner-Zero Day Initiative
ShareView Details
Matching Score-6
Assigner-Zero Day Initiative
CVSS Score-6.3||MEDIUM
EPSS-0.39% / 31.11%
||
7 Day CHG~0.00%
Published-13 Mar, 2026 | 20:43
Updated-16 Mar, 2026 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Socomec DIRIS A-40 HTTP API Authentication Bypass Vulnerability

Socomec DIRIS A-40 HTTP API Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Socomec DIRIS A-40 power monitoring devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web API implementation, which listens on TCP port 80 by default. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-23993.

Action-Not Available
Vendor-Socomec
Product-DIRIS A-40
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-56562
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.31% / 22.59%
||
7 Day CHG~0.00%
Published-16 Sep, 2025 | 00:00
Updated-05 Jul, 2026 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An incorrect API discovered in Signify Wiz Connected 1.9.1 allows attackers to remotely launch a DoS on Wiz devices only requiring the MAC address.

Action-Not Available
Vendor-signifyn/a
Product-wiz_connectedn/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-15127
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-1.38% / 68.95%
||
7 Day CHG~0.00%
Published-05 Aug, 2020 | 20:15
Updated-04 Aug, 2024 | 13:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of service in Contour

In Contour ( Ingress controller for Kubernetes) before version 1.7.0, a bad actor can shut down all instances of Envoy, essentially killing the entire ingress data plane. GET requests to /shutdown on port 8090 of the Envoy pod initiate Envoy's shutdown procedure. The shutdown procedure includes flipping the readiness endpoint to false, which removes Envoy from the routing pool. When running Envoy (For example on the host network, pod spec hostNetwork=true), the shutdown manager's endpoint is accessible to anyone on the network that can reach the Kubernetes node that's running Envoy. There is no authentication in place that prevents a rogue actor on the network from shutting down Envoy via the shutdown manager endpoint. Successful exploitation of this issue will lead to bad actors shutting down all instances of Envoy, essentially killing the entire ingress data plane. This is fixed in version 1.7.0.

Action-Not Available
Vendor-projectcontourprojectcontour
Product-contourcontour
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-2138
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.2||HIGH
EPSS-10.92% / 95.38%
||
7 Day CHG~0.00%
Published-22 Jul, 2022 | 14:58
Updated-16 Apr, 2025 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Advantech iView

The affected product is vulnerable due to missing authentication, which may allow an attacker to read or modify sensitive data and execute arbitrary code, resulting in a denial-of-service condition.

Action-Not Available
Vendor-Advantech (Advantech Co., Ltd.)
Product-iviewiView
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-10641
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-1.28% / 66.75%
||
7 Day CHG~0.00%
Published-28 Apr, 2020 | 18:22
Updated-04 Aug, 2024 | 11:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An unprotected logging route may allow an attacker to write endless log statements into the database without space limits or authentication. This results in consuming the entire available hard-disk space on the Ignition 8 Gateway (versions prior to 8.0.10), causing a denial-of-service condition.

Action-Not Available
Vendor-inductiveautomationn/a
Product-ignition_gatewayIgnition 8 Gateway
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2019-6542
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-1.52% / 71.69%
||
7 Day CHG~0.00%
Published-28 Mar, 2019 | 13:50
Updated-04 Aug, 2024 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ENTTEC Datagate MK2, Storm 24, Pixelator all firmware versions prior to (70044,70050,70060)_update_05032019-482 allows an unauthenticated user to initiate a remote reboot, which may be used to cause a denial of service condition.

Action-Not Available
Vendor-enttecENTTEC
Product-storm_24datagate_mk2_firmwaredatagate_mk2storm_24_firmwarepixelator_firmwarepixelatorPixelatorDatagate MK2Storm 24
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2019-5163
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-5.9||MEDIUM
EPSS-2.29% / 81.28%
||
7 Day CHG~0.00%
Published-03 Dec, 2019 | 21:55
Updated-04 Aug, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a local_address, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this vulnerability.

