Vulnerabilities > Missing Authentication for Critical Function

DATE CVE VULNERABILITY TITLE RISK
2018-03-08 CVE-2018-4838 Missing Authentication for Critical Function vulnerability in Siemens products
A vulnerability has been identified in EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module DNP3 variant (All versions < V1.04), EN100 Ethernet module PROFINET IO variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions < V1.22).
network
low complexity
siemens CWE-306
7.5
2018-03-01 CVE-2018-2368 Missing Authentication for Critical Function vulnerability in SAP Netweaver System Landscape Directory
SAP NetWeaver System Landscape Directory, LM-CORE 7.10, 7.20, 7.30, 7.31, 7.40, does not perform any authentication checks for functionalities that require user identity.
network
low complexity
sap CWE-306
critical
9.8
2018-02-22 CVE-2018-7301 Missing Authentication for Critical Function vulnerability in Eq-3 Homematic Central Control Unit Ccu2 Firmware 2.29.22
eQ-3 AG HomeMatic CCU2 2.29.22 devices have an open XML-RPC port without authentication.
network
low complexity
eq-3 CWE-306
critical
9.8
2018-02-15 CVE-2017-12720 Missing Authentication for Critical Function vulnerability in Smiths-Medical Medfusion 4000 Wireless Syringe Infusion Pump 1.1/1.5/1.6
An Improper Access Control issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6.
network
high complexity
smiths-medical CWE-306
8.1
2018-02-08 CVE-2018-0127 Missing Authentication for Critical Function vulnerability in Cisco Rv132W Firmware and Rv134W Firmware
A vulnerability in the web interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to view configuration parameters for an affected device, which could lead to the disclosure of confidential information.
network
low complexity
cisco CWE-306
critical
9.8
2018-01-09 CVE-2018-2360 Missing Authentication for Critical Function vulnerability in SAP Kernel 7.45/7.49/7.52
SAP Startup Service, SAP KERNEL 7.45, 7.49, and 7.52, is missing an authentication check for functionalities that require user identity and cause consumption of file system storage.
network
low complexity
sap CWE-306
7.5
2017-12-31 CVE-2017-18001 Missing Authentication for Critical Function vulnerability in Trustwave Secure web Gateway 11.8.0.27
Trustwave Secure Web Gateway (SWG) through 11.8.0.27 allows remote attackers to append an arbitrary public key to the device's SSH Authorized Keys data, and consequently obtain remote root access, via the publicKey parameter to the /sendKey URI.
network
low complexity
trustwave CWE-306
critical
9.8
2017-12-20 CVE-2017-17747 Missing Authentication for Critical Function vulnerability in Tp-Link Tl-Sg108E Firmware 1.0.0
Weak access controls in the Device Logout functionality on the TP-Link TL-SG108E v1.0.0 allow remote attackers to call the logout functionality, triggering a denial of service condition.
low complexity
tp-link CWE-306
6.5
2017-12-20 CVE-2017-17746 Missing Authentication for Critical Function vulnerability in Tp-Link Tl-Sg108E Firmware 1.0.0
Weak access control methods on the TP-Link TL-SG108E 1.0.0 allow any user on a NAT network with an authenticated administrator to access the device without entering user credentials.
low complexity
tp-link CWE-306
6.8
2017-12-12 CVE-2017-12155 Missing Authentication for Critical Function vulnerability in Ceph
A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable.
local
high complexity
ceph CWE-306
6.3