CVE-2022-41636

CVSS 9.1 CRITICALEPSS 0.4%CWE-319

Communication traffic involving "Ethernet Q Commands" service of Haas Controller version 100.20.000.1110 is transmitted in cleartext. This allows an attacker to obtain sensitive information being passed to and from the controller.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected products

Haas · Haas CNC Controller

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-01