Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for trutops_monitor by trumpf

    CVE-2022-2052 (GCVE-0-2022-2052)

    Vulnerability from nvd – Published: 2022-10-17 08:20 – Updated: 2025-05-10 02:57
    VLAI
    Title
    TRUMPF TruTops default user accounts vulnerability
    Summary
    Multiple Trumpf Products in multiple versions use default privileged Windows users and passwords. An adversary may use these accounts to remotely gain full access to the system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Date Public
    2022-10-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:24:44.261Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2022-023/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-2052",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-10T02:57:27.303845Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-10T02:57:40.699Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "TruTops Monitor",
              "vendor": "TRUMPF Werkzeugmaschinen SE + Co. KG",
              "versions": [
                {
                  "status": "affected",
                  "version": "All Versions"
                }
              ]
            },
            {
              "product": "TruTops Fab",
              "vendor": "TRUMPF Werkzeugmaschinen SE + Co. KG",
              "versions": [
                {
                  "status": "affected",
                  "version": "All Versions"
                }
              ]
            },
            {
              "product": "Oseon",
              "vendor": "TRUMPF Werkzeugmaschinen SE + Co. KG",
              "versions": [
                {
                  "lessThanOrEqual": "1.6",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Job Order Interface",
              "vendor": "TRUMPF Werkzeugmaschinen SE + Co. KG",
              "versions": [
                {
                  "status": "affected",
                  "version": "All Versions"
                }
              ]
            },
            {
              "product": "TruTops Boost with option Inventory of sheets and remainder sheets",
              "vendor": "TRUMPF Werkzeugmaschinen SE + Co. KG",
              "versions": [
                {
                  "status": "affected",
                  "version": "All Versions"
                }
              ]
            },
            {
              "product": "TruTops Boost with option Graphic separation of cut parts",
              "vendor": "TRUMPF Werkzeugmaschinen SE + Co. KG",
              "versions": [
                {
                  "status": "affected",
                  "version": "All Versions"
                }
              ]
            }
          ],
          "datePublic": "2022-10-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple Trumpf Products in multiple versions use default privileged Windows users and passwords. An adversary may use these accounts to remotely gain full access to the system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-17T00:00:00.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2022-023/"
            }
          ],
          "source": {
            "advisory": "VDE-2022-023",
            "defect": [
              "CERT@VDE#64131"
            ],
            "discovery": "INTERNAL"
          },
          "title": "TRUMPF TruTops default user accounts vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2022-2052",
        "datePublished": "2022-10-17T08:20:11.346Z",
        "dateReserved": "2022-06-10T00:00:00.000Z",
        "dateUpdated": "2025-05-10T02:57:40.699Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-1300 (GCVE-0-2022-1300)

