Описание
Authentication is currently unsupported in Haas Controller version 100.20.000.1110 when using the “Ethernet Q Commands” service, which allows any user on the same network segment as the controller (even while connected remotely) to access the service and write unauthorized macros to the device.
Ссылки
- Third Party AdvisoryUS Government Resource
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:haascnc:haas_controller_firmware:100.20.000.1110:*:*:*:*:*:*:*
cpe:2.3:h:haascnc:haas_controller:-:*:*:*:*:*:*:*
EPSS
Процентиль: 38%
0.00165
Низкий
9.8 Critical
CVSS3
8 High
CVSS3
Дефекты
CWE-306
CWE-306
Связанные уязвимости
CVSS3: 8
github
больше 2 лет назад
Authentication is currently unsupported in Haas Controller version 100.20.000.1110 when using the “Ethernet Q Commands” service, which allows any user on the same network segment as the controller (even while connected remotely) to access the service and write unauthorized macros to the device.
EPSS
Процентиль: 38%
0.00165
Низкий
9.8 Critical
CVSS3
8 High
CVSS3
Дефекты
CWE-306
CWE-306