Search criteria
6 vulnerabilities found for trutops_boost by trumpf
FKIE_CVE-2022-2052
Vulnerability from fkie_nvd - Published: 2022-10-17 09:15 - Updated: 2024-11-21 07:00
Severity ?
Summary
Multiple Trumpf Products in multiple versions use default privileged Windows users and passwords. An adversary may use these accounts to remotely gain full access to the system.
References
| URL | Tags | ||
|---|---|---|---|
| info@cert.vde.com | https://cert.vde.com/en/advisories/VDE-2022-023/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/en/advisories/VDE-2022-023/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trumpf | job_order_interface | * | |
| trumpf | oseon | * | |
| trumpf | trutops_boost | * | |
| trumpf | trutops_fab | * | |
| trumpf | trutops_monitor | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trumpf:job_order_interface:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23618C14-F7A5-46D5-9861-1439F197622A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trumpf:oseon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "806F1D17-51DF-431D-B34B-7EC4FA7D5873",
"versionEndIncluding": "1.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trumpf:trutops_boost:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FE4279B-0D8E-4B0E-8D38-A3AF0C90A0C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trumpf:trutops_fab:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52F57117-C6A3-426E-9AE9-E47596BB0E40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trumpf:trutops_monitor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5114C779-4A9D-4F09-AFBD-42DB013E063A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple Trumpf Products in multiple versions use default privileged Windows users and passwords. An adversary may use these accounts to remotely gain full access to the system."
},
{
"lang": "es",
"value": "Varios productos de Trumpf en m\u00faltiples versiones usan usuarios y contrase\u00f1as privilegiados de Windows por defecto. Un adversario puede usar estas cuentas para conseguir acceso completo al sistema de forma remota"
}
],
"id": "CVE-2022-2052",
"lastModified": "2024-11-21T07:00:14.330",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "info@cert.vde.com",
"type": "Secondary"
}
]
},
"published": "2022-10-17T09:15:12.150",
"references": [
{
"source": "info@cert.vde.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-023/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-023/"
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-1300
Vulnerability from fkie_nvd - Published: 2022-05-02 12:16 - Updated: 2024-11-21 06:40
Severity ?
Summary
Multiple Version of TRUMPF TruTops products expose a service function without necessary authentication. Execution of this function may result in unauthorized access to change of data or disruption of the whole service.
References
| URL | Tags | ||
|---|---|---|---|
| info@cert.vde.com | https://cert.vde.com/en/advisories/VDE-2022-016/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/en/advisories/VDE-2022-016/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trumpf | trutops_boost | * | |
| trumpf | trutops_boost | 13.08.21 | |
| trumpf | trutops_fab | * | |
| trumpf | trutops_fab | 22.08.21 | |
| trumpf | trutops_monitor | * | |
| trumpf | trutops_monitor | 22.08.21 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trumpf:trutops_boost:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3BBFC27-AE59-4232-99AA-183E9B4309DB",
"versionEndIncluding": "13.05",
"versionStartIncluding": "13.01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trumpf:trutops_boost:13.08.21:*:*:*:*:*:*:*",
"matchCriteriaId": "9189E82C-EE99-42CA-AF41-3F9FC6809DDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trumpf:trutops_fab:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60159EAB-0C92-4A26-A099-D6C2379E1054",
"versionEndIncluding": "22.05",
"versionStartIncluding": "22.01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trumpf:trutops_fab:22.08.21:*:*:*:*:*:*:*",
"matchCriteriaId": "74EC4E85-27E9-4F18-8A85-0C93573F4DCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trumpf:trutops_monitor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B86EF581-7BB8-4D87-A8EC-7A16BAAF065E",
"versionEndIncluding": "22.05",
"versionStartIncluding": "22.01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trumpf:trutops_monitor:22.08.21:*:*:*:*:*:*:*",
"matchCriteriaId": "04B80E74-C2DB-4A52-B2F2-4A8406A0D8A6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple Version of TRUMPF TruTops products expose a service function without necessary authentication. Execution of this function may result in unauthorized access to change of data or disruption of the whole service."
},
{
"lang": "es",
"value": "Varias versiones de los productos TRUMPF TruTops exponen una funci\u00f3n de servicio sin la autenticaci\u00f3n necesaria. La ejecuci\u00f3n de esta funci\u00f3n puede resultar en un acceso no autorizado a la modificaci\u00f3n de datos o a la interrupci\u00f3n de todo el servicio"
}
],
"id": "CVE-2022-1300",
"lastModified": "2024-11-21T06:40:26.760",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "info@cert.vde.com",
"type": "Secondary"
}
]
},
"published": "2022-05-02T12:16:26.433",
"references": [
{
"source": "info@cert.vde.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-016/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-016/"
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "info@cert.vde.com",
"type": "Secondary"
}
]
}
CVE-2022-2052 (GCVE-0-2022-2052)
Vulnerability from cvelistv5 – Published: 2022-10-17 08:20 – Updated: 2025-05-10 02:57
VLAI?