Action-Not Available
Vendor-shadowsocksn/aopenSUSE
Product-shadowsocks-libevbackportsleapShadowsocks
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2023-29413
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.71% / 49.48%
||
7 Day CHG~0.00%
Published-18 Apr, 2023 | 20:50
Updated-05 Feb, 2025 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause Denial-of-Service when accessed by an unauthenticated user on the Schneider UPS Monitor service.

Action-Not Available
Vendor-Microsoft CorporationSchneider Electric SE
Product-windows_server_2016apc_easy_ups_online_monitoring_softwareeasy_ups_online_monitoring_softwarewindows_11windows_10windows_server_2022windows_server_2019Schneider Electric Easy UPS Online Monitoring Software (Windows 10, 11 Windows Server 2016, 2019, 2022)APC Easy UPS Online Monitoring Software (Windows 10, 11 Windows Server 2016, 2019, 2022)
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2019-25686
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.47% / 37.44%
||
7 Day CHG~0.00%
Published-05 Apr, 2026 | 20:45
Updated-09 Apr, 2026 | 19:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Core FTP 2.0 build 653 PBSZ Unauthenticated Denial of Service

Core FTP 2.0 build 653 contains a denial of service vulnerability in the PBSZ command that allows unauthenticated attackers to crash the service by sending a malformed command with an oversized buffer. Attackers can send a PBSZ command with a payload exceeding 211 bytes to trigger an access violation and crash the FTP server process.

Action-Not Available
Vendor-coreftpCoreftp
Product-core_ftpCore FTP
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2021-41975
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-7.5||HIGH
EPSS-1.30% / 67.19%
||
7 Day CHG~0.00%
Published-08 Oct, 2021 | 15:15
Updated-16 Sep, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tad TadTools - Improper Authorization

TadTools special page is vulnerable to authorization bypass, thus remote attackers can use the specific parameter to delete arbitrary files in the system without logging in.

Action-Not Available
Vendor-tadtools_projectTad
Product-tadtoolsTadTools
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2023-23906
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.5||HIGH
EPSS-1.30% / 67.27%
||
7 Day CHG~0.00%
Published-10 May, 2023 | 00:00
Updated-28 Jan, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Missing authentication for critical function exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier, which may allow a remote unauthenticated attacker to execute some critical functions without authentication, e.g., rebooting the product.

Action-Not Available
Vendor-seiko-solSeiko Solutions Inc.
Product-skybridge_mb-a110skybridge_mb-a100skybridge_mb-a110_firmwareskybridge_mb-a100_firmwareSkyBridge MB-A100/110
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2023-22803
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.59% / 44.34%
||
7 Day CHG~0.00%
Published-15 Feb, 2023 | 17:23
Updated-16 Jan, 2025 | 21:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE-2023-22803

LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication to perform critical functions to the PLC. This could allow an attacker to change the PLC's mode arbitrarily.

Action-Not Available
Vendor-LS ELECTRIC Co. Ltd.
Product-xbc-dn32uxbc-dn32u_firmwareXBC-DN32U
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2019-18311
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-1.50% / 71.41%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 7061/tcp. This vulnerability is independent from CVE-2019-18310. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_ms3000_migration_serverSPPA-T3000 MS3000 Migration Server
CWE ID-CWE-952
Not Available
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-50977
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-0.44% / 35.76%
||
7 Day CHG~0.00%
Published-02 Feb, 2026 | 14:08
Updated-03 Feb, 2026 | 16:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Innomic VibroLine VLX and avibia AVLX allow unauthenticated configuration preset change via HTTP

An unauthenticated remote attacker could potentially disrupt operations by switching between multiple configuration presets via HTTP.

