Haascnc: Security Vulnerabilities
Communication traffic involving "Ethernet Q Commands" service of Haas Controller version 100.20.000.1110 is transmitted in cleartext. This allows an attacker to obtain sensitive information being passed to and from the controller.
CVSS Score
9.1
EPSS Score
0.0
Published
2022-10-28
Authentication is currently unsupported in Haas Controller version 100.20.000.1110 when using the “Ethernet Q Commands” service, which allows any user on the same network segment as the controller (even while connected remotely) to access the service and write unauthorized macros to the device.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-10-28
Haas Controller version 100.20.000.1110 has insufficient granularity of access control when using the "Ethernet Q Commands" service. Any user is able to write macros into registers outside of the authorized accessible range. This could allow a user to access privileged resources or resources out of context.
CVSS Score
9.8
EPSS Score
0.0
Published
2022-10-28