PT-2022-25996 · Haas · Haas Controller
Francesco Sortino
+1
·
Published
2022-10-28
·
Updated
2022-11-01
·
CVE-2022-41636
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Haas Controller version 100.20.000.1110
Description
The issue concerns the transmission of communication traffic involving the "Ethernet Q Commands" service in cleartext. This allows an attacker to obtain sensitive information being passed to and from the controller.
Recommendations
For Haas Controller version 100.20.000.1110, consider implementing encryption for the "Ethernet Q Commands" service to protect sensitive information. As a temporary workaround, restrict access to the "Ethernet Q Commands" service to minimize the risk of exploitation.
Fix
Cleartext Transmission of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Haas Controller