CVE-2022-2757

Summary

Due to the lack of adequately implemented access-control rules, all versions Kingspan TMS300 CS are vulnerable to an attacker viewing and modifying the application settings without authenticating by accessing a specific uniform resource locator (URL) on the webserver.

Affected Software

VendorProductVersion RangeStatus
KingspanTMS300 CSAll Versionsaffected

Weaknesses

  • CWE-287: CWE-287 Improper Authentication

Workarounds

Kingspan has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of the affected product are encouraged to contact Kingspan customer support https://www.kingspan.com/us/en/contact-us/ for additional information.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References