Total
1493 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-30317 | 1 Honeywell | 2 Experion Lx, Experion Lx Firmware | 2024-11-21 | 9.1 Critical |
| Honeywell Experion LX through 2022-05-06 has Missing Authentication for a Critical Function. According to FSCT-2022-0055, there is a Honeywell Experion LX Control Data Access (CDA) EpicMo protocol with unauthenticated functionality issue. The affected components are characterized as: Honeywell Control Data Access (CDA) EpicMo (55565/TCP). The potential impact is: Firmware manipulation, Denial of service. The Honeywell Experion LX Distributed Control System (DCS) utilizes the Control Data Access (CDA) EpicMo protocol (55565/TCP) for device diagnostics and maintenance purposes. This protocol does not have any authentication features, allowing any attacker capable of communicating with the ports in question to invoke (a subset of) desired functionality. There is no authentication functionality on the protocol in question. An attacker capable of invoking the protocols' functionalities could issue firmware download commands potentially allowing for firmware manipulation and reboot devices causing denial of service. | ||||
| CVE-2022-30313 | 1 Honeywell | 2 Safety Manager, Safety Manager Firmware | 2024-11-21 | 7.5 High |
| Honeywell Experion PKS Safety Manager through 2022-05-06 has Missing Authentication for a Critical Function. According to FSCT-2022-0051, there is a Honeywell Experion PKS Safety Manager multiple proprietary protocols with unauthenticated functionality issue. The affected components are characterized as: Honeywell Experion TCP (51000/TCP), Safety Builder (51010/TCP). The potential impact is: Manipulate controller state, Manipulate controller configuration, Manipulate controller logic, Manipulate controller files, Manipulate IO. The Honeywell Experion PKS Distributed Control System (DCS) Safety Manager utilizes several proprietary protocols for a wide variety of functionality, including process data acquisition, controller steering and configuration management. These protocols include: Experion TCP (51000/TCP) and Safety Builder (51010/TCP). None of these protocols have any authentication features, allowing any attacker capable of communicating with the ports in question to invoke (a subset of) desired functionality. There is no authentication functionality on the protocols in question. An attacker capable of invoking the protocols' functionalities could achieve a wide range of adverse impacts, including (but not limited to), the following: for Experion TCP (51000/TCP): Issue IO manipulation commands, Issue file read/write commands; and for Safety Builder (51010/TCP): Issue controller start/stop commands, Issue logic download/upload commands, Issue file read commands, Issue system time change commands. A mitigating factor with regards to some, but not all, of the above functionality is that these require the Safety Manager physical keyswitch to be in the right position. | ||||
| CVE-2022-30276 | 1 Motorola | 4 Ace Ip Gateway \(4600\), Ace Ip Gateway \(4600\) Firmware, Moscad Ip Gateway and 1 more | 2024-11-21 | 7.5 High |
| The Motorola MOSCAD and ACE line of RTUs through 2022-05-02 omit an authentication requirement. They feature IP Gateway modules which allow for interfacing between Motorola Data Link Communication (MDLC) networks (potentially over a variety of serial, RF and/or Ethernet links) and TCP/IP networks. Communication with RTUs behind the gateway is done by means of the proprietary IPGW protocol (5001/TCP). This protocol does not have any authentication features, allowing any attacker capable of communicating with the port in question to invoke (a subset of) desired functionality. | ||||
| CVE-2022-30230 | 1 Siemens | 1 Sicam Gridedge Essential | 2024-11-21 | 9.8 Critical |
| A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions < V2.6.6), SICAM GridEdge Essential Intel (All versions < V2.6.6), SICAM GridEdge Essential with GDS ARM (All versions < V2.6.6), SICAM GridEdge Essential with GDS Intel (All versions < V2.6.6). The affected software does not require authenticated access for privileged functions. This could allow an unauthenticated attacker to create a new user with administrative permissions. | ||||
| CVE-2022-30229 | 1 Siemens | 1 Sicam Gridedge Essential | 2024-11-21 | 5.3 Medium |
| A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions < V2.6.6), SICAM GridEdge Essential Intel (All versions < V2.6.6), SICAM GridEdge Essential with GDS ARM (All versions < V2.6.6), SICAM GridEdge Essential with GDS Intel (All versions < V2.6.6). The affected software does not require authenticated access for privileged functions. This could allow an unauthenticated attacker to change data of an user, such as credentials, in case that user's id is known. | ||||
| CVE-2022-2552 | 1 Snapcreek | 1 Duplicator | 2024-11-21 | 5.3 Medium |
| The Duplicator WordPress plugin before 1.4.7 does not authenticate or authorize visitors before displaying information about the system such as server software, php version and full file system path to the site. | ||||
| CVE-2022-2242 | 1 Kuka | 1 Systemsoftware V\/kss | 2024-11-21 | 9.8 Critical |
| The KUKA SystemSoftware V/KSS in versions prior to 8.6.5 is prone to improper access control as an unauthorized attacker can directly read and write robot configurations when access control is not available or not enabled (default). | ||||
| CVE-2022-29957 | 1 Emerson | 1 Deltav Distributed Control System | 2024-11-21 | 7.8 High |
