CVE-2022-2757

Name of the Vulnerable Software and Affected Versions Kingspan TMS300 CS versions (affected versions not specified)

Description The issue is due to the lack of adequately implemented access-control rules, allowing an attacker to view and modify application settings without authenticating by accessing a specific uniform resource locator (URL) on the webserver. This can be done by accessing certain URLs, which can be set through the web interface or using brute force. The attacker can change various settings, including those related to sensors, tank information, and alarm threshold values, potentially leading to an emergency situation. The vulnerable product is used worldwide in the water supply and drainage sector.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.