Francesco Sortino

**Name of the Vulnerable Software and Affected Versions** Haas Controller version 100.20.000.1110 **Description** The issue concerns the "Ethernet Q Commands" service in the Haas Controller, where authentication is currently unsupported. This allows any user on the same network segment as the controller, including those connected remotely, to access the service and write unauthorized macros to the device. **Recommendations** For Haas Controller version 100.20.000.1110, consider disabling the "Ethernet Q Commands" service until a patch is available to prevent unauthorized access and macro writing. Restrict access to the network segment where the controller is located to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Haas Controller version 100.20.000.1110 **Description** The issue is related to insufficient granularity of access control when using the "Ethernet Q Commands" service. This allows any user to write macros into registers outside of the authorized accessible range, potentially enabling access to privileged resources or resources out of context. **Recommendations** For Haas Controller version 100.20.000.1110, consider restricting access to the "Ethernet Q Commands" service to minimize the risk of exploitation. As a temporary workaround, limit the ability of users to write macros into registers outside of their authorized accessible range until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Haas Controller version 100.20.000.1110 **Description** The issue concerns the transmission of communication traffic involving the "Ethernet Q Commands" service in cleartext. This allows an attacker to obtain sensitive information being passed to and from the controller. **Recommendations** For Haas Controller version 100.20.000.1110, consider implementing encryption for the "Ethernet Q Commands" service to protect sensitive information. As a temporary workaround, restrict access to the "Ethernet Q Commands" service to minimize the risk of exploitation.