VDE-2022-049
Vulnerability from csaf_trumpfsecokg - Published: 2022-11-07 11:43 - Updated: 2025-05-22 13:03Summary
TRUMPF: Multiple products prone to X.Org server vulnerabilities
Notes
Summary: TruControl laser control software from versions 1.60.0 to 3.40.0 use a vulnerable X.Org server versions. The affected X.Org vulnerability is not validating the request length properly for the handler 'ProcXkbSetGeometry'. An authenticated Attacker could craft a request which could lead to memory out-of bounds write.
Impact: When logged on to the system the privilege escalation vulnerability can be exploited with following possible impacts/damages to the system:
- Data loss in the laser control
- Standstill of production
- Damage by change of the laser control
Safety is not affected since it is controlled by an independent electromechanical safety mechanism.
Remote Code Execution as one of the mentioned impacts in the vulnerability description of CVE-2022-2320 is not possible since no SSH Forwarding is used.
Mitigation: Securing the access to the production network.
Please contact your service partner (service.tls@trumpf.com) for instructions on how to get automatically informed for the new major release 3.42.0 of the new TruControl software version.
Remediation: Retrieve instructions on how to deactivate the ssh access or activate the firewall on port 22 (SSH) of your laser.
A flaw was found in the Xorg-x11-server. An out-of-bounds access issue can occur in the ProcXkbSetGeometry function due to improper validation of the request length.
7.8 (High)
Mitigation
Securing the access to the production network.
Please contact your service partner (service.tls@trumpf.com) for instructions on how to get automatically informed for the new major release 3.42.0 of the new TruControl software version.
Vendor Fix
Retrieve instructions on how to deactivate the ssh access or activate the firewall on port 22 (SSH) of your laser.
A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker to escalate privileges and execute arbitrary code in the context of root.
7.8 (High)
Mitigation
Securing the access to the production network.
Please contact your service partner (service.tls@trumpf.com) for instructions on how to get automatically informed for the new major release 3.42.0 of the new TruControl software version.
Vendor Fix
Retrieve instructions on how to deactivate the ssh access or activate the firewall on port 22 (SSH) of your laser.
References
Acknowledgments
CERT@VDE
certvde.com
Trend Micro Zero Day Initiative
Jan-Niklas Sohn
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
},
{
"names": [
"Jan-Niklas Sohn"
],
"organization": "Trend Micro Zero Day Initiative",
"summary": "reporting"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "TruControl laser control software from versions 1.60.0 to 3.40.0 use a vulnerable\u00a0 X.Org server versions. The affected X.Org vulnerability is not validating the request length properly for the handler \u0027ProcXkbSetGeometry\u0027. An authenticated Attacker could craft a request which could lead to memory out-of bounds write.",
"title": "Summary"
},
{
"category": "description",
"text": "When logged on to the system the privilege escalation vulnerability can be exploited with following possible impacts/damages to the system:\n\n- Data loss in the laser control\n- Standstill of production\n- Damage by change of the laser control\n\nSafety is not affected since it is controlled by an independent electromechanical safety mechanism.\n\nRemote Code Execution as one of the mentioned impacts in the vulnerability description of CVE-2022-2320 is not possible since no SSH Forwarding is used.",
"title": "Impact"
},
{
"category": "description",
"text": "Securing the access to the production network.\nPlease contact your service partner (service.tls@trumpf.com) for instructions on how to get automatically informed for the new major release 3.42.0 of the new TruControl software version.",
"title": "Mitigation"
},
{
"category": "description",
"text": "Retrieve instructions on how to deactivate the ssh access or activate the firewall on port 22 (SSH) of your laser.",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "product.security@trumpf.com",
"name": "Trumpf SE + Co. KG",
"namespace": "https://www.trumpf.com"
},
"references": [
{
"category": "self",
"summary": "VDE-2022-049: TRUMPF: Multiple products prone to X.Org server vulnerabilities - HTML",
"url": "https://certvde.com/en/advisories/VDE-2022-049/"
},
{
"category": "self",
"summary": "VDE-2022-049: TRUMPF: Multiple products prone to X.Org server vulnerabilities - CSAF",
"url": "https://trumpf.csaf-tp.certvde.com/.well-known/csaf/white/2022/vde-2022-049.json"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for Trumpf SE + Co. KG",
"url": "https://certvde.com/en/advisories/vendor/trumpf/"
}
],
"title": "TRUMPF: Multiple products prone to X.Org server vulnerabilities",
"tracking": {
"aliases": [
"VDE-2022-049"
],
"current_release_date": "2025-05-22T13:03:10.000Z",
"generator": {
"date": "2025-05-05T08:26:24.103Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.24"
}
},
"id": "VDE-2022-049",
"initial_release_date": "2022-11-07T11:43:00.000Z",
"revision_history": [
{
"date": "2022-11-07T11:43:00.000Z",
"number": "1",
"summary": "Initial revision."
