Vulnerabilites related to hegemonelectronics - plc4trucks_firmware
CVE-2022-25922 (GCVE-0-2022-25922)
Vulnerability from cvelistv5
Published
2022-03-07 15:28
Modified
2025-04-16 16:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Power Line Communications PLC4TRUCKS J2497 trailer brake controllers implement diagnostic functions which can be invoked by replaying J2497 messages. There is no authentication or authorization for these functions.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Power Line Communications | PLC4TRUCKS |
Version: J2497 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:49:44.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-063-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-25922",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:56:06.000143Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:43:59.855Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "PLC4TRUCKS",
"vendor": "Power Line Communications",
"versions": [
{
"status": "affected",
"version": "J2497 "
}
]
}
],
"credits": [
{
"lang": "en",
"value": "National Motor Freight Traffic Association, Inc. (NMFTA) researcher Ben Gardiner, NMFTA motor freight carrier members, and Assured Information Security researchers Chris Poore, Dan Salloum, and Eric Thayer reported this vulnerability to CISA."
}
],
"descriptions": [
{
"lang": "en",
"value": "Power Line Communications PLC4TRUCKS J2497 trailer brake controllers implement diagnostic functions which can be invoked by replaying J2497 messages. There is no authentication or authorization for these functions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-07T15:28:22.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-063-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ICSA-22-063-01 Missing Authentication for Critical Function in Trailer Power Line Communications (PLC) J2497",
"workarounds": [
{
"lang": "en",
"value": "The vulnerable technology, J2497, has been fielded since 2001 and the service lifetime of trailers is 15 to 30 years. For new equipment, the industry should consider dropping all J2497 features except for backwards-compatibility with LAMP ON detection only. For trailer equipment this means migrating all diagnostics to whatever newer trailer buses are established as the norm. For tractor equipment this means removing support for reception of any J2497 message other than LAMP messages and protecting the backwards-compatible trailers from attack. \n\nNMFTA has published detailed information about how to mitigate these issues in the following ways:\nInstall a LAMP ON firewall for each ECU\nUse a LAMP detect circuit LAMP ON sender with each trailer\nChange addresses dynamically on each tractor in response to detecting a transmitter on its current address. \nInstall RF chokes on each trailer between chassis ground and wiring ground\nLoad with LAMP keyhole signal on each tractor\nFlood with jamming signal on each tractor\nPlease see the publication from the NMFTA for additional details on these and other solutions."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2022-25922",
"STATE": "PUBLIC",
"TITLE": "ICSA-22-063-01 Missing Authentication for Critical Function in Trailer Power Line Communications (PLC) J2497"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PLC4TRUCKS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "J2497 "
}
]
}
}
]
},
"vendor_name": "Power Line Communications"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "National Motor Freight Traffic Association, Inc. (NMFTA) researcher Ben Gardiner, NMFTA motor freight carrier members, and Assured Information Security researchers Chris Poore, Dan Salloum, and Eric Thayer reported this vulnerability to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Power Line Communications PLC4TRUCKS J2497 trailer brake controllers implement diagnostic functions which can be invoked by replaying J2497 messages. There is no authentication or authorization for these functions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-063-01",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-063-01"
}
]
},
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "The vulnerable technology, J2497, has been fielded since 2001 and the service lifetime of trailers is 15 to 30 years. For new equipment, the industry should consider dropping all J2497 features except for backwards-compatibility with LAMP ON detection only. For trailer equipment this means migrating all diagnostics to whatever newer trailer buses are established as the norm. For tractor equipment this means removing support for reception of any J2497 message other than LAMP messages and protecting the backwards-compatible trailers from attack. \n\nNMFTA has published detailed information about how to mitigate these issues in the following ways:\nInstall a LAMP ON firewall for each ECU\nUse a LAMP detect circuit LAMP ON sender with each trailer\nChange addresses dynamically on each tractor in response to detecting a transmitter on its current address. \nInstall RF chokes on each trailer between chassis ground and wiring ground\nLoad with LAMP keyhole signal on each tractor\nFlood with jamming signal on each tractor\nPlease see the publication from the NMFTA for additional details on these and other solutions."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-25922",
"datePublished": "2022-03-07T15:28:22.000Z",
"dateReserved": "2022-03-01T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:43:59.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26131 (GCVE-0-2022-26131)
Vulnerability from cvelistv5
Published
2022-03-07 15:28
Modified
2025-04-16 16:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Power Line Communications PLC4TRUCKS J2497 trailer receivers are susceptible to remote RF induced signals.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Power Line Communications | PLC4TRUCKS |
Version: J2497 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:56:37.802Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-063-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-26131",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:55:58.140125Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:43:51.973Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "PLC4TRUCKS",
"vendor": "Power Line Communications",
"versions": [
{
"status": "affected",
"version": "J2497 "
}
]
}
],
"credits": [
{
"lang": "en",
"value": "National Motor Freight Traffic Association, Inc. (NMFTA) researcher Ben Gardiner, NMFTA motor freight carrier members, and Assured Information Security researchers Chris Poore, Dan Salloum, and Eric Thayer reported this vulnerability to CISA."
