CVE-2022-41648 CRITICAL

CVE-2022-41648

Vendor Heidenhain
Product HEIDENHAIN Controller TNC 640 NC Software
Weakness CWE-1188
Published October 28, 2022
Last update October 13, 2025

CVSS base score

9.2/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

The HEIDENHAIN Controller TNC 640 NC software Version 340590 07 SP5, is vulnerable to improper authentication in its DNC communication for CNC machines. Authentication is not enabled by default for DNC communication. This vulnerability may allow an attacker to deny service on the production line, steal sensitive data from the production line, and alter any products created by the production line. Note: CNC machines running the TNC 640 controller require DNC to be enabled for DNC communication to be present.

Key dates

02Disclosure timeline

October 28, 2022 CVE published
October 13, 2025 Record updated