Vulnerabilites related to trumpf - oseon
Vulnerability from fkie_nvd
Published
2023-09-13 14:15
Modified
2024-11-21 08:18
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wibu:codemeter_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F783582-7E13-457E-96E9-8FD2D58580F5",
"versionEndExcluding": "7.60c",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trumpf:oseon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6BCF0613-5F59-4DAA-9DDB-A9322892353A",
"versionEndIncluding": "3.0.22",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trumpf:programmingtube:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9648C643-3213-4D0B-A3E0-6C4A092E8DAE",
"versionEndIncluding": "4.6.3",
"versionStartIncluding": "1.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trumpf:teczonebend:*:*:*:*:*:*:*:*",
"matchCriteriaId": "56F0DB5E-5F18-4DA4-9488-242351FE5994",
"versionEndIncluding": "23.06.01",
"versionStartIncluding": "18.02.r8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trumpf:tops_unfold:05.03.00.00:*:*:*:*:*:*:*",
"matchCriteriaId": "926A92BB-2001-4176-9F73-F7F40F4D58CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trumpf:topscalculation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "903A6767-5E6D-4E98-A756-A3FC99BAF13F",
"versionEndIncluding": "22.00.00",
"versionStartIncluding": "14.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trumpf:trumpflicenseexpert:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54F8DF4D-3C69-4117-88A4-9C0F6838C7DD",
"versionEndIncluding": "1.11.1",
"versionStartIncluding": "1.5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trumpf:trutops:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8360F8C5-1F88-420F-91B2-C75EC8A97A0C",
"versionEndIncluding": "12.01.00.00",
"versionStartIncluding": "08.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trumpf:trutops_cell_classic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3240055F-E26E-4BE9-89A9-D50A6FA5E8F1",
"versionEndIncluding": "09.09.02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trumpf:trutops_cell_sw48:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CD0343C-7A91-4CF7-B70B-CB2569FFE679",
"versionEndIncluding": "02.26.0",
"versionStartIncluding": "01.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trumpf:trutops_mark_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6D30E6-031C-4104-A573-2FD3773E1CDF",
"versionEndIncluding": "06.01",
"versionStartIncluding": "01.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trumpf:trutopsboost:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B55ED3C4-B111-4A8C-BB9F-A50FCCC38432",
"versionEndIncluding": "16.0.22",
"versionStartIncluding": "06.00.23.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trumpf:trutopsfab:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4180D87-1915-4868-9328-D310282DD7C4",
"versionEndIncluding": "22.8.25",
"versionStartIncluding": "15.00.23.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trumpf:trutopsfab_storage_smallstore:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7823FE-A87C-494B-AB35-AB2830884282",
"versionEndIncluding": "20.04.20.00",
"versionStartIncluding": "14.06.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trumpf:trutopsprint:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A257AA96-76DA-47CC-A3BA-3CCFB719C62E",
"versionEndIncluding": "01.00",
"versionStartIncluding": "00.06.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trumpf:trutopsprintmultilaserassistant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "607CE0A6-C1CB-4B30-A7C7-FFEDF8DB0DA1",
"versionStartIncluding": "01.02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trumpf:trutopsweld:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1561DCB8-AEAF-45A8-9F6F-EEB6A49452C9",
"versionEndIncluding": "9.0.28148.1",
"versionStartIncluding": "7.0.198.241",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trumpf:tubedesign:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D88C313D-95E2-44EA-A895-F4CA659A5846",
"versionEndIncluding": "14.06.150",
"versionStartIncluding": "08.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phoenixcontact:activation_wizard:*:*:*:*:*:moryx:*:*",
"matchCriteriaId": "E8198A71-1EA7-4DAC-8D4F-EB646A0DC635",
"versionEndIncluding": "1.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phoenixcontact:e-mobility_charging_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B2B109F-41E0-4CC9-9F9F-F1AD06E1EA77",
"versionEndIncluding": "1.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phoenixcontact:fl_network_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C8751F63-3D03-434A-BF4E-67320F6672FD",
"versionEndIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phoenixcontact:iol-conf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "907E5EB3-8346-4371-9CFF-0F885CC0529E",
"versionEndIncluding": "1.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phoenixcontact:module_type_package_designer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9659319-4AEC-4112-9EAC-7892C0A37AA8",
"versionEndExcluding": "1.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phoenixcontact:module_type_package_designer:1.2.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "BB44DD6D-7685-4346-91BC-30CB9531982A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phoenixcontact:plcnext_engineer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "170FABD2-23D5-4885-AA09-B4130F945564",
"versionEndIncluding": "2023.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Desbordamiento del B\u00fafer en el servicio de red Wibu CodeMeter Runtime hasta la versi\u00f3n 7.60b permite a un atacante remoto no autenticado lograr RCE y obtener acceso completo al sistema anfitri\u00f3n."
}
],
"id": "CVE-2023-3935",
"lastModified": "2024-11-21T08:18:21.260",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "info@cert.vde.com",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2023-09-13T14:15:09.147",
"references": [
{
"source": "info@cert.vde.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf"
},
{
"source": "info@cert.vde.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-030/"
},
{
"source": "info@cert.vde.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-031/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-030/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-031/"
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-17 09:15
Modified
2024-11-21 07:00
Severity ?
