{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-41648", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "datePublished": "2022-10-28T17:09:41.162581Z", "dateUpdated": "2024-09-16T23:51:54.049Z", "dateReserved": "2022-09-29T00:00:00"}, "containers": {"cna": {"datePublic": "2022-10-25T00:00:00", "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2022-10-28T00:00:00"}, "descriptions": [{"lang": "en", "value": "The HEIDENHAIN Controller TNC 640, version 340590 07 SP5, running HEROS 5.08.3 controlling the HARTFORD 5A-65E CNC machine is vulnerable to improper authentication, which may allow an attacker to deny service to the production line, steal sensitive data from the production line, and alter any products created by the production line."}], "affected": [{"vendor": "HEIDENHAIN", "product": "Controller TNC 640", "versions": [{"version": "Version 340590 07 SP5, running HEROS 5.08.3 controlling the HARTFORD 5A-65E CNC machine", "status": "affected"}]}], "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-02"}], "credits": [{"lang": "en", "value": "Marco Balduzzi of Trend Micro reported this vulnerability."}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-287 Improper Authentication", "cweId": "CWE-287"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:49:43.602Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-02", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:heidenhain:tnc_640_programming_station:340590_07:sp5:*:*:*:*:*:*", "matchCriteriaId": "A4AA5300-77D8-4501-8B6A-FCC96ECE82B7", "vulnerable": true}, {"criteria": "cpe:2.3:o:heidenhain:heros:5.08.3:*:*:*:*:*:*:*", "matchCriteriaId": "C75C780C-A5AE-4D32-9D27-461DBA78B7B2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:heidenhain:tnc_640:-:*:*:*:*:*:*:*", "matchCriteriaId": "1F5BAD18-3699-43C9-B6D9-FBF6C237CF2C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The HEIDENHAIN Controller TNC 640, version 340590 07 SP5, running HEROS 5.08.3 controlling the HARTFORD 5A-65E CNC machine is vulnerable to improper authentication, which may allow an attacker to deny service to the production line, steal sensitive data from the production line, and alter any products created by the production line."}, {"lang": "es", "value": "HEIDENHAIN Controller TNC 640, versi\u00f3n 340590 07 SP5, que ejecuta HEROS 5.08.3 y controla la m\u00e1quina HARTFORD 5A-65E CNC, es vulnerable a una autenticaci\u00f3n incorrecta, lo que puede permitir a un atacante negar el servicio a la l\u00ednea de producci\u00f3n y robar datos sensibles de la l\u00ednea de producci\u00f3n y alterar cualquier producto creado por la l\u00ednea de producci\u00f3n."}], "id": "CVE-2022-41648", "lastModified": "2024-11-21T07:23:33.673", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-10-28T18:15:12.723", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-02"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-02"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}