CVE-2022-1300

Published: May 2, 2022Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: info@cert.vde.com (Secondary)

Description

Multiple Version of TRUMPF TruTops products expose a service function without necessary authentication. Execution of this function may result in unauthorized access to change of data or disruption of the whole service.

Affected (6)

Products: Trumpf: Trutops Boost, Trutops Fab, Trutops Monitor

3 products

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Trumpf Trutops Boost	From 13.01 to 13.05
Trumpf Trutops Boost	Version 13.08.21
Trumpf Trutops Fab	From 22.01 to 22.05
Trumpf Trutops Fab	Version 22.08.21
Trumpf Trutops Monitor	From 22.01 to 22.05
Trumpf Trutops Monitor	Version 22.08.21

Related CWEs

CWE-306

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (2)

https://cert.vde.com/en/advisories/VDE-2022-016/

Source: info@cert.vde.com

Third Party Advisory

https://cert.vde.com/en/advisories/VDE-2022-016/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.