VDE-2024-034
Vulnerability from csaf_trumpfsecokg - Published: 2024-06-25 10:00 - Updated: 2025-04-10 13:00Summary
Multiple TRUMPF products prone to nftables server vulnerabilities
Notes
Summary: TruControl laser control software from versions 3.50.0 to 4.00.0.B use Linux kernel versions affected by CVE-2024-1086. The affected kernel vulnerability could lead to local privilege escalation.
Impact: To be able to exploit this vulnerability the attacker first needs to gain any kind of user access to the system.
When logged on to the system the privilege escalation vulnerability can be exploited with following possible impacts/damages to the system:
* Data loss in the laser control
* Standstill of production
* Damage by change of the laser control
Safety is not affected since it is controlled by an independent electromechanical safety mechanism.
Remediation: * Update to the new release 4.04.0 of the TruControl software version.
* Please contact your service partner (service.tls@trumpf.com) for instructions on how to get automatically informed for the new major release 4.04.0 of the TruControl software version.
General Recommendation: * Secure the production network.
* In case of doubt please disconnect the laser completely from network.
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT.
7.8 (High)
Vendor Fix
• Update to the new release 4.04.0 of the TruControl software version
References
Acknowledgments
CERT@VDE
certvde.com
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "TruControl laser control software from versions 3.50.0 to 4.00.0.B use Linux kernel versions affected by CVE-2024-1086. The affected kernel vulnerability could lead to local privilege escalation.",
"title": "Summary"
},
{
"category": "description",
"text": "To be able to exploit this vulnerability the attacker first needs to gain any kind of user access to the system.\nWhen logged on to the system the privilege escalation vulnerability can be exploited with following possible impacts/damages to the system:\n* Data loss in the laser control\n* Standstill of production\n* Damage by change of the laser control\n\nSafety is not affected since it is controlled by an independent electromechanical safety mechanism.",
"title": "Impact"
},
{
"category": "description",
"text": "* Update to the new release 4.04.0 of the TruControl software version.\n* Please contact your service partner (service.tls@trumpf.com) for instructions on how to get automatically informed for the new major release 4.04.0 of the TruControl software version.\n",
"title": "Remediation"
},
{
"category": "general",
"text": "* Secure the production network.\n* In case of doubt please disconnect the laser completely from network.",
"title": "General Recommendation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "product.security@trumpf.com",
"name": "Trumpf SE + Co. KG",
"namespace": "https://www.trumpf.com"
},
"references": [
{
"category": "external",
"summary": "TRUMPF Laser SE - PSIRT",
"url": "https://www.trumpf.com/en_US/meta/security-with-trumpf/security-advisories/"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for TRUMPF Laser",
"url": "https://certvde.com/en/advisories/vendor/trumpf-laser/"
},
{
"category": "self",
"summary": "VDE-2024-034: Multiple TRUMPF products prone to nftables server vulnerabilities - HTML",
"url": "https://certvde.com/en/advisories/VDE-2024-034"
},
{
"category": "self",
"summary": "VDE-2024-034: Multiple TRUMPF products prone to nftables server vulnerabilities - CSAF",
"url": "https://trumpf.csaf-tp.certvde.com/.well-known/csaf/white/2024/vde-2024-034.json"
}
],
"title": "Multiple TRUMPF products prone to nftables server vulnerabilities",
"tracking": {
"aliases": [
"VDE-2024-034"
],
"current_release_date": "2025-04-10T13:00:00.000Z",
"generator": {
"date": "2024-08-20T12:31:12.136Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.8"
}
},
"id": "VDE-2024-034",
"initial_release_date": "2024-06-25T10:00:00.000Z",
"revision_history": [
{
"date": "2024-06-25T10:00:00.000Z",
"number": "1",
"summary": "Initial revision."
