Share: Email | Twitter

ID

VDE-2022-023

Published

2022-10-17 10:00 (CEST)

Last update

2022-10-14 12:22 (CEST)

Vendor(s)

TRUMPF Werkzeugmaschinen SE + Co. KG

Product(s)

Article No° Product Name Affected Version(s)
Job Order Interface = All Versions
Oseon <= 1.6
TruTops Boost with option Graphic separation of cut parts = All Versions
TruTops Boost with option Inventory of sheets and remainder sheets = All Versions
TruTops Fab = All Versions
- TruTops Monitor = All Versions

Summary

During the installation of specific TRUMPF Windows applications, privileged local users with default usernames and passwords are created. An adversary could use these users to access and compromise the affected Windows systems and, under certain circumstances, other network resources.


Last Update:

Oct. 11, 2022, 4:09 p.m.

Weakness

Improper Access Control  (CWE-284) 

Summary

Multiple Trumpf Products in multiple versions use default privileged Windows users and passwords. An adversary may use these accounts to remotely gain full access to the system.


Impact

Privileged local users with default usernames and passwords can be used to access and compromise affected Windows PCs and possibly other network resources.

Solution

Solution

Please contact your TRUMPF Service with the PR number 496330.

Reported by

CERT@VDE coordinated with TRUMPF