cvedb.io
CVE-2022-41648
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2022-10-28T18:15:12.723 · Last modified 2026-06-17T05:03:33.847

Summary

The HEIDENHAIN Controller TNC 640 NC software Version 340590 07 SP5, is vulnerable to improper authentication in its DNC communication for CNC machines. Authentication is not enabled by default for DNC communication. This vulnerability may allow an attacker to deny service on the production line, steal sensitive data from the production line, and alter any products created by the production line. Note: CNC machines running the TNC 640 controller require DNC to be enabled for DNC communication to be present.

Affected products

heidenhain — tnc_640_programming_station

Does this affect you?

Add your gear to cvedb and we'll alert you only when heidenhain ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.