},
{
"date": "2024-11-06T11:27:01.000Z",
"number": "2",
"summary": "Fix: correct certvde domain, added self-reference"
},
{
"date": "2025-04-10T13:00:00.000Z",
"number": "3",
"summary": "Fixed CSAF self-reference URL"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "TruPulse",
"product": {
"name": "TRUMPF Laser SE TruPulse",
"product_id": "CSAFPID-11001"
}
},
{
"category": "product_name",
"name": "TruDisk",
"product": {
"name": "TRUMPF Laser SE TruDisk",
"product_id": "CSAFPID-11002"
}
},
{
"category": "product_name",
"name": "TruFiber",
"product": {
"name": "TRUMPF Laser SE TruFiber",
"product_id": "CSAFPID-11003"
}
},
{
"category": "product_name",
"name": "TruDiode",
"product": {
"name": "TRUMPF Laser SE TruDiode",
"product_id": "CSAFPID-11004"
}
},
{
"category": "product_name",
"name": "TruMicro 2000",
"product": {
"name": "TRUMPF Laser SE TruMicro 2000",
"product_id": "CSAFPID-11005"
}
},
{
"category": "product_name",
"name": "TruMicro 5000",
"product": {
"name": "TRUMPF Laser SE TruMicro 5000",
"product_id": "CSAFPID-11006"
}
},
{
"category": "product_name",
"name": "TruMicro 6000",
"product": {
"name": "TRUMPF Laser SE TruMicro 6000",
"product_id": "CSAFPID-11007"
}
},
{
"category": "product_name",
"name": "TruMicro 7000",
"product": {
"name": "TRUMPF Laser SE TruMicro 7000",
"product_id": "CSAFPID-11008"
}
},
{
"category": "product_name",
"name": "TruMicro 8000",
"product": {
"name": "TRUMPF Laser SE TruMicro 8000",
"product_id": "CSAFPID-11009"
}
},
{
"category": "product_name",
"name": "TruMicro 9000",
"product": {
"name": "TRUMPF Laser SE TruMicro 9000",
"product_id": "CSAFPID-11010"
}
},
{
"category": "product_name",
"name": "redpowerDirect",
"product": {
"name": "TRUMPF Laser SE redpowerDirect",
"product_id": "CSAFPID-11011"
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=3.50.0",
"product": {
"name": "TruControl \u003e=3.50.0",
"product_id": "CSAFPID-51001"
}
},
{
"category": "product_version_range",
"name": "\u003c=4.00.0 B",
"product": {
"name": "TruControl \u003c4.00.0 B",
"product_id": "CSAFPID-51002"
}
},
{
"category": "product_version",
"name": "4.04.0",
"product": {
"name": "TruControl 4.04.0",
"product_id": "CSAFPID-52001"
}
},
{
"category": "product_version_range",
"name": "vers:generic/\u003e=3.50.0|\u003c=4.00.0 B",
"product": {
"name": "TruControl \u003e=3.50.0 | \u003c=4.00.0 B",
"product_id": "CSAFPID-51003"
}
}
],
"category": "product_name",
"name": "TruControl"
}
],
"category": "product_family",
"name": "Software"
}
],
"category": "vendor",
"name": "TRUMPF Laser SE"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-0065",
"CSAFPID-0066",
"CSAFPID-0067",
"CSAFPID-0068",
"CSAFPID-0070",
"CSAFPID-0071",
"CSAFPID-0072",
"CSAFPID-0073",
"CSAFPID-0074",
"CSAFPID-0075",
"CSAFPID-0076"
],
"summary": "Affected products."
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011"
],
"summary": "Fixed products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "TruControl \u003e=3.50.0 | \u003c=4.00.0 B installed on TRUMPF Laser SE TruPulse",
"product_id": "CSAFPID-0065"
},
"product_reference": "CSAFPID-51003",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "TruControl \u003e=3.50.0 | \u003c=4.00.0 B installed on TRUMPF Laser SE TruDisk",
"product_id": "CSAFPID-0066"
},
"product_reference": "CSAFPID-51003",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "TruControl \u003e=3.50.0 | \u003c=4.00.0 B installed on TRUMPF Laser SE TruFiber",
"product_id": "CSAFPID-0067"
},
"product_reference": "CSAFPID-51003",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "TruControl \u003e=3.50.0 | \u003c=4.00.0 B installed on TRUMPF Laser SE TruDiode",
"product_id": "CSAFPID-0068"
},
"product_reference": "CSAFPID-51003",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "TruControl \u003e=3.50.0 | \u003c=4.00.0 B installed on TRUMPF Laser SE TruMicro 2000",
"product_id": "CSAFPID-0070"
},
"product_reference": "CSAFPID-51003",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "TruControl \u003e=3.50.0 | \u003c=4.00.0 B installed on TRUMPF Laser SE TruMicro 5000",
"product_id": "CSAFPID-0071"
},
"product_reference": "CSAFPID-51003",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "TruControl \u003e=3.50.0 | \u003c=4.00.0 B installed on TRUMPF Laser SE TruMicro 6000",
"product_id": "CSAFPID-0072"
},
"product_reference": "CSAFPID-51003",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "TruControl \u003e=3.50.0 | \u003c=4.00.0 B installed on TRUMPF Laser SE TruMicro 7000",
"product_id": "CSAFPID-0073"
},
