Vulnerability Details CVE-2022-2474
Authentication is currently unsupported in Haas Controller version 100.20.000.1110 when using the “Ethernet Q Commands” service, which allows any user on the same network segment as the controller (even while connected remotely) to access the service and write unauthorized macros to the device.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 18.1%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2022-2474
-
cpe:2.3:h:haascnc:haas_controller:-
-
cpe:2.3:o:haascnc:haas_controller_firmware:100.20.000.1110