Vulnerabilities > Haascnc > Haas Controller Firmware > 100.20.000.1110
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-28 | CVE-2022-2474 | Missing Authentication for Critical Function vulnerability in Haascnc Haas Controller Firmware 100.20.000.1110 Authentication is currently unsupported in Haas Controller version 100.20.000.1110 when using the “Ethernet Q Commands” service, which allows any user on the same network segment as the controller (even while connected remotely) to access the service and write unauthorized macros to the device. | 8.0 |
| 2022-10-28 | CVE-2022-2475 | Unspecified vulnerability in Haascnc Haas Controller Firmware 100.20.000.1110 Haas Controller version 100.20.000.1110 has insufficient granularity of access control when using the "Ethernet Q Commands" service. | 8.8 |