Vulnerabilities > Missing Authentication for Critical Function

DATE	CVE	VULNERABILITY TITLE	RISK
2023-02-01	CVE-2022-42970	Missing Authentication for Critical Function vulnerability in Schneider-Electric products A CWE-306: Missing Authentication for Critical Function The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. network low complexity schneider-electric CWE-306 critical	9.8
2023-01-30	CVE-2022-32528	Missing Authentication for Critical Function vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause access to manipulate and read specific files in the IGSS project report directory, potentially leading to a denial-of-service condition when an attacker sends specific messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170) network low complexity schneider-electric CWE-306 critical	9.1
2023-01-23	CVE-2021-43447	Missing Authentication for Critical Function vulnerability in Onlyoffice Server 7.0.0.49 ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. network low complexity onlyoffice CWE-306	7.5
2023-01-20	CVE-2023-0052	Missing Authentication for Critical Function vulnerability in Sauter-Controls products SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior allows the execution of commands without credentials. network low complexity sauter-controls CWE-306	8.8
2023-01-19	CVE-2022-3738	Missing Authentication for Critical Function vulnerability in Wago products The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. network high complexity wago CWE-306	5.9
2023-01-13	CVE-2022-42276	Missing Authentication for Critical Function vulnerability in Nvidia DGX A100 Firmware 1.8 NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmiFlash, where a local user with elevated privileges can read, write and erase flash, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. local low complexity nvidia CWE-306	8.2
2023-01-13	CVE-2022-42277	Missing Authentication for Critical Function vulnerability in Nvidia DGX Station A100 Firmware NVIDIA DGX Station contains a vulnerability in SBIOS in the SmiFlash, where a local user with elevated privileges can read, write and erase flash, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. local low complexity nvidia CWE-306	8.2
2023-01-13	CVE-2022-42275	Missing Authentication for Critical Function vulnerability in Nvidia BMC NVIDIA BMC IPMI handler allows an unauthenticated host to write to a host SPI flash bypassing secureboot protections. local low complexity nvidia CWE-306	7.1
2023-01-13	CVE-2022-46463	Missing Authentication for Critical Function vulnerability in Linuxfoundation Harbor An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication. network low complexity linuxfoundation CWE-306	7.5
2022-12-27	CVE-2022-45423	Missing Authentication for Critical Function vulnerability in Dahuasecurity products Some Dahua software products have a vulnerability of unauthenticated request of MQTT credentials. network low complexity dahuasecurity CWE-306	7.5