Vulnerabilities > Missing Authentication for Critical Function

DATE CVE VULNERABILITY TITLE RISK
2020-04-06 CVE-2020-10265 Missing Authentication for Critical Function vulnerability in Universal-Robots UR Software
Universal Robots Robot Controllers Version CB2 SW Version 1.4 upwards, CB3 SW Version 3.0 and upwards, e-series SW Version 5.0 and upwards expose a service called DashBoard server at port 29999 that allows for control over core robot functions like starting/stopping programs, shutdown, reset safety and more.
network
low complexity
universal-robots CWE-306
critical
 9.4
9.4
2020-04-06 CVE-2020-10264 Missing Authentication for Critical Function vulnerability in Universal-Robots UR Software
CB3 SW Version 3.3 and upwards, e-series SW Version 5.0 and upwards allow authenticated access to the RTDE (Real-Time Data Exchange) interface on port 30004 which allows setting registers, the speed slider fraction as well as digital and analog Outputs.
low complexity
universal-robots CWE-306
8.8
8.8
2020-04-05 CVE-2020-11547 Missing Authentication for Critical Function vulnerability in Paessler Prtg Network Monitor
PRTG Network Monitor before 20.1.57.1745 allows remote unauthenticated attackers to obtain information about probes running or the server itself (CPU usage, memory, Windows version, and internal statistics) via an HTTP request, as demonstrated by type=probes to login.htm or index.htm.
network
low complexity
paessler CWE-306
5.3
5.3
2020-04-02 CVE-2019-19092 Missing Authentication for Critical Function vulnerability in Hitachienergy Esoms
ABB eSOMS versions 4.0 to 6.0.3 use ASP.NET Viewstate without Message Authentication Code (MAC).
network
low complexity
hitachienergy CWE-306
3.5
3.5
2020-04-02 CVE-2020-9349 Missing Authentication for Critical Function vulnerability in Cacagoo Tv-288Zd-2Mp Firmware 3.4.2.0919
The CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP with firmware 3.4.2.0919 allows access to the RTSP service without a password.
network
low complexity
cacagoo CWE-306
7.5
7.5
2020-03-30 CVE-2020-8509 Missing Authentication for Critical Function vulnerability in Zohocorp Manageengine Desktop Central
Zoho ManageEngine Desktop Central before 10.0.483 allows unauthenticated users to access PDFGenerationServlet, leading to sensitive information disclosure.
network
low complexity
zohocorp CWE-306
7.5
7.5
2020-03-27 CVE-2020-3920 Missing Authentication for Critical Function vulnerability in Unisoon Ultralog Express Firmware 1.4.0
UltraLog Express device management interface does not properly perform access authentication in some specific pages/functions.
network
low complexity
unisoon CWE-306
8.1
8.1
2020-03-25 CVE-2020-10965 Missing Authentication for Critical Function vulnerability in Teradici Pcoip Management Console 19.11.1/20.01.0
Teradici PCoIP Management Console 20.01.0 and 19.11.1 is vulnerable to unauthenticated password resets via login/resetadminpassword of the default admin account.
network
high complexity
teradici CWE-306
8.1
8.1
2020-03-24 CVE-2019-20624 Missing Authentication for Critical Function vulnerability in Google Android
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software.
network
low complexity
google CWE-306
5.3
5.3
2020-03-24 CVE-2019-20598 Missing Authentication for Critical Function vulnerability in Google Android 8.0/8.1
An issue was discovered on Samsung mobile devices with O(8.x) software.
low complexity
google CWE-306
2.4
2.4