CVE-2022-41648

CRITICAL

HEIDENHAIN Controller TNC 640 NC <34059007 SP5 - Privilege Escalation

Title source: llm

Description

The HEIDENHAIN Controller TNC 640 NC software Version 340590 07 SP5, is vulnerable to improper authentication in its DNC communication for CNC machines. Authentication is not enabled by default for DNC communication. This vulnerability may allow an attacker to deny service on the production line, steal sensitive data from the production line, and alter any products created by the production line. Note: CNC machines running the TNC 640 controller require DNC to be enabled for DNC communication to be present.

References (2)

[Mitigation, Third Party Advisory, US Government Resource] https://www.cisa.gov/uscert/ics/advisories/icsa-22-298-02

[Third Party Advisory, US Government Resource] https://www.cisa.gov/news-events/ics-advisories/icsa-22-298-02

Scores

CVSS v3 9.8

EPSS 0.0027

EPSS Percentile 50.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-287 CWE-1188

Status published

Products (2)

heidenhain/heros 5.08.3

heidenhain/tnc_640_programming_station 340590_07 sp5

Published Oct 28, 2022

Tracked Since Feb 18, 2026