CVE-2022-25922 | HackTesting

Power Line Communications PLC4TRUCKS J2497 trailer brake controllers implement diagnostic functions which can be invoked by replaying J2497 messages. There is no authentication or authorization for these functions.

Credits

National Motor Freight Traffic Association, Inc. (NMFTA) researcher Ben Gardiner, NMFTA motor freight carrier members, and Assured Information Security researchers Chris Poore, Dan Salloum, and Eric Thayer reported this vulnerability to CISA.

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-063-01