CVE-2022-41648

2022-10-2818:15:12

CWE-287

[email protected]

web.nvd.nist.gov

heidenhain

tnc 640

heros 5.08.3

hartford 5a-65e

authentication

denial of service

sensitive data

product alteration

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

57.0%

JSON

The HEIDENHAIN Controller TNC 640, version 340590 07 SP5, running HEROS 5.08.3 controlling the HARTFORD 5A-65E CNC machine is vulnerable to improper authentication, which may allow an attacker to deny service to the production line, steal sensitive data from the production line, and alter any products created by the production line.

Affected configurations

Nvd

Node

heidenhaintnc_640Match-

AND

heidenhaintnc_640_programming_stationMatch340590_07sp5

heidenhainherosMatch5.08.3

VendorProductVersionCPE
heidenhaintnc_640-cpe:2.3:h:heidenhain:tnc_640:-:*:*:*:*:*:*:*
heidenhaintnc_640_programming_station340590_07cpe:2.3:a:heidenhain:tnc_640_programming_station:340590_07:sp5:*:*:*:*:*:*
heidenhainheros5.08.3cpe:2.3:o:heidenhain:heros:5.08.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
heidenhain	tnc_640	-	cpe:2.3:h:heidenhain:tnc_640:-:::::::*
heidenhain	tnc_640_programming_station	340590_07	cpe:2.3:a:heidenhain:tnc_640_programming_station:340590_07:sp5::::::
heidenhain	heros	5.08.3	cpe:2.3:o:heidenhain:heros:5.08.3:::::::*