CVE-2022-31485

Name of the Vulnerable Software and Affected Versions HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 versions prior to 1.29

Description An unauthenticated attacker can send specially crafted packets to update the notes section of the home page of the web interface. This issue is related to errors in the security mechanisms of the HID Mercury programmable logic controllers. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited.

Recommendations For versions prior to 1.29, update the firmware to version 1.29 or later to resolve the issue. As a temporary workaround, consider restricting access to the web interface to minimize the risk of exploitation. Avoid using the notes section in the affected web interface until the issue is resolved.