"product_reference": "CSAFPID-51003",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "TruControl \u003e=3.50.0 | \u003c=4.00.0 B installed on TRUMPF Laser SE TruMicro 8000",
"product_id": "CSAFPID-0074"
},
"product_reference": "CSAFPID-51003",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "TruControl \u003e=3.50.0 | \u003c=4.00.0 B installed on TRUMPF Laser SE TruMicro 9000",
"product_id": "CSAFPID-0075"
},
"product_reference": "CSAFPID-51003",
"relates_to_product_reference": "CSAFPID-11010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "TruControl \u003e=3.50.0 | \u003c=4.00.0 B installed on TRUMPF Laser SE redpowerDirect",
"product_id": "CSAFPID-0076"
},
"product_reference": "CSAFPID-51003",
"relates_to_product_reference": "CSAFPID-11011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "TruControl 4.04.0 installed on TRUMPF Laser SE TruPulse",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-52001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "TruControl 4.04.0 installed on TRUMPF Laser SE TruDisk",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-52001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "TruControl 4.04.0 installed on TRUMPF Laser SE TruFiber",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-52001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "TruControl 4.04.0 installed on TRUMPF Laser SE TruDiode",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-52001",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "TruControl 4.04.0 installed on TRUMPF Laser SE TruMicro 2000",
"product_id": "CSAFPID-31005"
},
"product_reference": "CSAFPID-52001",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "TruControl 4.04.0 installed on TRUMPF Laser SE TruMicro 5000",
"product_id": "CSAFPID-31006"
},
"product_reference": "CSAFPID-52001",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "TruControl 4.04.0 installed on TRUMPF Laser SE TruMicro 6000",
"product_id": "CSAFPID-31007"
},
"product_reference": "CSAFPID-52001",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "TruControl 4.04.0 installed on TRUMPF Laser SE TruMicro 7000",
"product_id": "CSAFPID-31008"
},
"product_reference": "CSAFPID-52001",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "TruControl 4.04.0 installed on TRUMPF Laser SE TruMicro 8000",
"product_id": "CSAFPID-31009"
},
"product_reference": "CSAFPID-52001",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "TruControl 4.04.0 installed on TRUMPF Laser SE TruMicro 9000",
"product_id": "CSAFPID-31010"
},
"product_reference": "CSAFPID-52001",
"relates_to_product_reference": "CSAFPID-11010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "TruControl 4.04.0 installed on TRUMPF Laser SE redpowerDirect",
"product_id": "CSAFPID-31011"
},
"product_reference": "CSAFPID-52001",
"relates_to_product_reference": "CSAFPID-11011"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-1086",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "A use-after-free vulnerability in the Linux kernel\u0027s netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT.",
"title": "Vulnerability Description"
},
{
"audience": "operational management and system administrators",
"category": "details",
"text": "The affected kernel vulnerability could lead to local privilege escalation.",
"title": "Vulnerability characterisation"
}
],
"product_status": {
"fixed": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011"
],
"known_affected": [
"CSAFPID-0065",
"CSAFPID-0066",
"CSAFPID-0067",
"CSAFPID-0068",
"CSAFPID-0070",
"CSAFPID-0071",
"CSAFPID-0072",
"CSAFPID-0073",
"CSAFPID-0074",
"CSAFPID-0075",
"CSAFPID-0076"
]
},
"remediations": [
{
"category": "vendor_fix",
"date": "2024-06-24T10:00:00.000Z",
"details": "\u2022\tUpdate to the new release 4.04.0 of the TruControl software version\n",
"entitlements": [
"\u2022\tPlease contact your service partner (service.tls@trumpf.com) for instructions on how to get automatically informed for the new major release 4.04.0 of the TruControl software version \n"
],
"product_ids": [
"CSAFPID-0065",
"CSAFPID-0066",
"CSAFPID-0067",
"CSAFPID-0068",
"CSAFPID-0070",
"CSAFPID-0071",
"CSAFPID-0072",
"CSAFPID-0073",
"CSAFPID-0074",
"CSAFPID-0075"
],
"restart_required": {
"category": "system"
}
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0065",
"CSAFPID-0066",
"CSAFPID-0067",
"CSAFPID-0068",
"CSAFPID-0070",
"CSAFPID-0071",
"CSAFPID-0072",
"CSAFPID-0073",
"CSAFPID-0074",
"CSAFPID-0075",
"CSAFPID-0076"
]
}
],
"title": "CVE-2024-1086"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…