| The Emerson DeltaV Distributed Control System (DCS) through 2022-04-29 mishandles authentication. It utilizes several proprietary protocols for a wide variety of functionality. These protocols include Firmware upgrade (18508/TCP, 18518/TCP); Plug-and-Play (18510/UDP); Hawk services (18507/UDP); Management (18519/TCP); Cold restart (18512/UDP); SIS communications (12345/TCP); and Wireless Gateway Protocol (18515/UDP). None of these protocols have any authentication features, allowing any attacker capable of communicating with the ports in question to invoke (a subset of) desired functionality. | ||||
| CVE-2022-29952 | 1 Bakerhughes | 8 Bently Nevada 3701\/40, Bently Nevada 3701\/40 Firmware, Bently Nevada 3701\/44 and 5 more | 2024-11-21 | 9.1 Critical |
| Bently Nevada condition monitoring equipment through 2022-04-29 mishandles authentication. It utilizes the TDI command and data protocols (60005/TCP, 60007/TCP) for communications between the monitoring controller and System 1 and/or Bently Nevada Monitor Configuration (BNMC) software. These protocols provide configuration management and historical data related functionality. Neither protocol has any authentication features, allowing any attacker capable of communicating with the ports in question to invoke (a subset of) desired functionality. | ||||
| CVE-2022-29951 | 1 Jtekt | 34 Nano 10gx Tuc-1157, Nano 10gx Tuc-1157 Firmware, Nano Cpu Tuc-6941 and 31 more | 2024-11-21 | 9.1 Critical |
| JTEKT TOYOPUC PLCs through 2022-04-29 mishandle authentication. They utilize the CMPLink/TCP protocol (configurable on ports 1024-65534 on either TCP or UDP) for a wide variety of engineering purposes such as starting and stopping the PLC, downloading and uploading projects, and changing configuration settings. This protocol does not have any authentication features, allowing any attacker capable of communicating with the port in question to invoke (a subset of) desired functionality. | ||||
| CVE-2022-29934 | 1 Usu | 1 Oracle Optimization | 2024-11-21 | 7.8 High |
| USU Oracle Optimization before 5.17.5 lacks Polkit authentication, which allows smartcollector users to achieve root access via pkexec. NOTE: this is not an Oracle Corporation product. | ||||
| CVE-2022-29883 | 1 Siemens | 72 7kg8500-0aa00-0aa0, 7kg8500-0aa00-0aa0 Firmware, 7kg8500-0aa00-2aa0 and 69 more | 2024-11-21 | 5.3 Medium |
| A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00). Affected devices do not restrict unauthenticated access to certain pages of the web interface. This could allow an attacker to delete log files without authentication. | ||||
| CVE-2022-29881 | 1 Siemens | 72 7kg8500-0aa00-0aa0, 7kg8500-0aa00-0aa0 Firmware, 7kg8500-0aa00-2aa0 and 69 more | 2024-11-21 | 5.3 Medium |
| A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00). The web based management interface of affected devices does not employ special access protection for certain internal developer views. This could allow unauthenticated users to extract internal configuration details. | ||||
| CVE-2022-29879 | 1 Siemens | 72 7kg8500-0aa00-0aa0, 7kg8500-0aa00-0aa0 Firmware, 7kg8500-0aa00-2aa0 and 69 more | 2024-11-21 | 6.5 Medium |
| A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00). The web based management interface of affected devices does not employ special access protection for certain internal developer views. This could allow authenticated users to access critical device information. | ||||
| CVE-2022-29877 | 1 Siemens | 72 7kg8500-0aa00-0aa0, 7kg8500-0aa00-0aa0 Firmware, 7kg8500-0aa00-2aa0 and 69 more | 2024-11-21 | 6.5 Medium |
| A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00). Affected devices allow unauthenticated access to the web interface configuration area. This could allow an attacker to extract internal configuration details or to reconfigure network settings. However, the reconfigured settings cannot be activated unless the role of an authenticated administrator user. | ||||
| CVE-2022-29402 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2024-11-21 | 6.8 Medium |
| TP-Link TL-WR840N EU v6.20 was discovered to contain insecure protections for its UART console. This vulnerability allows attackers to connect to the UART port via a serial connection and execute commands as the root user without authentication. | ||||
| CVE-2022-29270 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 4.3 Medium |
| In Nagios XI through 5.8.5, it is possible for a user without password verification to change his e-mail address. | ||||
| CVE-2022-28809 | 1 Opendesign | 1 Drawings Sdk | 2024-11-21 | 7.8 High |
| An issue was discovered in Open Design Alliance Drawings SDK before 2023.3. An Out-of-Bounds Read vulnerability exists when reading a DWG file with an invalid vertex number in a recovery mode. An attacker can leverage this vulnerability to execute code in the context of the current process. | ||||
| CVE-2022-28771 | 1 Sap | 1 Business One License Service Api | 2024-11-21 | 7.5 High |
| Due to missing authentication check, SAP Business one License service API - version 10.0 allows an unauthenticated attacker to send malicious http requests over the network. On successful exploitation, an attacker can break the whole application making it inaccessible. | ||||
| CVE-2022-28719 | 1 Hammock | 1 Assetview | 2024-11-21 | 9.8 Critical |
| Missing authentication for critical function in AssetView prior to Ver.13.2.0 allows a remote unauthenticated attacker with some knowledge on the system configuration to upload a crafted configuration file to the managing server, which may result in the managed clients to execute arbitrary code with the administrative privilege. | ||||