Action-Not Available
Vendor-Innomicavibia
Product-VibroLine VLE4 HD 5.0VibroLine VLX6 HD 5.0AvibiaLine AVLE1 HD 5.0VibroLine VLX2 HD 4.0VibroLine VLE6 HD 4.0AvibiaLine AVLX8 HD 5.0VibroLine VLX6 HD 4.0VibroLine VLX1 HD 4.0VibroLine VLX4 HD 5.0VibroLine VLE6 HD 5.0AvibiaLine AVLE6 HD 5.0AvibiaLine AVLE4 HD 5.0VibroLine VLE2 HD 5.0AvibiaLine AVLE2 HD 5.0AvibiaLine AVLX4 HD 5.0AvibiaLine AVLX1 HD 5.0AvibiaLine AVLE8 HD 5.0VibroLine VLX2 HD 5.0AvibiaLine AVLX2 HD 5.0VibroLine VLE1 HD 4.0VibroLine VLX8 HD 4.0VibroLine VLE8 HD 4.0VibroLine VLE8 HD 5.0VibroLine VLE4 HD 4.0VibroLine VLE1 HD 5.0VibroLine VLX8 HD 5.0AvibiaLine AVLX6 HD 5.0VibroLine VLX1 HD 5.0VibroLine VLE2 HD 4.0VibroLine VLX4 HD 4.0
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-32978
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.91% / 55.85%
||
7 Day CHG~0.00%
Published-24 Jun, 2025 | 00:00
Updated-03 Nov, 2025 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) allows unauthenticated users to replace system licenses through a web interface intended for license renewal. Attackers can exploit this to replace valid licenses with expired or trial licenses, causing denial of service.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2019-12634
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-2.05% / 79.05%
||
7 Day CHG~0.00%
Published-21 Aug, 2019 | 18:05
Updated-19 Nov, 2024 | 19:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Integrated Management Controller Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Denial of Service Vulnerability

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a missing authentication check in an API call. An attacker who can send a request to an affected system could cause all currently authenticated users to be logged off. Repeated exploitation could cause the inability to maintain a session in the web-based management portal.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-integrated_management_controller_supervisorucs_directorucs_director_express_for_big_dataCisco Unified Computing System Director
CWE ID-CWE-264
Not Available
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-45498
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.83% / 53.57%
||
7 Day CHG~0.00%
Published-08 Dec, 2022 | 00:00
Updated-23 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in the component tpi_systool_handle(0) (/goform/SysToolReboot) of Tenda W6-S v1.0.0.4(510) allows unauthenticated attackers to arbitrarily reboot the device.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-w6-sw6-s_firmwaren/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-26468
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.7||HIGH
EPSS-0.34% / 26.46%
||
7 Day CHG~0.00%
Published-09 Jun, 2025 | 22:07
Updated-20 Jun, 2025 | 13:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CyberData 011209 SIP Emergency Intercom Missing Authentication for Critical Function

CyberData  011209 Intercom exposes features that could allow an unauthenticated to gain access and cause a denial-of-service condition or system disruption.

Action-Not Available
Vendor-cyberdataCyberData
Product-011209_sip_emergency_intercom011209 SIP Emergency Intercom
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-42982
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.66% / 47.53%
||
7 Day CHG~0.00%
Published-17 Nov, 2022 | 00:00
Updated-30 Apr, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

BKG Professional NtripCaster 2.0.39 allows querying information over the UDP protocol without authentication. The NTRIP sourcetable is typically quite long (tens of kBs) and can be requested with a packet of only 30 bytes. This presents a vector that can be used for UDP amplification attacks. Normally, only authenticated streaming data will be provided over UDP and not the sourcetable.

Action-Not Available
Vendor-bundn/a
Product-bkg_professional_ntripcastern/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-53869
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.60% / 44.76%
||
7 Day CHG~0.00%
Published-17 Jun, 2026 | 17:57
Updated-18 Jun, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Hermes Agent < 0.16.0 - DNS Rebinding Bypass via WebSocket Endpoints

Hermes Agent before 0.16.0 contains a DNS rebinding vulnerability in WebSocket endpoints that allows remote attackers to bypass Host and Origin validation. FastAPI HTTP middleware does not execute for WebSocket upgrade requests on /api/pty, /api/ws, /api/pub, and /api/events endpoints, enabling attackers to exploit DNS rebinding and inject malicious commands or read terminal output.

