During the installation of specific TRUMPF Windows applications, privileged local users with default usernames and passwords are created. An adversary could use these users to access and compromise the affected Windows systems and, under certain circumstances, other network resources.
A number of TRUMPF software tools use the OPC UA Server in C++ based OPC UA SDK by Unified Automation. The application contains several vulnerabilities, which enable an attacker to send malicious data to the application, resulting in a Denial-of-Service.
A service function in the stated TRUMPF products is exposed without necessary authentication. Execution of this function may result in unauthorized access to, change of data or disruption of the whole service.
A number of TRUMPF CAD/CAM software tools use the CodeMeter Runtime application from WIBU-SYSTEMS AG to manage licences. This application contains a number of vulnerabilities, which enable an attacker to prevent normal operation of CodeMeter, resulting in a Denial-of-Service and potentially execute arbitrary code.