Main Vulnerability Database Vulnerabilities #VU67295

#VU67295 Improper Authentication in TMS300 CS - CVE-2022-2757

Published: September 14, 2022

Vulnerability identifier: #VU67295

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2022-2757

CWE-ID: CWE-287

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
TMS300 CS

Software vendor:
Kingspan

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to the lack of adequately implemented access-control rules. A remote attacker can access a specific uniform resource locator (URL) on the webserver and view and modify the application settings without authenticating.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://ics-cert.us-cert.gov/advisories/icsa-22-256-04