Unauthenticated Remote Macro Injection Vulnerability in Haas Controller Version 100.20.000.1110
CVE-2022-2474 · HIGH Severity
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Authentication is currently unsupported in Haas Controller version 100.20.000.1110 when using the “Ethernet Q Commands” service, which allows any user on the same network segment as the controller (even while connected remotely) to access the service and write unauthorized macros to the device.
Learn more about our Network Penetration Testing.