CVE-2022-2757
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Due to the lack of adequately implemented access-control rules, all versions Kingspan TMS300 CS are vulnerable to an attacker viewing and modifying the application settings without authenticating by accessing a specific uniform resource locator (URL) on the webserver.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Kingspan | TMS300 CS | All Versions | affected |
Weaknesses
- CWE-287: CWE-287 Improper Authentication
Workarounds
Kingspan has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of the affected product are encouraged to contact Kingspan customer support https://www.kingspan.com/us/en/contact-us/ for additional information.
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.