Action-Not Available
Vendor-NousResearch
Product-hermes-agent
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-53868
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.26% / 17.23%
||
7 Day CHG~0.00%
Published-12 Jun, 2026 | 21:57
Updated-14 Jul, 2026 | 22:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Capgo < 12.128.2 - Denial of Service via Unverified Email Account Registration and Deletion

Capgo before 12.128.2 contains a denial of service vulnerability allowing attackers to register accounts using arbitrary email addresses without verification, then initiate deletion to lock emails in pending deletion state. Attackers can permanently lock legitimate users out of the platform for 30 days by exploiting unverified email ownership in account lifecycle operations.

Action-Not Available
Vendor-Capgo
Product-Capgo
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2018-25246
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.36% / 28.01%
||
7 Day CHG~0.00%
Published-04 Apr, 2026 | 19:59
Updated-16 Apr, 2026 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Wikipedia 12.0 Denial of Service via Search

Wikipedia 12.0 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting oversized input through the search functionality. Attackers can paste a large buffer of repeated characters into the search bar to trigger an application crash.

Action-Not Available
Vendor-Wikipedia
Product-Wikipedia
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2018-25241
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.36% / 28.20%
||
7 Day CHG~0.00%
Published-04 Apr, 2026 | 13:51
Updated-16 Apr, 2026 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
VPN Browser+ 1.1.0.0 Denial of Service

VPN Browser+ 1.1.0.0 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting oversized input through the search functionality. Attackers can paste a large buffer of characters into the search bar to trigger an unhandled exception that terminates the application.

Action-Not Available
Vendor-VPNBrowser
Product-VPN Browser+
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-44321
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.36% / 28.71%
||
7 Day CHG~0.00%
Published-27 May, 2026 | 15:47
Updated-28 May, 2026 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
free5GC: SMF UPI POST /upi/v1/upNodesLinks exits the SMF process on overlapping UE pools (unauthenticated, reachable Fatalf)

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without inbound OAuth2 middleware. The POST /upi/v1/upNodesLinks create-or-update handler accepts attacker-controlled JSON and passes it directly into UpNodesFromConfiguration(), which calls logger.InitLog.Fatalf(...) on several validation failures. One confirmed path is the UE-IP-pool overlap check: a single unauthenticated POST that adds a new UPF whose pool overlaps an existing UPF terminates the entire SMF process (docker ps shows Exited (1)), not just the goroutine. This vulnerability is fixed in 4.2.2.

Action-Not Available
Vendor-free5gcfree5gc
Product-free5gcfree5gc
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-617
Reachable Assertion
CWE ID-CWE-862
Missing Authorization
CVE-2025-21623
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-1.11% / 62.28%
||
7 Day CHG~0.00%
Published-07 Jan, 2025 | 15:43
Updated-05 Sep, 2025 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ClipBucket V5 Unauthenticated Template Directory Update to Denial-of-Service

ClipBucket V5 provides open source video hosting with PHP. Prior to 5.5.1 - 238, ClipBucket V5 allows unauthenticated attackers to change the template directory via a directory traversal, which results in a denial of service.

Action-Not Available
Vendor-oxygenzMacWarrior
Product-clipbucketclipbucket-v5
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2018-17924
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-4.30% / 90.05%
||
7 Day CHG~0.00%
Published-07 Dec, 2018 | 14:00
Updated-03 Jun, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules An unauthenticated, remote threat actor could send a CIP connection request to an affected device, and upon successful connection, send a new IP configuration to the affected device even if the controller in the system is set to Hard RUN mode. When the affected device accepts this new IP configuration, a loss of communication occurs between the device and the rest of the system as the system traffic is still attempting to communicate with the device via the overwritten IP address.

