CVE-2022-25922 MEDIUM

CVE-2022-25922: ICSA-22-063-01 Missing Authentication for Critical Function in Trailer Power Line Communications (PLC) J2497

Vendor Power Line Communications
Product PLC4TRUCKS
Weakness CWE-306 · Missing auth
Published March 7, 2022
Last update April 16, 2025

CVSS base score

6.1/10
Attack vector Physical
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

What the vulnerability does

01Description

Power Line Communications PLC4TRUCKS J2497 trailer brake controllers implement diagnostic functions which can be invoked by replaying J2497 messages. There is no authentication or authorization for these functions.

Key dates

02Disclosure timeline

March 7, 2022 CVE published
April 16, 2025 Record updated