Unauthenticated Remote Macro Injection Vulnerability in Haas Controller Version 100.20.000.1110

Unauthenticated Remote Macro Injection Vulnerability in Haas Controller Version 100.20.000.1110

CVE-2022-2474 · HIGH Severity

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Authentication is currently unsupported in Haas Controller version 100.20.000.1110 when using the “Ethernet Q Commands” service, which allows any user on the same network segment as the controller (even while connected remotely) to access the service and write unauthorized macros to the device.

Learn more about our Network Penetration Testing.