Main Vulnerability Database SB2022091412

SB2022091412 - Improper Authentication in Kingspan TMS300 CS

Published: September 14, 2022

Security Bulletin ID SB2022091412

Severity

High

Patch available

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper Authentication (CVE-ID: CVE-2022-2757)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to the lack of adequately implemented access-control rules. A remote attacker can access a specific uniform resource locator (URL) on the webserver and view and modify the application settings without authenticating.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://ics-cert.us-cert.gov/advisories/icsa-22-256-04