CVE-2022-2474 Information

Description

Authentication is currently unsupported in Haas Controller version 100.20.000.1110 when using the “Ethernet Q Commands” service which allows any user on the same network segment as the controller (even while connected remotely) to access the service and write unauthorized macros to the device.

Reference

https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-01