Action-Not Available
Vendor-n/aRockwell Automation, Inc.
Product-1756-eweb_series_a1756-en2f_series_c1756-en3tr_series_b1756-en2f_series_a1756-en2t_series_d_firmware1756-enbt_firmware1756-enbt1756-en2tr_series_b1756-en2t_series_a1756-eweb_series_b1756-en2t_series_b1756-en3tr_series_b_firmware1756-en2t_series_c_firmwaremicrologix_1400_firmware1756-eweb_series_b_firmware1756-en2tr_series_c1756-en3tr_series_a_firmware1756-en2tr_series_a1756-eweb_series_a_firmware1756-en2t_series_cmicrologix_14001756-en2t_series_b_firmware1756-en2tr_series_a_firmware1756-en3tr_series_a1756-en2f_series_b_firmware1756-en2tr_series_b_firmware1756-en2f_series_c_firmware1756-en2t_series_a_firmware1756-en2f_series_b1756-en2tr_series_c_firmware1756-en2t_series_d1756-en2f_series_a_firmwareRockwell Automation
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2017-10271
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-99.99% / 99.99%
||
7 Day CHG~0.00%
Published-19 Oct, 2017 | 17:00
Updated-21 Apr, 2026 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-08-10||Apply updates per vendor instructions.

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-weblogic_serverWebLogic ServerWebLogic Server
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2023-23444
Matching Score-4
Assigner-SICK AG
ShareView Details
Matching Score-4
Assigner-SICK AG
CVSS Score-7.5||HIGH
EPSS-1.17% / 63.88%
||
7 Day CHG~0.00%
Published-12 May, 2023 | 12:39
Updated-01 Jun, 2026 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Missing Authentication for Critical Function in SICK Flexi Classic and Flexi Soft Gateways with Partnumbers 1042193, 1042964, 1044078, 1044072, 1044073, 1044074, 1099830, 1099832, 1127717, 1069070, 1112296, 1051432, 1102420, 1127487, 1121596, 1121597 allows an unauthenticated remote attacker to influence the availability of the device by changing the IP settings of the device via broadcasted UDP packets.

Action-Not Available
Vendor-SICK AG
Product-ue410-en1fx0-gent00010_firmwareue410-en3fx0-gent00000_firmwareue410-en3_firmwarefx0-gpnt00010_firmwarefx0-gent00010fx0-gpnt00030fx0-gmod00000_firmwarefx0-gent00030ue410-en4_firmwarefx0-gent00030_firmwarefx0-gpnt00010ue410-en1_firmwarefx0-gmod00000fx0-gpnt00000_firmwarefx0-gmod00010ue410-en4fx0-gmod00010_firmwarefx0-gent00000fx0-gpnt00000fx0-gpnt00030_firmwareFX0-GPNT00030 FLEXISOFT PNET GATEW.V2FX0-GENT00030 FLEXISOFT EIP GATEW.V2 FirmwareUE410-EN1 FLEXI ETHERNET GATEW.FX0-GMOD00010 FLEXISOFT MOD GW (C)FX0-GETC00000 FLEXISOFT ETC GWFX3-GEPR00000 FLEXISOFT EFI-PRO GW FirmwareFX0-GENT00000 FLEXISOFT EIP GATEW. FirmwareFX0-GPNT00030 FLEXISOFT PNET GATEW.V2 FirmwareFX0-GENT00000 FLEXISOFT EIP GATEW.FX3-GEPR00000 FLEXISOFT EFI-PRO GWUE410-EN1 FLEXI ETHERNET GATEW. FirmwareFX3-GEPR00010 FLEXISOFT EFI-PRO GW FirmwareFX0-GETC00010 FLEXISOFT ETC GW (C) FirmwareFX0-GENT00010 FLEXISOFT EIP GW (C) FirmwareFX0-GPNT00010 FLEXISOFT PNET GW (C)FX0-GETC00040 FLEXISOFT ETC GWUE410-EN4 FLEXI ETHERNET GATEW. FirmwareFX0-GENT00030 FLEXISOFT EIP GATEW.V2FX0-GPNT00010 FLEXISOFT PNET GW (C) FirmwareUE410-EN3 FLEXI ETHERNET GATEW.FX0-GETC00010 FLEXISOFT ETC GW (C)FX0-GPNT00000 FLEXISOFT PNET GATEW.FX0-GPNT00000 FLEXISOFT PNET GATEW. FirmwareFX0-GETC00040 FLEXISOFT ETC GW FirmwareFX0-GENT00010 FLEXISOFT EIP GW (C)FX0-GMOD00000 FLEXISOFT MOD GATEW. FirmwareFX0-GMOD00000 FLEXISOFT MOD GATEW.FX0-GMOD00010 FLEXISOFT MOD GW (C) FirmwareUE410-EN3 FLEXI ETHERNET GATEW. FirmwareFX3-GEPR00010 FLEXISOFT EFI-PRO GWUE410-EN4 FLEXI ETHERNET GATEW.FX0-GETC00000 FLEXISOFT ETC GW Firmware
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-8751
Matching Score-4
Assigner-SICK AG
ShareView Details
Matching Score-4
Assigner-SICK AG
CVSS Score-7.5||HIGH
EPSS-0.93% / 56.48%
||
7 Day CHG+0.25%
Published-12 Sep, 2024 | 21:38
Updated-16 Jul, 2026 | 11:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE-2024-8751

