Vulnerabilities > CVE-2022-2475 - Unspecified vulnerability in Haascnc Haas Controller Firmware 100.20.000.1110

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

haascnc

NVD

Published: 2022-10-28

Updated: 2022-11-02

Summary

Haas Controller version 100.20.000.1110 has insufficient granularity of access control when using the "Ethernet Q Commands" service. Any user is able to write macros into registers outside of the authorized accessible range. This could allow a user to access privileged resources or resources out of context.

Vulnerable Configurations

Part	Description	Count
OS	Haascnc Haascnc Haas Controller Firmware 100.20.000.1110	1
Hardware	Haascnc Haascnc Haas Controller -	1

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-01