PT-2022-17606 · Power Line Communications · Plc4Trucks J2497

Ben Gardiner

Published

2022-03-07

Updated

2022-03-19

CVE-2022-25922

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions Power Line Communications PLC4TRUCKS J2497 trailer brake controllers (affected versions not specified)

Description The issue concerns the lack of authentication or authorization for diagnostic functions in the Power Line Communications PLC4TRUCKS J2497 trailer brake controllers. These functions can be invoked by replaying J2497 messages, potentially allowing unauthorized access.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2022-25922

Affected Products

Plc4Trucks J2497

PT-2022-17606 · Power Line Communications · Plc4Trucks J2497

CVE-2022-25922

Weakness Enumeration

Related Identifiers

Affected Products

References · 3