},
{
"date": "2025-05-22T13:03:10.000Z",
"number": "2",
"summary": "Fix: quotation mark"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "1.60.0\u003c=3.40.0",
"product": {
"name": "TruControl in redpowerDirect 1.60.0\u003c=3.40.0",
"product_id": "CSAFPID-51001"
}
}
],
"category": "product_name",
"name": "TruControl in redpowerDirect"
},
{
"branches": [
{
"category": "product_version_range",
"name": "1.60.0\u003c=3.40.0",
"product": {
"name": "TruControl in TruDiode 1.60.0\u003c=3.40.0",
"product_id": "CSAFPID-51002"
}
}
],
"category": "product_name",
"name": "TruControl in TruDiode"
},
{
"branches": [
{
"category": "product_version_range",
"name": "1.60.0\u003c=3.40.0",
"product": {
"name": "TruControl in TruDisk 1.60.0\u003c=3.40.0",
"product_id": "CSAFPID-51003"
}
}
],
"category": "product_name",
"name": "TruControl in TruDisk"
},
{
"branches": [
{
"category": "product_version_range",
"name": "1.60.0\u003c=3.40.0",
"product": {
"name": "TruControl in TruFiber 1.60.0\u003c=3.40.0",
"product_id": "CSAFPID-51004"
}
}
],
"category": "product_name",
"name": "TruControl in TruFiber"
},
{
"branches": [
{
"category": "product_version_range",
"name": "1.60.0\u003c=3.40.0",
"product": {
"name": "TruControl in TruMicro2000 1.60.0\u003c=3.40.0",
"product_id": "CSAFPID-51005"
}
}
],
"category": "product_name",
"name": "TruControl in TruMicro2000"
},
{
"branches": [
{
"category": "product_version_range",
"name": "1.60.0\u003c=3.40.0",
"product": {
"name": "TruControl in TruMicro5000 1.60.0\u003c=3.40.0",
"product_id": "CSAFPID-51006"
}
}
],
"category": "product_name",
"name": "TruControl in TruMicro5000"
},
{
"branches": [
{
"category": "product_version_range",
"name": "1.60.0\u003c=3.40.0",
"product": {
"name": "TruControl in TruMicro6000 1.60.0\u003c=3.40.0",
"product_id": "CSAFPID-51007"
}
}
],
"category": "product_name",
"name": "TruControl in TruMicro6000"
},
{
"branches": [
{
"category": "product_version_range",
"name": "1.60.0\u003c=3.40.0",
"product": {
"name": "TruControl in TruMicro7000 1.60.0\u003c=3.40.0",
"product_id": "CSAFPID-51008"
}
}
],
"category": "product_name",
"name": "TruControl in TruMicro7000"
},
{
"branches": [
{
"category": "product_version_range",
"name": "1.60.0\u003c=3.40.0",
"product": {
"name": "TruControl in TruMicro8000 1.60.0\u003c=3.40.0",
"product_id": "CSAFPID-51009"
}
}
],
"category": "product_name",
"name": "TruControl in TruMicro8000"
},
{
"branches": [
{
"category": "product_version_range",
"name": "1.60.0\u003c=3.40.0",
"product": {
"name": "TruControl in TruMicro9000 1.60.0\u003c=3.40.0",
"product_id": "CSAFPID-510010"
}
}
],
"category": "product_name",
"name": "TruControl in TruMicro9000"
},
{
"branches": [
{
"category": "product_version_range",
"name": "1.60.0\u003c=3.40.0",
"product": {
"name": "TruControl in TruPulse 1.60.0\u003c=3.40.0",
"product_id": "CSAFPID-510011"
}
}
],
"category": "product_name",
"name": "TruControl in TruPulse"
}
],
"category": "product_family",
"name": "Software"
}
],
"category": "vendor",
"name": "Trumpf"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-51001",
"CSAFPID-51002",
"CSAFPID-51003",
"CSAFPID-51004",
"CSAFPID-51005",
"CSAFPID-51006",
"CSAFPID-51007",
"CSAFPID-51008",
"CSAFPID-51009",
"CSAFPID-510010",
"CSAFPID-510011"
],
"summary": "Affected products."
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-2319",
"cwe": {
"id": "CWE-1320",
"name": "Improper Protection for Outbound Error Messages and Alert Signals"
},
"notes": [
{
"category": "description",
"text": "A flaw was found in the Xorg-x11-server. An out-of-bounds access issue can occur in the ProcXkbSetGeometry function due to improper validation of the request length.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-51001",
"CSAFPID-51002",
"CSAFPID-51003",
"CSAFPID-51004",
"CSAFPID-51005",
"CSAFPID-51006",
"CSAFPID-51007",
"CSAFPID-51008",
"CSAFPID-51009",
"CSAFPID-510010",
"CSAFPID-510011"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Securing the access to the production network.\nPlease contact your service partner (service.tls@trumpf.com) for instructions on how to get automatically informed for the new major release 3.42.0 of the new TruControl software version.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Retrieve instructions on how to deactivate the ssh access or activate the firewall on port 22 (SSH) of your laser.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001",
"CSAFPID-51002",
"CSAFPID-51003",
"CSAFPID-51004",
"CSAFPID-51005",
"CSAFPID-51006",
"CSAFPID-51007",
"CSAFPID-51008",
"CSAFPID-51009",
"CSAFPID-510010",
"CSAFPID-510011"
]
}
],
"title": "CVE-2022-2319"
},
{
"cve": "CVE-2022-2320",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker to escalate privileges and execute arbitrary code in the context of root.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-51001",
"CSAFPID-51002",
"CSAFPID-51003",
"CSAFPID-51004",
"CSAFPID-51005",
"CSAFPID-51006",
"CSAFPID-51007",
"CSAFPID-51008",
"CSAFPID-51009",
"CSAFPID-510010",
"CSAFPID-510011"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Securing the access to the production network.\nPlease contact your service partner (service.tls@trumpf.com) for instructions on how to get automatically informed for the new major release 3.42.0 of the new TruControl software version.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Retrieve instructions on how to deactivate the ssh access or activate the firewall on port 22 (SSH) of your laser.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-51001",
"CSAFPID-51002",
"CSAFPID-51003",
"CSAFPID-51004",
"CSAFPID-51005",
"CSAFPID-51006",
"CSAFPID-51007",
"CSAFPID-51008",
"CSAFPID-51009",
"CSAFPID-510010",
"CSAFPID-510011"
]
}
],
"title": "CVE-2022-2320"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…