VDE-2025-078
Aug. 29, 2025, 12:00 nachm.
The TRUMPF remote support infrastructure selects an outdated encryption algorithm when setting up communication channels for machines. This cannot be prevented for old machines. For most machines it is possible …
VDE-2024-004
Mai 22, 2025, 3:03 nachm.
The versions of TRUMPF products stated below are including a version of log4net that's prone to XXE (External XML Entities) attacks under certain circumstances. This means, the log4net code can …
VDE-2024-040
April 10, 2025, 3:00 nachm.
TruControl laser control software prior to version 1.60.0 uses an OpenSSH server version affected by CVE-2024-6387. The affected OpenSSH Server version could potentially lead to a remote code execution.
VDE-2024-034
April 10, 2025, 3:00 nachm.
TruControl laser control software from versions 3.50.0 to 4.00.0.B use Linux kernel versions affected by CVE-2024-1086. The affected kernel vulnerability could lead to local privilege escalation.
VDE-2024-001
Jan. 29, 2024, 8:00 vorm.
The TRUMPF CAD/CAM software tools mentioned above use the vulnerable CodeMeter Runtime (up to version 7.60d) application from WIBU-SYSTEMS AG to manage licenses within the component TRUMPF License Expert. This …
VDE-2024-003
Mai 22, 2025, 3:03 nachm.
The TRUMPF products that are listed above contain a vulnerable version of Notepad++. This version isbeing installed for support purposes only, so there is no danger of triggering this vulnerability …
VDE-2024-005
Juni 5, 2025, 3:28 nachm.
Under certain circumstances, opening a specially crafted 7-zip package can exploit an integer underflow vulnerability in 7-zip versions up to and including 22.x This vulnerability allows for a remote code …
VDE-2024-006
Jan. 23, 2024, 8:00 vorm.
Multiple vulnerabilities in the included versions of OpenSSL can lead to different problems, including crashes of the OpenSSL modules (leading to a Denial of Service) or leakage of plaintext. These …