CVE-2022-2052

Published: Oct 17, 2022Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: info@cert.vde.com (Secondary)

Description

Multiple Trumpf Products in multiple versions use default privileged Windows users and passwords. An adversary may use these accounts to remotely gain full access to the system.

Affected (5)

Products: Trumpf: Job Order Interface, Oseon, Trutops Boost, Trutops Fab, Trutops Monitor

5 products

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Trumpf Job Order Interface	All versions
Trumpf Oseon	Up to 1.6
Trumpf Trutops Boost	All versions
Trumpf Trutops Fab	All versions
Trumpf Trutops Monitor	All versions

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://cert.vde.com/en/advisories/VDE-2022-023/

Source: info@cert.vde.com

Third Party Advisory

https://cert.vde.com/en/advisories/VDE-2022-023/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.