CRITICAL🇬🇧 English

CVE-2022-2474

CVSS 9.8v3.1pub. 2022-10-28upd. 2024-11-21

Authentication is currently unsupported in Haas Controller version 100.20.000.1110 when using the “Ethernet Q Commands” service, which allows any user on the same network segment as the controller (even while connected remotely) to access the service and write unauthorized macros to the device.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Haascnc Haas Controller

    HW
    Haascnc
    wszystkie wersje
  • Haascnc Haas Controller Firmware

    OS
    Haascnc
    100.20.000.1110
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2022-2475CRITICAL9.8ten sam produkt

Haas Controller version 100.20.000.1110 has insufficient granularity of access control when using the "Etherne...

CVE-2022-41636CRITICAL9.1ten sam produkt

Communication traffic involving "Ethernet Q Commands" service of Haas Controller version 100.20.000.1110 is tr...