Multiple TRUMPF TruTops products security bypass | CVE-2022-1300

May 4, 2022

NAME

Multiple TRUMPF TruTops products security bypass

  • Platforms Affected:
    TRUMPF TruTops Boost 13.05
    TRUMPF TruTops Boost 13.08.21
    TRUMPF TruTops Fab 22.05
    TRUMPF TruTops Fab 22.08.21
    TRUMPF TruTops Monitor 22.05
    TRUMPF TruTops Monitor 22.08.21
  • Risk Level:
    9.8
  • Exploitability:
    Unproven
  • Consequences:
    Bypass Security

DESCRIPTION

Multiple TRUMPF TruTops products could allow a remote attacker to bypass security restrictions, caused by missing authentication for critical function. By sending a specially-crafted request, an attacker could exploit this vulnerability to change of data or disruption of the whole service.

CVSS 3.0 Information

  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Access Vector: Network
  • Access Complexity: Low
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
  • Remediation Level: Official Fix

MITIGATION

Refer to TRUMPF Web site for patch, upgrade or suggested workaround information. See References.

  • Reference Link:
    https://cert.vde.com/en/advisories/VDE-2022-016/
  • Reference Link:
    https://files.trumpf.com/w/LmhlkCA74heAIdS4GvJDDHqirMU0dpXbTRr7Erw8CXBvQ

If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.

Digital Patreon Wordmark FieryCoralv2

You may have missed

Cobalt Strike

Cobalt Strike Beacon Detected – 156[.]238[.]227[.]43:80

November 11, 2024
Cobalt Strike

Cobalt Strike Beacon Detected – 8[.]134[.]166[.]14:443

November 11, 2024
Cobalt Strike

Cobalt Strike Beacon Detected – 123[.]57[.]209[.]214:1234

November 11, 2024
Cobalt Strike

Cobalt Strike Beacon Detected – 107[.]174[.]115[.]223:2087

November 11, 2024
Cobalt Strike

Cobalt Strike Beacon Detected – 101[.]35[.]2[.]21:80

November 11, 2024