Title
TRUMPF TruTops default user accounts vulnerability
Summary
Multiple Trumpf Products in multiple versions use default privileged Windows users and passwords. An adversary may use these accounts to remotely gain full access to the system.
Severity ?
9.8 (Critical)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TRUMPF Werkzeugmaschinen SE + Co. KG | TruTops Monitor |
Affected:
All Versions
|
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-023/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2052",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-10T02:57:27.303845Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-10T02:57:40.699Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "TruTops Monitor",
"vendor": "TRUMPF Werkzeugmaschinen SE + Co. KG",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
},
{
"product": "TruTops Fab",
"vendor": "TRUMPF Werkzeugmaschinen SE + Co. KG",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
},
{
"product": "Oseon",
"vendor": "TRUMPF Werkzeugmaschinen SE + Co. KG",
"versions": [
{
"lessThanOrEqual": "1.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Job Order Interface",
"vendor": "TRUMPF Werkzeugmaschinen SE + Co. KG",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
},
{
"product": "TruTops Boost with option Inventory of sheets and remainder sheets",
"vendor": "TRUMPF Werkzeugmaschinen SE + Co. KG",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
},
{
"product": "TruTops Boost with option Graphic separation of cut parts",
"vendor": "TRUMPF Werkzeugmaschinen SE + Co. KG",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
}
],
"datePublic": "2022-10-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple Trumpf Products in multiple versions use default privileged Windows users and passwords. An adversary may use these accounts to remotely gain full access to the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-17T00:00:00.000Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2022-023/"
}
],
"source": {
"advisory": "VDE-2022-023",
"defect": [
"CERT@VDE#64131"
],
"discovery": "INTERNAL"
},
"title": "TRUMPF TruTops default user accounts vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-2052",
"datePublished": "2022-10-17T08:20:11.346Z",
"dateReserved": "2022-06-10T00:00:00.000Z",
"dateUpdated": "2025-05-10T02:57:40.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1300 (GCVE-0-2022-1300)
Vulnerability from cvelistv5 – Published: 2022-05-02 10:20 – Updated: 2024-09-17 01:05
VLAI?
Title
Missing authentication in TRUMPF products may result in corruption of data
Summary
Multiple Version of TRUMPF TruTops products expose a service function without necessary authentication. Execution of this function may result in unauthorized access to change of data or disruption of the whole service.
Severity ?
9.8 (Critical)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| TRUMPF | TruTops Boost |
Affected:
V13.01 , < unspecified
(custom)
Affected: unspecified , ≤ V13.05 (custom) Affected: V13.08.21 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.553Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-016/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TruTops Boost",
"vendor": "TRUMPF",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "V13.01",
"versionType": "custom"
},
{
"lessThanOrEqual": "V13.05",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "V13.08.21"
}
]
},
{
"product": "TruTops Fab (incl. TruTops Monitor)",
"vendor": "TRUMPF",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "V22.01.",
"versionType": "custom"
},
{
"lessThanOrEqual": "V22.05.",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "V22.08.21"
}
]
}
],
"datePublic": "2022-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple Version of TRUMPF TruTops products expose a service function without necessary authentication. Execution of this function may result in unauthorized access to change of data or disruption of the whole service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-02T10:20:09",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-016/"
}
],
"solutions": [
{
"lang": "en",
"value": "Use the updated versions of the TRUMPF products that will be available via your service channel shortly or the hotfix in the reference."
}
],
"source": {
"advisory": "VDE-2022-016",
"defect": [
"CERT@VDE#64101"
],
"discovery": "INTERNAL"
},
"title": "Missing authentication in TRUMPF products may result in corruption of data",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-05-02T10:00:00.000Z",
"ID": "CVE-2022-1300",
"STATE": "PUBLIC",
"TITLE": "Missing authentication in TRUMPF products may result in corruption of data"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TruTops Boost",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "V13.01"
},
{
"version_affected": "\u003c=",
"version_value": "V13.05"
},
{
"version_affected": "=",
"version_value": "V13.08.21"
}
]
}
},
{
"product_name": "TruTops Fab (incl. TruTops Monitor)",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "V22.01."
},
{
"version_affected": "\u003c=",
"version_value": "V22.05."
},
{
"version_affected": "=",
"version_value": "V22.08.21"
}
]
}
}
]
},
"vendor_name": "TRUMPF"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple Version of TRUMPF TruTops products expose a service function without necessary authentication. Execution of this function may result in unauthorized access to change of data or disruption of the whole service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306 Missing Authentication for Critical Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en/advisories/VDE-2022-016/",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2022-016/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Use the updated versions of the TRUMPF products that will be available via your service channel shortly or the hotfix in the reference."
}
],
"source": {
"advisory": "VDE-2022-016",
"defect": [
"CERT@VDE#64101"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-1300",
"datePublished": "2022-05-02T10:20:09.499479Z",
"dateReserved": "2022-04-11T00:00:00",
"dateUpdated": "2024-09-17T01:05:59.399Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2052 (GCVE-0-2022-2052)
Vulnerability from nvd – Published: 2022-10-17 08:20 – Updated: 2025-05-10 02:57
VLAI?
