CVE-2022-1300 CRITICAL

CVE-2022-1300: Missing authentication in TRUMPF products may result in corruption of data

Vendor Trumpf
Product TruTops Boost
Weakness CWE-306 · Missing auth
Published May 2, 2022
Last update September 17, 2024

CVSS base score

9.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Multiple Version of TRUMPF TruTops products expose a service function without necessary authentication. Execution of this function may result in unauthorized access to change of data or disruption of the whole service.

Key dates

02Disclosure timeline

May 2, 2022 CVE published
September 17, 2024 Record updated