Share: Email | Twitter

ID

VDE-2021-011

Published

2021-03-22 09:59 (CET)

Last update

2021-03-22 09:59 (CET)

Vendor(s)

TRUMPF Laser GmbH

Product(s)

Article No° Product Name Affected Version(s)
redpowerDirect 2.14.0 <= 3.14.0
TruDiode 2.14.0 <= 3.14.0
TruDisk 2.14.0 <= 3.14.0
TruFiber 2.14.0 <= 3.14.0
TruMicro2000 2.14.0 <= 3.14.0
TruMicro5000 2.14.0 <= 3.14.0
TruMicro6000 2.14.0 <= 3.14.0
TruMicro7000 2.14.0 <= 3.14.0
TruMicro8000 2.14.0 <= 3.14.0
TruMicro9000 2.14.0 <= 3.14.0
TruPulse 2.14.0 <= 3.14.0

Summary

TruControl laser control software from versions 2.14.0 to 3.14.0 use sudo versions affected by CVE-2021-3156. The affected sudo has a heap-based buffer overflow, allowing privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.


Weakness

Off-by-one Error  (CWE-193) 

Summary

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.

Impact

To be able to exploit this vulnerability the attacker first needs to gain any kind of user access to the system.

When logged on to the system the privilege escalation vulnerability can be exploited with following possible impacts/damages to the system:

  • Data loss in the laser control
  • Standstill of production
  • Damage by change of the laser control

Safety is not affected since it is controlled by an independent electromechanical safety mechanism.

Solution

  • Update to TruControl version 3.16.0 or higher or
  • Please contact your service partner (service.tls@trumpf.com) for instructions on how to retrieve the patch

Reported by

CVE-2021-3156 was found by Qualys Research Labs

TRUMPF reported this advisory to CERT@VDE