CVE-2022-2757 - Vulnerability Details - OpenCVE

Due to the lack of adequately implemented access-control rules, all versions Kingspan TMS300 CS are vulnerable to an attacker viewing and modifying the application settings without authenticating by accessing a specific uniform resource locator (URL) on the webserver.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

Vendors	Products
Kingspan	Tms300 Cs Tms300 Cs Firmware

Configuration 1 [-]

AND

cpe:2.3:o:kingspan:tms300_cs_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:kingspan:tms300_cs:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.cisa.gov/uscert/ics/advisories/icsa-22-256-04

History

Wed, 16 Apr 2025 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2022-12-13T21:18:23.930Z

Updated: 2025-04-16T16:04:45.957Z

Reserved: 2022-08-10T15:21:46.345Z

Link: CVE-2022-2757

Vulnrichment

Updated: 2024-08-03T00:46:04.440Z

NVD

Status : Modified

Published: 2022-12-13T22:15:10.007

Modified: 2024-11-21T07:01:38.780

Link: CVE-2022-2757

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-2757", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "requesterUserId": "548e5310-2409-4eaf-9220-2910d23bb95a", "dateReserved": "2022-08-10T15:21:46.345Z", "datePublished": "2022-12-13T21:18:23.930Z", "dateUpdated": "2025-04-16T16:04:45.957Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "TMS300 CS", "vendor": "Kingspan ", "versions": [{"status": "affected", "version": "All Versions "}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Maxim Rupp reported this vulnerability to CISA."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n\n\n<span style=\"background-color: rgb(255, 255, 255);\">Due to the lack of adequately implemented access-control rules, a</span>ll versions Kingspan TMS300 CS are vulnerable to an attacker viewing and <span style=\"background-color: rgb(255, 255, 255);\">modifying the application settings without authenticating by accessing a specific uniform resource locator (URL) on the webserver.</span>\n\n"}], "value": "\n\n\nDue to the lack of adequately implemented access-control rules, all versions Kingspan TMS300 CS are vulnerable to an attacker viewing and modifying the application settings without authenticating by accessing a specific uniform resource locator (URL) on the webserver.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "description": "CWE-287 Improper Authentication", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2022-12-13T21:18:23.930Z"}, "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-256-04"}], "source": {"discovery": "EXTERNAL"}, "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\nKingspan has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected product are encouraged to \ncontact <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.kingspan.com/us/en/contact-us/\">Kingspan customer support </a>for additional information.\n\n<br>"}], "value": "Kingspan has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected product are encouraged to \ncontact Kingspan customer support https://www.kingspan.com/us/en/contact-us/ for additional information.\n\n\n"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:46:04.440Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-256-04", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-16T15:52:31.655933Z", "id": "CVE-2022-2757", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-16T16:04:45.957Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-256-04", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:46:04.440Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-2757", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-16T15:52:31.655933Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-16T15:52:33.262Z"}}], "cna": {"source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Maxim Rupp reported this vulnerability to CISA."}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Kingspan ", "product": "TMS300 CS", "versions": [{"status": "affected", "version": "All Versions "}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-256-04"}], "workarounds": [{"lang": "en", "value": "Kingspan has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected product are encouraged to \ncontact Kingspan customer support https://www.kingspan.com/us/en/contact-us/ for additional information.\n\n\n", "supportingMedia": [{"type": "text/html", "value": "\nKingspan has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected product are encouraged to \ncontact <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.kingspan.com/us/en/contact-us/\">Kingspan customer support </a>for additional information.\n\n<br>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "\n\n\nDue to the lack of adequately implemented access-control rules, all versions Kingspan TMS300 CS are vulnerable to an attacker viewing and modifying the application settings without authenticating by accessing a specific uniform resource locator (URL) on the webserver.\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\n\n\n<span style=\"background-color: rgb(255, 255, 255);\">Due to the lack of adequately implemented access-control rules, a</span>ll versions Kingspan TMS300 CS are vulnerable to an attacker viewing and <span style=\"background-color: rgb(255, 255, 255);\">modifying the application settings without authenticating by accessing a specific uniform resource locator (URL) on the webserver.</span>\n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-287", "description": "CWE-287 Improper Authentication"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2022-12-13T21:18:23.930Z"}}}, "cveMetadata": {"cveId": "CVE-2022-2757", "state": "PUBLISHED", "dateUpdated": "2025-04-16T16:04:45.957Z", "dateReserved": "2022-08-10T15:21:46.345Z", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "datePublished": "2022-12-13T21:18:23.930Z", "requesterUserId": "548e5310-2409-4eaf-9220-2910d23bb95a", "assignerShortName": "icscert"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:kingspan:tms300_cs_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3EED7251-4A10-4303-BA77-1F8081A36CC3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:kingspan:tms300_cs:*:*:*:*:*:*:*:*", "matchCriteriaId": "BB37A52F-17A1-4046-A8A8-93AB741DF6D9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "\n\n\nDue to the lack of adequately implemented access-control rules, all versions Kingspan TMS300 CS are vulnerable to an attacker viewing and modifying the application settings without authenticating by accessing a specific uniform resource locator (URL) on the webserver.\n\n"}, {"lang": "es", "value": "Debido a la falta de reglas de control de acceso implementadas adecuadamente, todas las versiones de Kingspan TMS300 CS son vulnerables a que un atacante vea y modifique la configuraci\u00f3n de la aplicaci\u00f3n sin autenticarse accediendo a un localizador uniforme de recursos (URL) espec\u00edfico en el servidor web."}], "id": "CVE-2022-2757", "lastModified": "2024-11-21T07:01:38.780", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-12-13T22:15:10.007", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-256-04"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-256-04"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}