MidnightBSD

Advisories for tormach

CVE-2024-22807

An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to erase a critical sector of the flash memory, causing the machine to lose network connectivity and suffer from firmware corruption.

Products Affected

Vendor Product Version
tormach pathpilot_controller 2.9.6
CVE-2024-22808

An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to cause a Denial of Service (DoS) by disrupting the communication between the PathPilot controller and the CNC router via overwriting the card's name in the device memory.

Products Affected

Vendor Product Version
tormach pathpilot_controller 2.9.6
CVE-2024-22809

Incorrect access control in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to access the G code's shared folder and view sensitive information.

Products Affected

Vendor Product Version
tormach pathpilot_controller 2.9.6
CVE-2024-22811

An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to cause a Denial of Service (DoS) by disrupting the communication between the PathPilot controller and the CNC router via overwriting the Hostmot2 configuration cookie in the device memory.

Products Affected

Vendor Product Version
tormach pathpilot_controller 2.9.6
CVE-2024-22813

An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to overwrite the hardcoded IP address in the device memory, disrupting network connectivity between the router and the controller.

Products Affected

Vendor Product Version
tormach pathpilot_controller 2.9.6
CVE-2024-22815

An issue in the communication protocol of Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to cause a Denial of Service (DoS) via crafted commands.

Products Affected

Vendor Product Version
tormach pathpilot_controller 2.9.6