Lucene search

[email protected]CVE-2022-2475

HistoryOct 28, 2022 - 6:15 p.m.

CVE-2022-2475

2022-10-2818:15:11

CWE-1220

[email protected]

web.nvd.nist.gov

cve-2022-2475

haas controller

access control

vulnerability

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

37.0%

JSON

Haas Controller version 100.20.000.1110 has insufficient granularity of access control when using the “Ethernet Q Commands” service. Any user is able to write macros into registers outside of the authorized accessible range. This could allow a user to access privileged resources or resources out of context.

Affected configurations

NVD

Node

haascnchaas_controller_firmwareMatch100.20.000.1110

AND

haascnchaas_controllerMatch-

CPENameOperatorVersion
haascnc:haas_controller_firmwarehaascnc haas controller firmwareeq100.20.000.1110

CPE	Name	Operator	Version
haascnc:haas_controller_firmware	haascnc haas controller firmware	eq	100.20.000.1110

CNA Affected

[
  {
    "vendor": "Haas",
    "product": "Haas CNC Controller",
    "versions": [
      {
        "version": "Version 100.20.000.1110",
        "status": "affected"
      }
    ]
  }
]

References

www.cisa.gov/uscert/ics/advisories/icsa-22-298-01

Social References

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

37.0%

JSON

Related for CVE-2022-2475

prion1 nvd1 cvelist1 ics1