|Article No°||Product Name||Affected Version(s)|
|TruTops Boost||V13.01 <= V13.05.|
|TruTops Boost||= V13.08.21|
|TruTops Fab||V22.01. <= V22.05.|
|TruTops Fab||= V22.08.21|
|TruTops Monitor||V22.01. <= V22.05.|
|TruTops Monitor||= V22.08.21|
A service function in the stated TRUMPF products is exposed without necessary authentication. Execution of this function may result in unauthorized access to, change of data or disruption of the whole service.
The stated TRUMPF products implement a newly introduced service function that enables functionality intentionally restricted to service technicians via network access. Using this function without authentication, an attacker connected to the network could execute several commands on the host computer using elevated privileges.
Use the updated versions of the TRUMPF products that will be available via your service channel shortly or the hotfix, on following link: https://files.trumpf.com/w/LmhlkCA74heAIdS4GvJDDHqirMU0dpXbTRr7Erw8CXBvQ
CERT@VDE coordinated with TRUMPF