MidnightBSD

Advisories for hegemonelectronics

CVE-2022-25922 MEDIUM

Power Line Communications PLC4TRUCKS J2497 trailer brake controllers implement diagnostic functions which can be invoked by replaying J2497 messages. There is no authentication or authorization for these functions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 3.9 5.2
ics-cert@hq.dhs.gov 6.1 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 0.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,CWE-306,

Products Affected

Vendor Product Version
hegemonelectronics plc4trucks_firmware j2497
CVE-2022-26131 HIGH

Power Line Communications PLC4TRUCKS J2497 trailer receivers are susceptible to remote RF induced signals.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
ics-cert@hq.dhs.gov 9.3 CRITICAL CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H 2.8 5.8

CVSS 2.0

Severity: HIGH

Problem Type: CWE-1319,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hegemonelectronics plc4trucks_firmware j2497