Title
TRUMPF TruTops default user accounts vulnerability
Summary
Multiple Trumpf Products in multiple versions use default privileged Windows users and passwords. An adversary may use these accounts to remotely gain full access to the system.
Severity ?
9.8 (Critical)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TRUMPF Werkzeugmaschinen SE + Co. KG | TruTops Monitor |
Affected:
All Versions
|
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-023/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2052",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-10T02:57:27.303845Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-10T02:57:40.699Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "TruTops Monitor",
"vendor": "TRUMPF Werkzeugmaschinen SE + Co. KG",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
},
{
"product": "TruTops Fab",
"vendor": "TRUMPF Werkzeugmaschinen SE + Co. KG",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
},
{
"product": "Oseon",
"vendor": "TRUMPF Werkzeugmaschinen SE + Co. KG",
"versions": [
{
"lessThanOrEqual": "1.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Job Order Interface",
"vendor": "TRUMPF Werkzeugmaschinen SE + Co. KG",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
},
{
"product": "TruTops Boost with option Inventory of sheets and remainder sheets",
"vendor": "TRUMPF Werkzeugmaschinen SE + Co. KG",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
},
{
"product": "TruTops Boost with option Graphic separation of cut parts",
"vendor": "TRUMPF Werkzeugmaschinen SE + Co. KG",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
}
],
"datePublic": "2022-10-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple Trumpf Products in multiple versions use default privileged Windows users and passwords. An adversary may use these accounts to remotely gain full access to the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-17T00:00:00.000Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2022-023/"
}
],
"source": {
"advisory": "VDE-2022-023",
"defect": [
"CERT@VDE#64131"
],
"discovery": "INTERNAL"
},
"title": "TRUMPF TruTops default user accounts vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-2052",
"datePublished": "2022-10-17T08:20:11.346Z",
"dateReserved": "2022-06-10T00:00:00.000Z",
"dateUpdated": "2025-05-10T02:57:40.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1300 (GCVE-0-2022-1300)
Vulnerability from nvd – Published: 2022-05-02 10:20 – Updated: 2024-09-17 01:05
VLAI?
Title
Missing authentication in TRUMPF products may result in corruption of data
Summary
Multiple Version of TRUMPF TruTops products expose a service function without necessary authentication. Execution of this function may result in unauthorized access to change of data or disruption of the whole service.
Severity ?
9.8 (Critical)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| TRUMPF | TruTops Boost |
Affected:
V13.01 , < unspecified
(custom)
Affected: unspecified , ≤ V13.05 (custom) Affected: V13.08.21 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.553Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-016/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TruTops Boost",
"vendor": "TRUMPF",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "V13.01",
"versionType": "custom"
},
{
"lessThanOrEqual": "V13.05",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "V13.08.21"
}
]
},
{
"product": "TruTops Fab (incl. TruTops Monitor)",
"vendor": "TRUMPF",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "V22.01.",
"versionType": "custom"
},
{
"lessThanOrEqual": "V22.05.",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "V22.08.21"
}
]
}
],
"datePublic": "2022-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple Version of TRUMPF TruTops products expose a service function without necessary authentication. Execution of this function may result in unauthorized access to change of data or disruption of the whole service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-02T10:20:09",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-016/"
}
],
"solutions": [
{
"lang": "en",
"value": "Use the updated versions of the TRUMPF products that will be available via your service channel shortly or the hotfix in the reference."
}
],
"source": {
"advisory": "VDE-2022-016",
"defect": [
"CERT@VDE#64101"
],
"discovery": "INTERNAL"
},
"title": "Missing authentication in TRUMPF products may result in corruption of data",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-05-02T10:00:00.000Z",
"ID": "CVE-2022-1300",
"STATE": "PUBLIC",
"TITLE": "Missing authentication in TRUMPF products may result in corruption of data"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TruTops Boost",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "V13.01"
},
{
"version_affected": "\u003c=",
"version_value": "V13.05"
},
{
"version_affected": "=",
"version_value": "V13.08.21"
}
]
}
},
{
"product_name": "TruTops Fab (incl. TruTops Monitor)",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "V22.01."
},
{
"version_affected": "\u003c=",
"version_value": "V22.05."
},
{
"version_affected": "=",
"version_value": "V22.08.21"
}
]
}
}
]
},
"vendor_name": "TRUMPF"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple Version of TRUMPF TruTops products expose a service function without necessary authentication. Execution of this function may result in unauthorized access to change of data or disruption of the whole service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306 Missing Authentication for Critical Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en/advisories/VDE-2022-016/",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2022-016/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Use the updated versions of the TRUMPF products that will be available via your service channel shortly or the hotfix in the reference."
}
],
"source": {
"advisory": "VDE-2022-016",
"defect": [
"CERT@VDE#64101"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-1300",
"datePublished": "2022-05-02T10:20:09.499479Z",
"dateReserved": "2022-04-11T00:00:00",
"dateUpdated": "2024-09-17T01:05:59.399Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}