A vulnerability allows a remote unauthenticated attacker to modify the prod uct’s IP address over the Sopas ET interface. This can lead to a Denial of Service attack.

Action-Not Available
Vendor-Endress+HauserSICK AG
Product-MERCEM300ZMARSIC280GMS800 FIDORMCU ETH-Service and Modbus-TCP ModuleSIPROCESSMARSIC300MSC800MCS300PGM32VICOTEC320MCS200HWGMS800MARSIC200MCS100FTFLPSMES1B B&B ConverterSAM800msc800_firmware
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-37680
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.77% / 51.58%
||
7 Day CHG~0.00%
Published-29 Aug, 2022 | 13:46
Updated-13 Feb, 2025 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper authentication for critical function issue in Hitachi Kokusai Electric Network products for monitoring system (Camera, Decoder and Encoder) and bellow allows attckers to remotely reboot the device via a crafted POST request to the endpoint /ptipupgrade.cgi. Security information ID hitachi-sec-2022-001 contains fixes for the issue.

Action-Not Available
Vendor-n/aHitachi, Ltd.
Product-hc-ip9100hd_firmwarehc-ip9100hdn/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-36619
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.02% / 59.62%
||
7 Day CHG~0.00%
Published-31 Aug, 2022 | 22:55
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In D-link DIR-816 A2_v1.10CNB04.img,the network can be reset without authentication via /goform/setMAC.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-816_firmwaredir-816n/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-8419
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-0.40% / 32.77%
||
7 Day CHG-0.00%
Published-30 Jun, 2025 | 09:39
Updated-16 Feb, 2026 | 15:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Access Control vulnerability in AC4xxS devices

The endpoint hosts a script that allows an unauthorized remote attacker to put the system in a fail-safe state over the network due to missing authentication.

Action-Not Available
Vendor-ifm electronic GmbH
Product-ifm Smart PLC AC422sifm Smart PLC AC402sifm Smart PLC AC424sifm Smart PLC AC434sifm Smart PLC AC432s
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-28771
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-7.5||HIGH
EPSS-0.94% / 57.05%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 20:26
Updated-25 Feb, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Due to missing authentication check, SAP Business one License service API - version 10.0 allows an unauthenticated attacker to send malicious http requests over the network. On successful exploitation, an attacker can break the whole application making it inaccessible.

Action-Not Available
Vendor-SAP SE
Product-business_one_license_service_apiSAP Business One License service API
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-26026
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.5||HIGH
EPSS-1.14% / 63.03%
||
7 Day CHG~0.00%
Published-25 May, 2022 | 20:15
Updated-15 Apr, 2025 | 19:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the OAS Engine SecureConfigValues functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted network request can lead to loss of communications. An attacker can send a network request to trigger this vulnerability.

Action-Not Available
Vendor-openautomationsoftwareOpen Automation Software
Product-oas_platformOAS Platform
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-25508
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.02% / 59.50%
||
7 Day CHG~0.00%
Published-10 Mar, 2022 | 23:35
Updated-03 Aug, 2024 | 04:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An access control issue in the component /ManageRoute/postRoute of FreeTAKServer v1.9.8 allows unauthenticated attackers to cause a Denial of Service (DoS) via an unusually large amount of created routes, or create unsafe or false routes for legitimate users.

