CVE-2022-1300 - OpenCVE

Multiple Version of TRUMPF TruTops products expose a service function without necessary authentication. Execution of this function may result in unauthorized access to change of data or disruption of the whole service.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Trumpf	Trutops Fab Trutops Boost Trutops Monitor

Configuration 1 [-]

OR	cpe:2.3:a:trumpf:trutops_boost::::::::
	cpe:2.3:a:trumpf:trutops_boost:13.08.21:::::::*
	cpe:2.3:a:trumpf:trutops_fab::::::::
	cpe:2.3:a:trumpf:trutops_fab:22.08.21:::::::*
	cpe:2.3:a:trumpf:trutops_monitor::::::::
	cpe:2.3:a:trumpf:trutops_monitor:22.08.21:::::::*

References

Link	Resource
https://cert.vde.com/en/advisories/VDE-2022-016/	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: CERTVDE

Published: 2022-05-02T00:00:00

Updated: 2022-05-02T10:20:09

Reserved: 2022-04-11T00:00:00

Link: CVE-2022-1300

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-05-02T12:16:26.433

Modified: 2022-05-09T18:58:23.630

Link: CVE-2022-1300

JSON object: View

Redhat Information

No data.

CWE

CWE-306

{"containers": {"cna": {"affected": [{"product": "TruTops Boost", "vendor": "TRUMPF", "versions": [{"lessThan": "unspecified", "status": "affected", "version": "V13.01", "versionType": "custom"}, {"lessThanOrEqual": "V13.05", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "V13.08.21"}]}, {"product": "TruTops Fab (incl. TruTops Monitor)", "vendor": "TRUMPF", "versions": [{"lessThan": "unspecified", "status": "affected", "version": "V22.01.", "versionType": "custom"}, {"lessThanOrEqual": "V22.05.", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "V22.08.21"}]}], "datePublic": "2022-05-02T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple Version of TRUMPF TruTops products expose a service function without necessary authentication. Execution of this function may result in unauthorized access to change of data or disruption of the whole service."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-05-02T10:20:09", "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://cert.vde.com/en/advisories/VDE-2022-016/"}], "solutions": [{"lang": "en", "value": "Use the updated versions of the TRUMPF products that will be available via your service channel shortly or the hotfix in the reference."}], "source": {"advisory": "VDE-2022-016", "defect": ["CERT@VDE#64101"], "discovery": "INTERNAL"}, "title": "Missing authentication in TRUMPF products may result in corruption of data", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "info@cert.vde.com", "DATE_PUBLIC": "2022-05-02T10:00:00.000Z", "ID": "CVE-2022-1300", "STATE": "PUBLIC", "TITLE": "Missing authentication in TRUMPF products may result in corruption of data"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "TruTops Boost", "version": {"version_data": [{"version_affected": ">=", "version_value": "V13.01"}, {"version_affected": "<=", "version_value": "V13.05"}, {"version_affected": "=", "version_value": "V13.08.21"}]}}, {"product_name": "TruTops Fab (incl. TruTops Monitor)", "version": {"version_data": [{"version_affected": ">=", "version_value": "V22.01."}, {"version_affected": "<=", "version_value": "V22.05."}, {"version_affected": "=", "version_value": "V22.08.21"}]}}]}, "vendor_name": "TRUMPF"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple Version of TRUMPF TruTops products expose a service function without necessary authentication. Execution of this function may result in unauthorized access to change of data or disruption of the whole service."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-306 Missing Authentication for Critical Function"}]}]}, "references": {"reference_data": [{"name": "https://cert.vde.com/en/advisories/VDE-2022-016/", "refsource": "CONFIRM", "url": "https://cert.vde.com/en/advisories/VDE-2022-016/"}]}, "solution": [{"lang": "en", "value": "Use the updated versions of the TRUMPF products that will be available via your service channel shortly or the hotfix in the reference."}], "source": {"advisory": "VDE-2022-016", "defect": ["CERT@VDE#64101"], "discovery": "INTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "assignerShortName": "CERTVDE", "cveId": "CVE-2022-1300", "datePublished": "2022-05-02T00:00:00", "dateReserved": "2022-04-11T00:00:00", "dateUpdated": "2022-05-02T10:20:09", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:trumpf:trutops_boost:*:*:*:*:*:*:*:*", "matchCriteriaId": "D3BBFC27-AE59-4232-99AA-183E9B4309DB", "versionEndIncluding": "13.05", "versionStartIncluding": "13.01", "vulnerable": true}, {"criteria": "cpe:2.3:a:trumpf:trutops_boost:13.08.21:*:*:*:*:*:*:*", "matchCriteriaId": "9189E82C-EE99-42CA-AF41-3F9FC6809DDC", "vulnerable": true}, {"criteria": "cpe:2.3:a:trumpf:trutops_fab:*:*:*:*:*:*:*:*", "matchCriteriaId": "60159EAB-0C92-4A26-A099-D6C2379E1054", "versionEndIncluding": "22.05", "versionStartIncluding": "22.01", "vulnerable": true}, {"criteria": "cpe:2.3:a:trumpf:trutops_fab:22.08.21:*:*:*:*:*:*:*", "matchCriteriaId": "74EC4E85-27E9-4F18-8A85-0C93573F4DCB", "vulnerable": true}, {"criteria": "cpe:2.3:a:trumpf:trutops_monitor:*:*:*:*:*:*:*:*", "matchCriteriaId": "B86EF581-7BB8-4D87-A8EC-7A16BAAF065E", "versionEndIncluding": "22.05", "versionStartIncluding": "22.01", "vulnerable": true}, {"criteria": "cpe:2.3:a:trumpf:trutops_monitor:22.08.21:*:*:*:*:*:*:*", "matchCriteriaId": "04B80E74-C2DB-4A52-B2F2-4A8406A0D8A6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple Version of TRUMPF TruTops products expose a service function without necessary authentication. Execution of this function may result in unauthorized access to change of data or disruption of the whole service."}, {"lang": "es", "value": "Varias versiones de los productos TRUMPF TruTops exponen una funci\u00f3n de servicio sin la autenticaci\u00f3n necesaria. La ejecuci\u00f3n de esta funci\u00f3n puede resultar en un acceso no autorizado a la modificaci\u00f3n de datos o a la interrupci\u00f3n de todo el servicio"}], "id": "CVE-2022-1300", "lastModified": "2022-05-09T18:58:23.630", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "info@cert.vde.com", "type": "Primary"}]}, "published": "2022-05-02T12:16:26.433", "references": [{"source": "info@cert.vde.com", "tags": ["Third Party Advisory"], "url": "https://cert.vde.com/en/advisories/VDE-2022-016/"}], "sourceIdentifier": "info@cert.vde.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "info@cert.vde.com", "type": "Primary"}]}