}
],
"descriptions": [
{
"lang": "en",
"value": "Power Line Communications PLC4TRUCKS J2497 trailer receivers are susceptible to remote RF induced signals."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1319",
"description": "CWE-1319",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-07T15:28:28.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-063-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ICSA-22-063-01 Improper Protection against Electromagnetic Fault Injection in Trailer Power Line Communications (PLC) J2497",
"workarounds": [
{
"lang": "en",
"value": "The vulnerable technology, J2497, has been fielded since 2001 and the service lifetime of trailers is 15 to 30 years. For new equipment, the industry should consider dropping all J2497 features except for backwards-compatibility with LAMP ON detection only. For trailer equipment this means migrating all diagnostics to whatever newer trailer buses are established as the norm. For tractor equipment this means removing support for reception of any J2497 message other than LAMP messages and protecting the backwards-compatible trailers from attack. \n\nNMFTA has published detailed information about how to mitigate these issues in the following ways:\nInstall a LAMP ON firewall for each ECU\nUse a LAMP detect circuit LAMP ON sender with each trailer\nChange addresses dynamically on each tractor in response to detecting a transmitter on its current address. \nInstall RF chokes on each trailer between chassis ground and wiring ground\nLoad with LAMP keyhole signal on each tractor\nFlood with jamming signal on each tractor\nPlease see the publication from the NMFTA for additional details on these and other solutions."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2022-26131",
"STATE": "PUBLIC",
"TITLE": "ICSA-22-063-01 Improper Protection against Electromagnetic Fault Injection in Trailer Power Line Communications (PLC) J2497"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PLC4TRUCKS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "J2497 "
}
]
}
}
]
},
"vendor_name": "Power Line Communications"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "National Motor Freight Traffic Association, Inc. (NMFTA) researcher Ben Gardiner, NMFTA motor freight carrier members, and Assured Information Security researchers Chris Poore, Dan Salloum, and Eric Thayer reported this vulnerability to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Power Line Communications PLC4TRUCKS J2497 trailer receivers are susceptible to remote RF induced signals."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1319"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-063-01",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-063-01"
}
]
},
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "The vulnerable technology, J2497, has been fielded since 2001 and the service lifetime of trailers is 15 to 30 years. For new equipment, the industry should consider dropping all J2497 features except for backwards-compatibility with LAMP ON detection only. For trailer equipment this means migrating all diagnostics to whatever newer trailer buses are established as the norm. For tractor equipment this means removing support for reception of any J2497 message other than LAMP messages and protecting the backwards-compatible trailers from attack. \n\nNMFTA has published detailed information about how to mitigate these issues in the following ways:\nInstall a LAMP ON firewall for each ECU\nUse a LAMP detect circuit LAMP ON sender with each trailer\nChange addresses dynamically on each tractor in response to detecting a transmitter on its current address. \nInstall RF chokes on each trailer between chassis ground and wiring ground\nLoad with LAMP keyhole signal on each tractor\nFlood with jamming signal on each tractor\nPlease see the publication from the NMFTA for additional details on these and other solutions."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-26131",
"datePublished": "2022-03-07T15:28:28.000Z",
"dateReserved": "2022-03-01T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:43:51.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2022-03-10 17:47
Modified
2024-11-21 06:53
Severity ?
9.3 (Critical) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Power Line Communications PLC4TRUCKS J2497 trailer receivers are susceptible to remote RF induced signals.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-22-063-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-063-01 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hegemonelectronics | plc4trucks_firmware | j2497 | |
| hegemonelectronics | plc4trucks | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hegemonelectronics:plc4trucks_firmware:j2497:*:*:*:*:*:*:*",
"matchCriteriaId": "774D3BA3-3A55-4B22-AA73-1D00E77459C0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hegemonelectronics:plc4trucks:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2D5DA42-3968-479B-821F-539E853F5178",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Power Line Communications PLC4TRUCKS J2497 trailer receivers are susceptible to remote RF induced signals."
},
{
"lang": "es",
"value": "Los receptores de remolque PLC4TRUCKS J2497 de Power Line Communications son susceptibles de recibir se\u00f1ales remotas inducidas por RF"
}
],
"id": "CVE-2022-26131",
"lastModified": "2024-11-21T06:53:29.633",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.8,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-10T17:47:32.123",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-063-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-063-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1319"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-10 17:47
Modified
2024-11-21 06:53
Severity ?
6.1 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Summary
Power Line Communications PLC4TRUCKS J2497 trailer brake controllers implement diagnostic functions which can be invoked by replaying J2497 messages. There is no authentication or authorization for these functions.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-22-063-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-063-01 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hegemonelectronics | plc4trucks_firmware | j2497 | |
| hegemonelectronics | plc4trucks | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hegemonelectronics:plc4trucks_firmware:j2497:*:*:*:*:*:*:*",
"matchCriteriaId": "774D3BA3-3A55-4B22-AA73-1D00E77459C0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hegemonelectronics:plc4trucks:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2D5DA42-3968-479B-821F-539E853F5178",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Power Line Communications PLC4TRUCKS J2497 trailer brake controllers implement diagnostic functions which can be invoked by replaying J2497 messages. There is no authentication or authorization for these functions."
},
{
"lang": "es",
"value": "Los controladores de freno de remolque PLC4TRUCKS J2497 de Power Line Communications implementan funciones de diagn\u00f3stico que pueden ser invocadas mediante la reproducci\u00f3n de mensajes J2497. No se presenta autenticaci\u00f3n ni autorizaci\u00f3n para estas funciones"
}
],
"id": "CVE-2022-25922",
"lastModified": "2024-11-21T06:53:13.103",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.2,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-10T17:47:27.927",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-063-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-063-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}