CVE-2022-2475

Name of the Vulnerable Software and Affected Versions Haas Controller version 100.20.000.1110

Description The issue is related to insufficient granularity of access control when using the "Ethernet Q Commands" service. This allows any user to write macros into registers outside of the authorized accessible range, potentially enabling access to privileged resources or resources out of context.

Recommendations For Haas Controller version 100.20.000.1110, consider restricting access to the "Ethernet Q Commands" service to minimize the risk of exploitation. As a temporary workaround, limit the ability of users to write macros into registers outside of their authorized accessible range until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.