Action-Not Available
Vendor-freetakserver-ui_projectn/a
Product-freetakserver-uin/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2023-0116
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.45% / 36.51%
||
7 Day CHG~0.00%
Published-26 May, 2023 | 00:00
Updated-15 Jan, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The reminder module lacks an authentication mechanism for broadcasts received. Successful exploitation of this vulnerability may affect availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiEMUIHarmonyOS
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-50978
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-0.45% / 36.38%
||
7 Day CHG~0.00%
Published-02 Feb, 2026 | 14:09
Updated-03 Feb, 2026 | 16:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Innomic VibroLine VLX and avibia AVLX allow unauthenticated configuration preset change via Modbus (TCP)

An unauthenticated remote attacker could potentially disrupt operations by switching between multiple configuration presets via Modbus (TCP).

Action-Not Available
Vendor-Innomicavibia
Product-VibroLine VLE4 HD 5.0VibroLine VLX6 HD 5.0AvibiaLine AVLE1 HD 5.0VibroLine VLX2 HD 4.0VibroLine VLE6 HD 4.0AvibiaLine AVLX8 HD 5.0VibroLine VLX6 HD 4.0VibroLine VLX1 HD 4.0VibroLine VLX4 HD 5.0VibroLine VLE6 HD 5.0AvibiaLine AVLE6 HD 5.0AvibiaLine AVLE4 HD 5.0VibroLine VLE2 HD 5.0AvibiaLine AVLE2 HD 5.0AvibiaLine AVLX4 HD 5.0AvibiaLine AVLX1 HD 5.0AvibiaLine AVLE8 HD 5.0VibroLine VLX2 HD 5.0AvibiaLine AVLX2 HD 5.0VibroLine VLE1 HD 4.0VibroLine VLX8 HD 4.0VibroLine VLE8 HD 4.0VibroLine VLE8 HD 5.0VibroLine VLE4 HD 4.0VibroLine VLE1 HD 5.0VibroLine VLX8 HD 5.0AvibiaLine AVLX6 HD 5.0VibroLine VLX1 HD 5.0VibroLine VLE2 HD 4.0VibroLine VLX4 HD 4.0
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-45049
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.62% / 45.67%
||
7 Day CHG~0.00%
Published-27 Aug, 2024 | 20:33
Updated-28 Aug, 2024 | 14:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Nix Hydra Missing authentication when triggering evaluations

Hydra is a Continuous Integration service for Nix based projects. It is possible to trigger evaluations in Hydra without any authentication. Depending on the size of evaluations, this can impact the availability of systems. The problem can be fixed by applying https://github.com/NixOS/hydra/commit/f73043378907c2c7e44f633ad764c8bdd1c947d5 to any Hydra package. Users are advised to upgrade. Users unable to upgrade should deny the `/api/push` route in a reverse proxy. This also breaks the "Evaluate jobset" button in the frontend.

Action-Not Available
Vendor-NixOSnixos
Product-hydrahydra
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2017-20222
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.71% / 49.25%
||
7 Day CHG~0.00%
Published-16 Mar, 2026 | 01:28
Updated-14 Apr, 2026 | 17:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Telesquare SKT LTE Router SDT-CS3B1 Unauthenticated Remote Reboot

Telesquare SKT LTE Router SDT-CS3B1 software version 1.2.0 contains an unauthenticated remote reboot vulnerability that allows attackers to trigger device reboot without authentication. Attackers can send POST requests to the lte.cgi endpoint with the Command=Reboot parameter to cause denial of service by forcing the router to restart.

Action-Not Available
Vendor-telesquareTelesquare
Product-sdt-cs3b1sdt-cs3b1_firmwareSDT-CS3B1
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-45504
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-18.27% / 96.90%
||
7 Day CHG~0.00%
Published-08 Dec, 2022 | 00:00
Updated-23 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in the component tpi_systool_handle(0) (/goform/SysToolRestoreSet) of Tenda W6-S v1.0.0.4(510) allows unauthenticated attackers to arbitrarily reboot the device.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-w6-sw6-s_firmwaren/a
CWE ID-CWE-306
Missing Authentication for Critical Function
  • Previous
  • 1
  • 2
  • Next
Details not found