9.1
CVE-2022-25922
- EPSS 0.21%
- Veröffentlicht 10.03.2022 17:47:27
- Zuletzt bearbeitet 21.11.2024 06:53:13
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginPower Line Communications PLC4TRUCKS J2497 trailer brake controllers implement diagnostic functions which can be invoked by replaying J2497 messages. There is no authentication or authorization for these functions.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Hegemonelectronics ≫ Plc4trucks Firmware Versionj2497
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.21% | 0.432 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.1 | 3.9 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
|
| nvd@nist.gov | 6.4 | 10 | 4.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:P
|
| ics-cert@hq.dhs.gov | 6.1 | 0.9 | 5.2 |
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
|
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.