CVE-2022-2052

Summary

Multiple Trumpf Products in multiple versions use default privileged Windows users and passwords. An adversary may use these accounts to remotely gain full access to the system.

Affected Software

VendorProductVersion RangeStatus
TRUMPF Werkzeugmaschinen SE + Co. KGTruTops MonitorAll Versionsaffected
TRUMPF Werkzeugmaschinen SE + Co. KGTruTops FabAll Versionsaffected
TRUMPF Werkzeugmaschinen SE + Co. KGOseonunspecified <= 1.6affected
TRUMPF Werkzeugmaschinen SE + Co. KGJob Order InterfaceAll Versionsaffected
TRUMPF Werkzeugmaschinen SE + Co. KGTruTops Boost with option Inventory of sheets and remainder sheetsAll Versionsaffected
TRUMPF Werkzeugmaschinen SE + Co. KGTruTops Boost with option Graphic separation of cut partsAll Versionsaffected

Weaknesses

  • CWE-284: CWE-284 Improper Access Control

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References