TRUMPF: Multiple products contain vulnerable version of 7-zip

VDE-2024-005

Last update

05.06.2025 15:28

Published at

23.01.2024 08:00

Vendor(s)

Trumpf SE + Co. KG

External ID

VDE-2024-005

CSAF Document

Download

Summary

Under certain circumstances, opening a specially crafted 7-zip package can exploit an integer
underflow vulnerability in 7-zip versions up to and including 22.x

This vulnerability allows for a remote code execution, resulting in unauthorized (remote) access to,
change of data or disruption of the whole service.

Impact

The stated TRUMPF products include a vulnerable version of 7-zip which can be exploited to take overthe server they're installed on. This can impact confidentiality, integrity and availability of information onthe affected system.

Affected Product(s)

Model no.	Product name	Affected versions
	Boost <=V16.5	Boost <=V16.5
	FAB (Storage) <=V22.7	FAB (Storage) <=V22.7
	FAB-Boost mixed installation <=V22.7	FAB-Boost mixed installation <=V22.7
	Oseon (Storage) <=V3.2	Oseon (Storage) <=V3.2
	Oseon-Boost mixed installation <=V3.5	Oseon-Boost mixed installation <=V3.5
	TruTops Cell <=V2.31.0	TruTops Cell <=V2.31.0
	TruTops Classic <=V12.1	TruTops Classic <=V12.1
	TruTops Mark <=V6.2	TruTops Mark <=V6.2

Vulnerabilities

Expand / Collapse all

Published

22.09.2025 14:57

Severity

7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Weakness

Integer Underflow (Wrap or Wraparound) (CWE-191)

Summary

Ppmd7.c in 7-Zip before 23.00 allows an integer underflow and invalid read operation via a crafted 7Z archive.

References

cve.org | nvd.nist.gov

Remediation

Please download the replacement tool.
For additional questions please contact your TRUMPF Service with the PR number 501709.

Revision History

Version	Date	Summary
1	23.01.2024 08:00	Initial revision.
2	05.06.2025 15:28	Fix: quotation mark

TRUMPF: Multiple products contain vulnerable version of 7-zip

Summary

Impact

Affected Product(s)

Vulnerabilities

CVE-2023-31102 7.8

Remediation

Revision History