Back to overview

TRUMPF: TruTops Fab, TruTops Boost prone to vulnerability

VDE-2022-016
Last update
05/02/2022 12:00
Published at
05/02/2022 12:00
Vendor(s)
Trumpf SE + Co. KG
External ID
VDE-2022-016
CSAF Document
Download

Summary

A service function in the stated TRUMPF products is exposed without necessary authentication. Execution of this function may result in unauthorized access to, change of data or disruption of the whole service.

Impact

The stated TRUMPF products implement a newly introduced service function that enables functionality intentionally restricted to service technicians via network access. Using this function without authentication, an attacker connected to the network could execute several commands on the host computer using elevated privileges.

Affected Product(s)

Model no. Product name Affected versions
TruTops Boost V13.01<=V13.05. TruTops Boost V13.01<=V13.05.
TruTops Boost V13.08.21 TruTops Boost V13.08.21
TruTops Fab V22.01.<=V22.05. TruTops Fab V22.01.<=V22.05.
TruTops Fab V22.08.21 TruTops Fab V22.08.21
TruTops Monitor V22.01.<=V22.05. TruTops Monitor V22.01.<=V22.05.
TruTops Monitor V22.08.21 TruTops Monitor V22.08.21

Vulnerabilities

Expand / Collapse all

Published
09/22/2025 14:58
Severity
9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness
Missing Authentication for Critical Function (CWE-306)
Summary

Multiple Version of TRUMPF TruTops products expose a service function without necessary authentication. Execution of this function may result in unauthorized access to change of data or disruption of the whole service.

References
cve.org | nvd.nist.gov

Remediation

Use the updated versions of the TRUMPF products that will be available via your service channel shortly or the hotfix, on following link: files.trumpf.com/w/LmhlkCA74heAIdS4Gv...

Revision History

Version Date Summary
1 05/02/2022 12:00 Initial revision.