Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
3 vulnerabilities by trumpf
CVE-2023-3935 (GCVE-0-2023-3935)
Vulnerability from cvelistv5 – Published: 2023-09-13 13:19 – Updated: 2025-08-27 20:32
VLAI
Title
Wibu: Buffer Overflow in CodeMeter Runtime
Summary
A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Wibu | CodeMeter Runtime |
Affected:
0.0 , ≤ 7.60b
(custom)
|
|
| Wibu | CodeMeter Runtime |
Unaffected:
7.21g
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.775Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-031/"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-030/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3935",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T21:50:55.835781Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T20:32:53.842Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CodeMeter Runtime",
"vendor": "Wibu",
"versions": [
{
"lessThanOrEqual": "7.60b",
"status": "affected",
"version": "0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "CodeMeter Runtime",
"vendor": "Wibu",
"versions": [
{
"status": "unaffected",
"version": "7.21g"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system."
}
],
"value": "A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-19T07:00:20.911Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf"
},
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-031/"
},
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-030/"
}
],
"source": {
"defect": [
"CERT@VDE#64566"
],
"discovery": "UNKNOWN"
},
"title": "Wibu: Buffer Overflow in CodeMeter Runtime",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2023-3935",
"datePublished": "2023-09-13T13:19:18.392Z",
"dateReserved": "2023-07-25T13:02:40.206Z",
"dateUpdated": "2025-08-27T20:32:53.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2052 (GCVE-0-2022-2052)
Vulnerability from cvelistv5 – Published: 2022-10-17 08:20 – Updated: 2025-05-10 02:57
VLAI
Title
TRUMPF TruTops default user accounts vulnerability
Summary
Multiple Trumpf Products in multiple versions use default privileged Windows users and passwords. An adversary may use these accounts to remotely gain full access to the system.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| TRUMPF Werkzeugmaschinen SE + Co. KG | TruTops Monitor |
Affected:
All Versions
|
|
| TRUMPF Werkzeugmaschinen SE + Co. KG | TruTops Fab |
Affected:
All Versions
|
|
| TRUMPF Werkzeugmaschinen SE + Co. KG | Oseon |
Affected:
unspecified , ≤ 1.6
(custom)
|
|
| TRUMPF Werkzeugmaschinen SE + Co. KG | Job Order Interface |
Affected:
All Versions
|
|
| TRUMPF Werkzeugmaschinen SE + Co. KG | TruTops Boost with option Inventory of sheets and remainder sheets |
Affected:
All Versions
|
|
| TRUMPF Werkzeugmaschinen SE + Co. KG | TruTops Boost with option Graphic separation of cut parts |
Affected:
All Versions
|
Date Public
2022-10-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-023/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2052",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-10T02:57:27.303845Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-10T02:57:40.699Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "TruTops Monitor",
"vendor": "TRUMPF Werkzeugmaschinen SE + Co. KG",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
},
{
"product": "TruTops Fab",
"vendor": "TRUMPF Werkzeugmaschinen SE + Co. KG",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
},
{
"product": "Oseon",
"vendor": "TRUMPF Werkzeugmaschinen SE + Co. KG",
"versions": [
{
"lessThanOrEqual": "1.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Job Order Interface",
"vendor": "TRUMPF Werkzeugmaschinen SE + Co. KG",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
},
{
"product": "TruTops Boost with option Inventory of sheets and remainder sheets",
"vendor": "TRUMPF Werkzeugmaschinen SE + Co. KG",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
},
{
"product": "TruTops Boost with option Graphic separation of cut parts",
"vendor": "TRUMPF Werkzeugmaschinen SE + Co. KG",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
}
],
"datePublic": "2022-10-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple Trumpf Products in multiple versions use default privileged Windows users and passwords. An adversary may use these accounts to remotely gain full access to the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-17T00:00:00.000Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2022-023/"
}
],
"source": {
"advisory": "VDE-2022-023",
"defect": [
"CERT@VDE#64131"
],
"discovery": "INTERNAL"
},
"title": "TRUMPF TruTops default user accounts vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-2052",
"datePublished": "2022-10-17T08:20:11.346Z",
"dateReserved": "2022-06-10T00:00:00.000Z",
"dateUpdated": "2025-05-10T02:57:40.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1300 (GCVE-0-2022-1300)
Vulnerability from cvelistv5 – Published: 2022-05-02 10:20 – Updated: 2024-09-17 01:05
VLAI
Title
Missing authentication in TRUMPF products may result in corruption of data
Summary
Multiple Version of TRUMPF TruTops products expose a service function without necessary authentication. Execution of this function may result in unauthorized access to change of data or disruption of the whole service.
Severity
9.8 (Critical)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cert.vde.com/en/advisories/VDE-2022-016/ | x_refsource_CONFIRM |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| TRUMPF | TruTops Boost |
Affected:
V13.01 , < unspecified
(custom)
Affected: unspecified , ≤ V13.05 (custom) Affected: V13.08.21 |
|
| TRUMPF | TruTops Fab (incl. TruTops Monitor) |
Affected:
V22.01. , < unspecified
(custom)
Affected: unspecified , ≤ V22.05. (custom) Affected: V22.08.21 |
Date Public
2022-05-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.553Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-016/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TruTops Boost",
"vendor": "TRUMPF",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "V13.01",
"versionType": "custom"
},
{
"lessThanOrEqual": "V13.05",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "V13.08.21"
}
]
},
{
"product": "TruTops Fab (incl. TruTops Monitor)",
"vendor": "TRUMPF",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "V22.01.",
"versionType": "custom"
},
{
"lessThanOrEqual": "V22.05.",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "V22.08.21"
}
]
}
],
"datePublic": "2022-05-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple Version of TRUMPF TruTops products expose a service function without necessary authentication. Execution of this function may result in unauthorized access to change of data or disruption of the whole service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-02T10:20:09.000Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-016/"
}
],
"solutions": [
{
"lang": "en",
"value": "Use the updated versions of the TRUMPF products that will be available via your service channel shortly or the hotfix in the reference."
}
],
"source": {
"advisory": "VDE-2022-016",
"defect": [
"CERT@VDE#64101"
],
"discovery": "INTERNAL"
},
"title": "Missing authentication in TRUMPF products may result in corruption of data",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-05-02T10:00:00.000Z",
"ID": "CVE-2022-1300",
"STATE": "PUBLIC",
"TITLE": "Missing authentication in TRUMPF products may result in corruption of data"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TruTops Boost",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "V13.01"
},
{
"version_affected": "\u003c=",
"version_value": "V13.05"
},
{
"version_affected": "=",
"version_value": "V13.08.21"
}
]
}
},
{
"product_name": "TruTops Fab (incl. TruTops Monitor)",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "V22.01."
},
{
"version_affected": "\u003c=",
"version_value": "V22.05."
},
{
"version_affected": "=",
"version_value": "V22.08.21"
}
]
}
}
]
},
"vendor_name": "TRUMPF"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple Version of TRUMPF TruTops products expose a service function without necessary authentication. Execution of this function may result in unauthorized access to change of data or disruption of the whole service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306 Missing Authentication for Critical Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en/advisories/VDE-2022-016/",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2022-016/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Use the updated versions of the TRUMPF products that will be available via your service channel shortly or the hotfix in the reference."
}
],
"source": {
"advisory": "VDE-2022-016",
"defect": [
"CERT@VDE#64101"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-1300",
"datePublished": "2022-05-02T10:20:09.499Z",
"dateReserved": "2022-04-11T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:05:59.399Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}