CVE-2022-41648
CVSS V2 None
CVSS V3 Critical 9.8
Description
The HEIDENHAIN Controller TNC 640, version 340590 07 SP5, running HEROS 5.08.3 controlling the HARTFORD 5A-65E CNC machine is vulnerable to improper authentication, which may allow an attacker to deny service to the production line, steal sensitive data from the production line, and alter any products created by the production line.
Overview
- CVE ID
- CVE-2022-41648
- Assigner
- ics-cert@hq.dhs.gov
- Vulnerability Status
- Analyzed
- Published Version
- 2022-10-28T18:15:12
- Last Modified Date
- 2022-11-03T14:02:43
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| AND | ||||
| cpe:2.3:a:heidenhain:tnc_640_programming_station:340590_07:sp5:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:heidenhain:heros:5.08.3:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:heidenhain:tnc_640:-:*:*:*:*:*:*:* | 0 | OR |
CVSS Version 3
- Version
- 3.1
- Vector String
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Attack Vector
- NETWORK
- Attack Compatibility
- LOW
- Privileges Required
- NONE
- User Interaction
- NONE
- Scope
- UNCHANGED
- Confidentiality Impact
- HIGH
- Availability Impact
- HIGH
- Base Score
- 9.8
- Base Severity
- CRITICAL
- Exploitability Score
- 3.9
- Impact Score
- 5.9
References
| Reference URL | Reference Tags |
|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-02 |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2022-41648 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41648 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-10-28 19:00:34 | Added to TrackCVE | |||
| 2022-12-07 14:11:18 | 2022-10-28T18:15Z | 2022-10-28T18:15:12 | CVE Published Date | updated |
| 2022-12-07 14:11:18 | 2022-11-03T14:02:43 | CVE Modified Date | updated | |
| 2022-12-07 14:11:18 | Analyzed | Vulnerability Status | updated |