Share: Email | Twitter

ID

VDE-2022-049

Published

2022-11-07 12:43 (CET)

Last update

2022-11-07 12:43 (CET)

Vendor(s)

TRUMPF Laser GmbH

Product(s)

Article No° Product Name Affected Version(s)
TruControl in redpowerDirect 1.60.0 <= 3.40.0
TruControl in TruDiode 1.60.0 <= 3.40.0
TruControl in TruDisk 1.60.0 <= 3.40.0
TruControl in TruFiber 1.60.0 <= 3.40.0
TruControl in TruMicro2000 1.60.0 <= 3.40.0
TruControl in TruMicro5000 1.60.0 <= 3.40.0
TruControl in TruMicro6000 1.60.0 <= 3.40.0
TruControl in TruMicro7000 1.60.0 <= 3.40.0
TruControl in TruMicro8000 1.60.0 <= 3.40.0
TruControl in TruMicro9000 1.60.0 <= 3.40.0
TruControl in TruPulse 1.60.0 <= 3.40.0

Summary

TruControl laser control software from versions 1.60.0 to 3.40.0 use a vulnerable  X.Org server versions. The affected X.Org vulnerability is not validating the request length properly for the handler “ProcXkbSetGeometry”. An authenticated Attacker could craft a request which could lead to memory out-of bounds write.

Vulnerabilities



Last Update
30. August 2024 09:28
Weakness
Improper Protection for Out of Bounds Signal Level Alerts (CWE-1320)
Summary

A flaw was found in the Xorg-x11-server. An out-of-bounds access issue can occur in the ProcXkbSetGeometry function due to improper validation of the request length.

Last Update
30. August 2024 09:28
Weakness
Out-of-bounds Write (CWE-787)
Summary

A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker to escalate privileges and execute arbitrary code in the context of root.

Impact

When logged on to the system the privilege escalation vulnerability can be exploited with following possible impacts/damages to the system:

  • Data loss in the laser control
  • Standstill of production
  • Damage by change of the laser control

Safety is not affected since it is controlled by an independent electromechanical safety mechanism.

Remote Code Execution as one of the mentioned impacts in the vulnerability description of CVE-2022-2320 is not possible since no SSH Forwarding is used.

Solution

Mitigation

Securing the access to the production network.

Please contact your service partner (service.tls@trumpf.com) for instructions on how to get automatically informed for the new major release 3.42.0 of the new TruControl software version.

Remediation

Retrieve instructions on how to deactivate the ssh access or activate the firewall on port 22 (SSH) of your laser.

Reported by

CERT@VDE coordinated with TRUMPF Laser GmbH

Jan-Niklas Sohn working with Trend Micro Zero Day Initiative reported the vulnerability.