    Vulnerability from nvd – Published: 2022-05-02 10:20 – Updated: 2024-09-17 01:05
    VLAI
    Title
    Missing authentication in TRUMPF products may result in corruption of data
    Summary
    Multiple Version of TRUMPF TruTops products expose a service function without necessary authentication. Execution of this function may result in unauthorized access to change of data or disruption of the whole service.
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    References
    Impacted products
    Vendor Product Version
    TRUMPF TruTops Boost Affected: V13.01 , < unspecified (custom)
    Affected: unspecified , ≤ V13.05 (custom)
    Affected: V13.08.21
    Create a notification for this product.
    TRUMPF TruTops Fab (incl. TruTops Monitor) Affected: V22.01. , < unspecified (custom)
    Affected: unspecified , ≤ V22.05. (custom)
    Affected: V22.08.21
    Create a notification for this product.
    Date Public
    2022-05-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:55:24.553Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2022-016/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "TruTops Boost",
              "vendor": "TRUMPF",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "V13.01",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "V13.05",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "V13.08.21"
                }
              ]
            },
            {
              "product": "TruTops Fab (incl. TruTops Monitor)",
              "vendor": "TRUMPF",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "V22.01.",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "V22.05.",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "V22.08.21"
                }
              ]
            }
          ],
          "datePublic": "2022-05-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple Version of TRUMPF TruTops products expose a service function without necessary authentication. Execution of this function may result in unauthorized access to change of data or disruption of the whole service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-02T10:20:09.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert.vde.com/en/advisories/VDE-2022-016/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Use the updated versions of the TRUMPF products that will be available via your service channel shortly or the hotfix in the reference."
            }
          ],
          "source": {
            "advisory": "VDE-2022-016",
            "defect": [
              "CERT@VDE#64101"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Missing authentication in TRUMPF products may result in corruption of data",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "info@cert.vde.com",
              "DATE_PUBLIC": "2022-05-02T10:00:00.000Z",
              "ID": "CVE-2022-1300",
              "STATE": "PUBLIC",
              "TITLE": "Missing authentication in TRUMPF products may result in corruption of data"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "TruTops Boost",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "V13.01"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "V13.05"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "V13.08.21"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "TruTops Fab (incl. TruTops Monitor)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "V22.01."
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "V22.05."
                              },
                              {
                                "version_affected": "=",
                                "version_value": "V22.08.21"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "TRUMPF"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple Version of TRUMPF TruTops products expose a service function without necessary authentication. Execution of this function may result in unauthorized access to change of data or disruption of the whole service."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-306 Missing Authentication for Critical Function"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cert.vde.com/en/advisories/VDE-2022-016/",
                  "refsource": "CONFIRM",
                  "url": "https://cert.vde.com/en/advisories/VDE-2022-016/"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Use the updated versions of the TRUMPF products that will be available via your service channel shortly or the hotfix in the reference."
              }
            ],
            "source": {
              "advisory": "VDE-2022-016",
              "defect": [
                "CERT@VDE#64101"
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2022-1300",
        "datePublished": "2022-05-02T10:20:09.499Z",
        "dateReserved": "2022-04-11T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:05:59.399Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-2052 (GCVE-0-2022-2052)

    Vulnerability from cvelistv5 – Published: 2022-10-17 08:20 – Updated: 2025-05-10 02:57
    VLAI
    Title
    TRUMPF TruTops default user accounts vulnerability
    Summary
    Multiple Trumpf Products in multiple versions use default privileged Windows users and passwords. An adversary may use these accounts to remotely gain full access to the system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Date Public
    2022-10-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:24:44.261Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2022-023/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-2052",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-10T02:57:27.303845Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-10T02:57:40.699Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "TruTops Monitor",
              "vendor": "TRUMPF Werkzeugmaschinen SE + Co. KG",
              "versions": [
                {
                  "status": "affected",
                  "version": "All Versions"
                }
              ]
            },
            {
              "product": "TruTops Fab",
              "vendor": "TRUMPF Werkzeugmaschinen SE + Co. KG",
              "versions": [
                {
                  "status": "affected",
                  "version": "All Versions"
                }
              ]
            },
            {
              "product": "Oseon",
              "vendor": "TRUMPF Werkzeugmaschinen SE + Co. KG",
              "versions": [
                {
                  "lessThanOrEqual": "1.6",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Job Order Interface",
              "vendor": "TRUMPF Werkzeugmaschinen SE + Co. KG",
              "versions": [
                {
                  "status": "affected",
                  "version": "All Versions"
                }
              ]
            },
            {
              "product": "TruTops Boost with option Inventory of sheets and remainder sheets",
              "vendor": "TRUMPF Werkzeugmaschinen SE + Co. KG",
              "versions": [
                {
                  "status": "affected",
                  "version": "All Versions"
                }
              ]
            },
            {
              "product": "TruTops Boost with option Graphic separation of cut parts",
              "vendor": "TRUMPF Werkzeugmaschinen SE + Co. KG",
              "versions": [
                {
                  "status": "affected",
                  "version": "All Versions"
                }
              ]
            }
          ],
          "datePublic": "2022-10-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple Trumpf Products in multiple versions use default privileged Windows users and passwords. An adversary may use these accounts to remotely gain full access to the system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-17T00:00:00.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2022-023/"
            }
          ],
          "source": {
            "advisory": "VDE-2022-023",
            "defect": [
              "CERT@VDE#64131"
            ],
            "discovery": "INTERNAL"
          },
          "title": "TRUMPF TruTops default user accounts vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2022-2052",
        "datePublished": "2022-10-17T08:20:11.346Z",
        "dateReserved": "2022-06-10T00:00:00.000Z",
        "dateUpdated": "2025-05-10T02:57:40.699Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-1300 (GCVE-0-2022-1300)

