CVE-2022-1300 - OpenCVE

Multiple Version of TRUMPF TruTops products expose a service function without necessary authentication. Execution of this function may result in unauthorized access to change of data or disruption of the whole service.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Trumpf	Trutops Boost Trutops Fab Trutops Monitor

Configuration 1 [-]

OR	cpe:2.3:a:trumpf:trutops_boost::::::::
	cpe:2.3:a:trumpf:trutops_boost:13.08.21:::::::*
	cpe:2.3:a:trumpf:trutops_fab::::::::
	cpe:2.3:a:trumpf:trutops_fab:22.08.21:::::::*
	cpe:2.3:a:trumpf:trutops_monitor::::::::
	cpe:2.3:a:trumpf:trutops_monitor:22.08.21:::::::*

No data.

References

Link	Providers
https://cert.vde.com/en/advisories/VDE-2022-016/

History

No history.

MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published: 2022-05-02T10:20:09.499479Z

Updated: 2024-09-17T01:05:59.399Z

Reserved: 2022-04-11T00:00:00

Link: CVE-2022-1300

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-05-02T12:16:26.433

Modified: 2022-05-09T18:58:23.630

Link: CVE-2022-1300

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "TruTops Boost", "vendor": "TRUMPF", "versions": [{"lessThan": "unspecified", "status": "affected", "version": "V13.01", "versionType": "custom"}, {"lessThanOrEqual": "V13.05", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "V13.08.21"}]}, {"product": "TruTops Fab (incl. TruTops Monitor)", "vendor": "TRUMPF", "versions": [{"lessThan": "unspecified", "status": "affected", "version": "V22.01.", "versionType": "custom"}, {"lessThanOrEqual": "V22.05.", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "V22.08.21"}]}], "datePublic": "2022-05-02T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple Version of TRUMPF TruTops products expose a service function without necessary authentication. Execution of this function may result in unauthorized access to change of data or disruption of the whole service."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-05-02T10:20:09", "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://cert.vde.com/en/advisories/VDE-2022-016/"}], "solutions": [{"lang": "en", "value": "Use the updated versions of the TRUMPF products that will be available via your service channel shortly or the hotfix in the reference."}], "source": {"advisory": "VDE-2022-016", "defect": ["CERT@VDE#64101"], "discovery": "INTERNAL"}, "title": "Missing authentication in TRUMPF products may result in corruption of data", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "info@cert.vde.com", "DATE_PUBLIC": "2022-05-02T10:00:00.000Z", "ID": "CVE-2022-1300", "STATE": "PUBLIC", "TITLE": "Missing authentication in TRUMPF products may result in corruption of data"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "TruTops Boost", "version": {"version_data": [{"version_affected": ">=", "version_value": "V13.01"}, {"version_affected": "<=", "version_value": "V13.05"}, {"version_affected": "=", "version_value": "V13.08.21"}]}}, {"product_name": "TruTops Fab (incl. TruTops Monitor)", "version": {"version_data": [{"version_affected": ">=", "version_value": "V22.01."}, {"version_affected": "<=", "version_value": "V22.05."}, {"version_affected": "=", "version_value": "V22.08.21"}]}}]}, "vendor_name": "TRUMPF"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple Version of TRUMPF TruTops products expose a service function without necessary authentication. Execution of this function may result in unauthorized access to change of data or disruption of the whole service."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-306 Missing Authentication for Critical Function"}]}]}, "references": {"reference_data": [{"name": "https://cert.vde.com/en/advisories/VDE-2022-016/", "refsource": "CONFIRM", "url": "https://cert.vde.com/en/advisories/VDE-2022-016/"}]}, "solution": [{"lang": "en", "value": "Use the updated versions of the TRUMPF products that will be available via your service channel shortly or the hotfix in the reference."}], "source": {"advisory": "VDE-2022-016", "defect": ["CERT@VDE#64101"], "discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:55:24.553Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://cert.vde.com/en/advisories/VDE-2022-016/"}]}]}, "cveMetadata": {"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "assignerShortName": "CERTVDE", "cveId": "CVE-2022-1300", "datePublished": "2022-05-02T10:20:09.499479Z", "dateReserved": "2022-04-11T00:00:00", "dateUpdated": "2024-09-17T01:05:59.399Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:trumpf:trutops_boost:*:*:*:*:*:*:*:*", "matchCriteriaId": "D3BBFC27-AE59-4232-99AA-183E9B4309DB", "versionEndIncluding": "13.05", "versionStartIncluding": "13.01", "vulnerable": true}, {"criteria": "cpe:2.3:a:trumpf:trutops_boost:13.08.21:*:*:*:*:*:*:*", "matchCriteriaId": "9189E82C-EE99-42CA-AF41-3F9FC6809DDC", "vulnerable": true}, {"criteria": "cpe:2.3:a:trumpf:trutops_fab:*:*:*:*:*:*:*:*", "matchCriteriaId": "60159EAB-0C92-4A26-A099-D6C2379E1054", "versionEndIncluding": "22.05", "versionStartIncluding": "22.01", "vulnerable": true}, {"criteria": "cpe:2.3:a:trumpf:trutops_fab:22.08.21:*:*:*:*:*:*:*", "matchCriteriaId": "74EC4E85-27E9-4F18-8A85-0C93573F4DCB", "vulnerable": true}, {"criteria": "cpe:2.3:a:trumpf:trutops_monitor:*:*:*:*:*:*:*:*", "matchCriteriaId": "B86EF581-7BB8-4D87-A8EC-7A16BAAF065E", "versionEndIncluding": "22.05", "versionStartIncluding": "22.01", "vulnerable": true}, {"criteria": "cpe:2.3:a:trumpf:trutops_monitor:22.08.21:*:*:*:*:*:*:*", "matchCriteriaId": "04B80E74-C2DB-4A52-B2F2-4A8406A0D8A6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple Version of TRUMPF TruTops products expose a service function without necessary authentication. Execution of this function may result in unauthorized access to change of data or disruption of the whole service."}, {"lang": "es", "value": "Varias versiones de los productos TRUMPF TruTops exponen una funci\u00f3n de servicio sin la autenticaci\u00f3n necesaria. La ejecuci\u00f3n de esta funci\u00f3n puede resultar en un acceso no autorizado a la modificaci\u00f3n de datos o a la interrupci\u00f3n de todo el servicio"}], "id": "CVE-2022-1300", "lastModified": "2022-05-09T18:58:23.630", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "info@cert.vde.com", "type": "Primary"}]}, "published": "2022-05-02T12:16:26.433", "references": [{"source": "info@cert.vde.com", "tags": ["Third Party Advisory"], "url": "https://cert.vde.com/en/advisories/VDE-2022-016/"}], "sourceIdentifier": "info@cert.vde.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "info@cert.vde.com", "type": "Primary"}]}