MidnightBSD

Advisories for trumpf

CVE-2022-1300 HIGH

Multiple Version of TRUMPF TruTops products expose a service function without necessary authentication. Execution of this function may result in unauthorized access to change of data or disruption of the whole service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-306,

Products Affected

Vendor Product Version
trumpf trutops_monitor 22.08.21
trumpf trutops_fab 22.08.21
trumpf trutops_boost *
trumpf trutops_monitor *
trumpf trutops_boost 13.08.21
trumpf trutops_fab *
CVE-2022-2052

Multiple Trumpf Products in multiple versions use default privileged Windows users and passwords. An adversary may use these accounts to remotely gain full access to the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
trumpf trutops_boost *
trumpf job_order_interface *
trumpf trutops_monitor *
trumpf oseon *
trumpf trutops_fab *
CVE-2023-3935

A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
trumpf programmingtube *
phoenixcontact activation_wizard *
trumpf topscalculation *
phoenixcontact plcnext_engineer *
trumpf teczonebend *
trumpf trutops_mark_3d *
trumpf trutopsprintmultilaserassistant *
trumpf tops_unfold 05.03.00.00
phoenixcontact e-mobility_charging_suite *
wibu codemeter_runtime *
trumpf trutops_cell_sw48 *
trumpf trutopsboost *
trumpf tubedesign *
trumpf trutopsprint *
phoenixcontact iol-conf *
trumpf trutops_cell_classic *
trumpf oseon *
phoenixcontact module_type_package_designer *
phoenixcontact fl_network_manager *
trumpf trutopsweld *
phoenixcontact module_type_package_designer 1.2.0
trumpf trumpflicenseexpert *
trumpf trutopsfab_storage_smallstore *
trumpf trutops *
trumpf trutopsfab *