    Vulnerability from cvelistv5 – Published: 2022-05-02 10:20 – Updated: 2024-09-17 01:05
    VLAI
    Title
    Missing authentication in TRUMPF products may result in corruption of data
    Summary
    Multiple Version of TRUMPF TruTops products expose a service function without necessary authentication. Execution of this function may result in unauthorized access to change of data or disruption of the whole service.
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    References
    Impacted products
    Vendor Product Version
    TRUMPF TruTops Boost Affected: V13.01 , < unspecified (custom)
    Affected: unspecified , ≤ V13.05 (custom)
    Affected: V13.08.21
    Create a notification for this product.
    TRUMPF TruTops Fab (incl. TruTops Monitor) Affected: V22.01. , < unspecified (custom)
    Affected: unspecified , ≤ V22.05. (custom)
    Affected: V22.08.21
    Create a notification for this product.
    Date Public
    2022-05-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:55:24.553Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2022-016/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "TruTops Boost",
              "vendor": "TRUMPF",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "V13.01",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "V13.05",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "V13.08.21"
                }
              ]
            },
            {
              "product": "TruTops Fab (incl. TruTops Monitor)",
              "vendor": "TRUMPF",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "V22.01.",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "V22.05.",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "V22.08.21"
                }
              ]
            }
          ],
          "datePublic": "2022-05-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple Version of TRUMPF TruTops products expose a service function without necessary authentication. Execution of this function may result in unauthorized access to change of data or disruption of the whole service."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-02T10:20:09.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert.vde.com/en/advisories/VDE-2022-016/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Use the updated versions of the TRUMPF products that will be available via your service channel shortly or the hotfix in the reference."
            }
          ],
          "source": {
            "advisory": "VDE-2022-016",
            "defect": [
              "CERT@VDE#64101"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Missing authentication in TRUMPF products may result in corruption of data",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "info@cert.vde.com",
              "DATE_PUBLIC": "2022-05-02T10:00:00.000Z",
              "ID": "CVE-2022-1300",
              "STATE": "PUBLIC",
              "TITLE": "Missing authentication in TRUMPF products may result in corruption of data"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "TruTops Boost",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "V13.01"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "V13.05"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "V13.08.21"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "TruTops Fab (incl. TruTops Monitor)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "V22.01."
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "V22.05."
                              },
                              {
                                "version_affected": "=",
                                "version_value": "V22.08.21"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "TRUMPF"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple Version of TRUMPF TruTops products expose a service function without necessary authentication. Execution of this function may result in unauthorized access to change of data or disruption of the whole service."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-306 Missing Authentication for Critical Function"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cert.vde.com/en/advisories/VDE-2022-016/",
                  "refsource": "CONFIRM",
                  "url": "https://cert.vde.com/en/advisories/VDE-2022-016/"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Use the updated versions of the TRUMPF products that will be available via your service channel shortly or the hotfix in the reference."
              }
            ],
            "source": {
              "advisory": "VDE-2022-016",
              "defect": [
                "CERT@VDE#64101"
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2022-1300",
        "datePublished": "2022-05-02T10:20:09.499Z",
        "dateReserved": "2022-04-11T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:05:59.399Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }