Vulnerabilities > Missing Authentication for Critical Function
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-26 | CVE-2022-30276 | Missing Authentication for Critical Function vulnerability in Motorola products The Motorola MOSCAD and ACE line of RTUs through 2022-05-02 omit an authentication requirement. | 7.5 |
| 2022-07-26 | CVE-2022-36129 | Missing Authentication for Critical Function vulnerability in Hashicorp Vault HashiCorp Vault Enterprise 1.7.0 through 1.9.7, 1.10.4, and 1.11.0 clusters using Integrated Storage expose an unauthenticated API endpoint that could be abused to override the voter status of a node within a Vault HA cluster, introducing potential for future data loss or catastrophic failure. | 9.1 |
| 2022-07-26 | CVE-2022-29951 | Missing Authentication for Critical Function vulnerability in Jtekt products JTEKT TOYOPUC PLCs through 2022-04-29 mishandle authentication. | 9.1 |
| 2022-07-26 | CVE-2022-29952 | Missing Authentication for Critical Function vulnerability in Bakerhughes products Bently Nevada condition monitoring equipment through 2022-04-29 mishandles authentication. | 9.1 |
| 2022-07-26 | CVE-2022-29957 | Missing Authentication for Critical Function vulnerability in Emerson Deltav Distributed Control System The Emerson DeltaV Distributed Control System (DCS) through 2022-04-29 mishandles authentication. | 7.8 |
| 2022-07-22 | CVE-2021-36200 | Missing Authentication for Critical Function vulnerability in Johnsoncontrols products Under certain circumstances an unauthenticated user could access the the web API for Metasys ADS/ADX/OAS 10 versions prior to 10.1.6 and 11 versions prior to 11.0.2 and enumerate users. | 5.3 |
| 2022-07-21 | CVE-2022-34767 | Missing Authentication for Critical Function vulnerability in Allnet All-Wr0500Ac Firmware Web page which "wizardpwd.asp" ALLNET Router model WR0500AC is prone to Authorization bypass vulnerability – the password, located at "admin" allows changing the http[s]://wizardpwd.asp/cgi-bin. | 9.8 |
| 2022-07-21 | CVE-2022-20857 | Missing Authentication for Critical Function vulnerability in Cisco Nexus Dashboard Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack. | 9.8 |
| 2022-07-21 | CVE-2022-20858 | Missing Authentication for Critical Function vulnerability in Cisco Nexus Dashboard Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack. | 9.8 |
| 2022-07-20 | CVE-2022-2141 | Missing Authentication for Critical Function vulnerability in Micodus Mv720 Firmware SMS-based GPS commands can be executed by MiCODUS MV720 GPS tracker without authentication. | 9.8 |