TRUMPF TruTops prone to improper access control

VDE-2022-023

Last update

17.10.2022 12:00

Published at

17.10.2022 12:00

Vendor(s)

Trumpf SE + Co. KG

External ID

VDE-2022-023

CSAF Document

Download

Summary

During the installation of specific TRUMPF Windows applications, privileged local users with default usernames and passwords are created. An adversary could use these users to access and compromise the affected Windows systems and, under certain circumstances, other network resources.

Impact

Privileged local users with default usernames and passwords can be used to access and compromise affected Windows PCs and possibly other network resources.

Affected Product(s)

Model no.	Product name	Affected versions
	Job Order Interface	Firmware vers:all/*
	Oseon	Firmware <=1.6
	TruTops Boost with option Graphic separation of cut parts	Firmware vers:all/*
	TruTops Boost with option Inventory of sheets and remainder sheets	Firmware vers:all/*
	TruTops Fab	Firmware vers:all/*
	TruTops Monitor	Firmware vers:all/*

Vulnerabilities

Expand / Collapse all

Published

22.09.2025 14:58

Severity

9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weakness

Improper Access Control (CWE-284)

References

cve.org | nvd.nist.gov

Remediation

Please contact your TRUMPF Service with the PR number 496330.

Revision History

Version	Date	Summary
1	17.10.2022 12:00	initial revision