CVE-2022-2052 — Improper Access Control in Werkzeugmaschinen SE + CO KG Oseon

CWE-284 — Improper Access Control3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

0.4%

top 41.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trumpf Werkzeugmaschinen SE + CO KG Oseon Trumpf Oseon Trumpf Werkzeugmaschinen SE + CO KG JOB Order Interface +4 more

Timeline

PublishedOct 17

Description

Multiple Trumpf Products in multiple versions use default privileged Windows users and passwords. An adversary may use these accounts to remotely gain full access to the system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages7 packages

▶NVDtrumpf/oseon1.6

▶CVEListV5trumpf_werkzeugmaschinen_se_+_co_kg/oseonunspecified — 1.6

▶CVEListV5trumpf_werkzeugmaschinen_se_+_co_kg/trutops_fabAll Versions

▶CVEListV5trumpf_werkzeugmaschinen_se_+_co_kg/trutops_monitorAll Versions

▶CVEListV5trumpf_werkzeugmaschinen_se_+_co_kg/job_order_interfaceAll Versions

🔴Vulnerability Details

CVEList

TRUMPF TruTops default user accounts vulnerability↗2022-10-17

▶

GHSA

GHSA-rx57-wv3q-7323: Multiple Trumpf Products in multiple versions use default privileged Windows users and passwords↗2022-10-17

▶