Vulnerabilities > Haascnc

DATE CVE VULNERABILITY TITLE RISK
2022-10-28 CVE-2022-2474 Missing Authentication for Critical Function vulnerability in Haascnc Haas Controller Firmware 100.20.000.1110
Authentication is currently unsupported in Haas Controller version 100.20.000.1110 when using the “Ethernet Q Commands” service, which allows any user on the same network segment as the controller (even while connected remotely) to access the service and write unauthorized macros to the device.
low complexity
haascnc CWE-306
8.0
2022-10-28 CVE-2022-2475 Unspecified vulnerability in Haascnc Haas Controller Firmware 100.20.000.1110
Haas Controller version 100.20.000.1110 has insufficient granularity of access control when using the "Ethernet Q Commands" service.
network
low complexity
haascnc
8.8
2022-10-28 CVE-2022-41636 Cleartext Transmission of Sensitive Information vulnerability in Haascnc Haas Controller 100.20.000.1110
Communication traffic involving "Ethernet Q Commands" service of Haas Controller version 100.20.000.1110 is transmitted in cleartext.
network
low complexity
haascnc CWE-319
7.5