Vulnerabilites related to TRUMPF Werkzeugmaschinen SE + Co. KG - Oseon
CVE-2022-2052 (GCVE-0-2022-2052)
Vulnerability from cvelistv5
Published
2022-10-17 08:20
Modified
2025-05-10 02:57
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-284 - Improper Access Control
Summary
Multiple Trumpf Products in multiple versions use default privileged Windows users and passwords. An adversary may use these accounts to remotely gain full access to the system.
References
Impacted products
Vendor Product Version
TRUMPF Werkzeugmaschinen SE + Co. KG TruTops Monitor Version: All Versions
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:24:44.261Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en/advisories/VDE-2022-023/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-2052",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-10T02:57:27.303845Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-10T02:57:40.699Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "TruTops Monitor",
          "vendor": "TRUMPF Werkzeugmaschinen SE + Co. KG",
          "versions": [
            {
              "status": "affected",
              "version": "All Versions"
            }
          ]
        },
        {
          "product": "TruTops Fab",
          "vendor": "TRUMPF Werkzeugmaschinen SE + Co. KG",
          "versions": [
            {
              "status": "affected",
              "version": "All Versions"
            }
          ]
        },
        {
          "product": "Oseon",
          "vendor": "TRUMPF Werkzeugmaschinen SE + Co. KG",
          "versions": [
            {
              "lessThanOrEqual": "1.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Job Order Interface",
          "vendor": "TRUMPF Werkzeugmaschinen SE + Co. KG",
          "versions": [
            {
              "status": "affected",
              "version": "All Versions"
            }
          ]
        },
        {
          "product": "TruTops Boost with option Inventory of sheets and remainder sheets",
          "vendor": "TRUMPF Werkzeugmaschinen SE + Co. KG",
          "versions": [
            {
              "status": "affected",
              "version": "All Versions"
            }
          ]
        },
        {
          "product": "TruTops Boost with option Graphic separation of cut parts",
          "vendor": "TRUMPF Werkzeugmaschinen SE + Co. KG",
          "versions": [
            {
              "status": "affected",
              "version": "All Versions"
            }
          ]
        }
      ],
      "datePublic": "2022-10-17T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple Trumpf Products in multiple versions use default privileged Windows users and passwords. An adversary may use these accounts to remotely gain full access to the system."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "CWE-284 Improper Access Control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-17T00:00:00.000Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "url": "https://cert.vde.com/en/advisories/VDE-2022-023/"
        }
      ],
      "source": {
        "advisory": "VDE-2022-023",
        "defect": [
          "CERT@VDE#64131"
        ],
        "discovery": "INTERNAL"
      },
      "title": "TRUMPF TruTops default user accounts vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2022-2052",
    "datePublished": "2022-10-17T08:20:11.346Z",
    "dateReserved": "2022-06-10T00:00:00.000Z",
    "dateUpdated": "2025-05-10T02:57:40.699Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}