|Article No°||Product Name||Affected Version(s)|
|TruControl in redpowerDirect||1.60.0 <= 3.40.0|
|TruControl in TruDiode||1.60.0 <= 3.40.0|
|TruControl in TruDisk||1.60.0 <= 3.40.0|
|TruControl in TruFiber||1.60.0 <= 3.40.0|
|TruControl in TruMicro2000||1.60.0 <= 3.40.0|
|TruControl in TruMicro5000||1.60.0 <= 3.40.0|
|TruControl in TruMicro6000||1.60.0 <= 3.40.0|
|TruControl in TruMicro7000||1.60.0 <= 3.40.0|
|TruControl in TruMicro8000||1.60.0 <= 3.40.0|
|TruControl in TruMicro9000||1.60.0 <= 3.40.0|
|TruControl in TruPulse||1.60.0 <= 3.40.0|
TruControl laser control software from versions 1.60.0 to 3.40.0 use a vulnerable X.Org server versions. The affected X.Org vulnerability is not validating the request length properly for the handler “ProcXkbSetGeometry”. An authenticated Attacker could craft a request which could lead to memory out-of bounds write.
A flaw was found in the Xorg-x11-server. An out-of-bounds access issue can occur in the ProcXkbSetGeometry function due to improper validation of the request length.
A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker to escalate privileges and execute arbitrary code in the context of root.
When logged on to the system the privilege escalation vulnerability can be exploited with following possible impacts/damages to the system:
Safety is not affected since it is controlled by an independent electromechanical safety mechanism.
Remote Code Execution as one of the mentioned impacts in the vulnerability description of CVE-2022-2320 is not possible since no SSH Forwarding is used.
Securing the access to the production network.
Please contact your service partner (email@example.com) for instructions on how to get automatically informed for the new major release 3.42.0 of the new TruControl software version.
Retrieve instructions on how to deactivate the ssh access or activate the firewall on port 22 (SSH) of your laser.
CERT@VDE coordinated with TRUMPF Laser GmbH
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative reported the vulnerability.