Summary
Multiple Trumpf Products in multiple versions use default privileged Windows users and passwords. An adversary may use these accounts to remotely gain full access to the system.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| info@cert.vde.com | https://cert.vde.com/en/advisories/VDE-2022-023/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/en/advisories/VDE-2022-023/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trumpf | job_order_interface | * | |
| trumpf | oseon | * | |
| trumpf | trutops_boost | * | |
| trumpf | trutops_fab | * | |
| trumpf | trutops_monitor | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trumpf:job_order_interface:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23618C14-F7A5-46D5-9861-1439F197622A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trumpf:oseon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "806F1D17-51DF-431D-B34B-7EC4FA7D5873",
"versionEndIncluding": "1.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trumpf:trutops_boost:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FE4279B-0D8E-4B0E-8D38-A3AF0C90A0C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trumpf:trutops_fab:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52F57117-C6A3-426E-9AE9-E47596BB0E40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trumpf:trutops_monitor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5114C779-4A9D-4F09-AFBD-42DB013E063A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple Trumpf Products in multiple versions use default privileged Windows users and passwords. An adversary may use these accounts to remotely gain full access to the system."
},
{
"lang": "es",
"value": "Varios productos de Trumpf en m\u00faltiples versiones usan usuarios y contrase\u00f1as privilegiados de Windows por defecto. Un adversario puede usar estas cuentas para conseguir acceso completo al sistema de forma remota"
}
],
"id": "CVE-2022-2052",
"lastModified": "2024-11-21T07:00:14.330",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "info@cert.vde.com",
"type": "Primary"
}
]
},
"published": "2022-10-17T09:15:12.150",
"references": [
{
"source": "info@cert.vde.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-023/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-023/"
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-3935 (GCVE-0-2023-3935)
Vulnerability from cvelistv5
Published
2023-09-13 13:19
Modified
2025-05-01 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write
Summary
A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Wibu | CodeMeter Runtime |
Version: 0.0 < |
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.775Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-031/"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-030/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3935",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": ""
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-19T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-01T03:55:09.776Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CodeMeter Runtime",
"vendor": "Wibu",
"versions": [
{
"lessThanOrEqual": "7.60b",
"status": "affected",
"version": "0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "CodeMeter Runtime",
"vendor": "Wibu",
"versions": [
{
"status": "unaffected",
"version": "7.21g"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system."
}
],
"value": "A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-19T07:00:20.911Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-230704-01-v3.0.pdf"
},
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-031/"
},
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-030/"
}
],
"source": {
"defect": [
"CERT@VDE#64566"
],
"discovery": "UNKNOWN"
},
"title": "Wibu: Buffer Overflow in CodeMeter Runtime",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2023-3935",
"datePublished": "2023-09-13T13:19:18.392Z",
"dateReserved": "2023-07-25T13:02:40.206Z",
"dateUpdated": "2025-05-01T03:55:09.776Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2052 (GCVE-0-2022-2052)
Vulnerability from cvelistv5
Published
2022-10-17 08:20
Modified
2025-05-10 02:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-284 - Improper Access Control
Summary
Multiple Trumpf Products in multiple versions use default privileged Windows users and passwords. An adversary may use these accounts to remotely gain full access to the system.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | TRUMPF Werkzeugmaschinen SE + Co. KG | TruTops Monitor |
Version: All Versions |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-023/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2052",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-10T02:57:27.303845Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-10T02:57:40.699Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "TruTops Monitor",
"vendor": "TRUMPF Werkzeugmaschinen SE + Co. KG",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
},
{
"product": "TruTops Fab",
"vendor": "TRUMPF Werkzeugmaschinen SE + Co. KG",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
},
{
"product": "Oseon",
"vendor": "TRUMPF Werkzeugmaschinen SE + Co. KG",
"versions": [
{
"lessThanOrEqual": "1.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Job Order Interface",
"vendor": "TRUMPF Werkzeugmaschinen SE + Co. KG",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
},
{
"product": "TruTops Boost with option Inventory of sheets and remainder sheets",
"vendor": "TRUMPF Werkzeugmaschinen SE + Co. KG",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
},
{
"product": "TruTops Boost with option Graphic separation of cut parts",
"vendor": "TRUMPF Werkzeugmaschinen SE + Co. KG",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
}
],
"datePublic": "2022-10-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple Trumpf Products in multiple versions use default privileged Windows users and passwords. An adversary may use these accounts to remotely gain full access to the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-17T00:00:00.000Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2022-023/"
}
],
"source": {
"advisory": "VDE-2022-023",
"defect": [
"CERT@VDE#64131"
],
"discovery": "INTERNAL"
},
"title": "TRUMPF TruTops default user accounts vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-2052",
"datePublished": "2022-10-17T08:20:11.346Z",
"dateReserved": "2022-06-10T00:00:00.000Z",
"dateUpdated": "2025-05-10T02:57:40.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}