CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-2475

Haas Controller version 100.20.000.1110 has insufficient granularity of access control when using the "Ethernet Q Commands" service. Any user is able to write macros into registers outside of the authorized accessible range. This could allow a user to access privileged resources or resources out of context.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 13.6%

CVSS Severity

CVSS v3 Score 9.8

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-01
https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-01

Products affected by CVE-2022-2475

Haascnc » Haas Controller » Version: N/A

cpe:2.3:h:haascnc:haas_controller:-
Haascnc » Haas Controller Firmware » Version: 100.20.000.1110

cpe:2.3:o:haascnc:haas_controller_firmware:100.20.000.1110

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-2475

Products

Pricing

Contact Us