HEIDENHAIN Controller TNC (Update A)

Plan Patch8.1ICS-CERT ICSA-22-298-02Oct 25, 2022

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

HEIDENHAIN Controller TNC 640 NC Software contains a vulnerability that could result in loss of sensitive data, manipulation of information, and denial-of-service. The vulnerability is associated with inadequate security in legacy communication protocols (LSV2 and DNC) used for remote access and file transfer to the controller. Exploitation requires network access and high attack complexity.

What this means

What could happen

An attacker with network access to the controller could read sensitive CNC program files, modify part programs or machine parameters, or interrupt machine operation. This could lead to production downtime, scrap parts, or unplanned machine behavior.

Who's at risk

HEIDENHAIN TNC 640 controllers are used in CNC machining centers, turning centers, and multi-axis mills in job shops, contract manufacturers, and production facilities. Any organization running HEIDENHAIN controllers with network-connected LSV2 or DNC ports should assess exposure. This affects machine operators, maintenance technicians, and engineering staff who rely on remote file transfer and diagnostics.

How it could be exploited

An attacker must reach the controller over the network and exploit weaknesses in the LSV2 or DNC communication protocols. These protocols lack modern authentication and encryption, allowing an attacker to intercept or manipulate communication to exfiltrate programs, read machine data, or send commands that alter machine behavior.

Prerequisites

Network access to the controller (not isolated from network)
LSV2 or DNC communication port reachable from attacker's position
High attack complexity suggests specific knowledge of protocol or controller configuration required

remotely exploitableno authentication required in legacy protocolsno patch availableaffects machine control and production

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (1)

ProductAffected VersionsFix Status

HEIDENHAIN Controller TNC 640 NC Software: 340590_07_SP5340590 07 SP5No fix yet

Remediation & Mitigation

0/4

Do now

0/3

WORKAROUNDBlock LSV2 and DNC communication ports using the integrated firewall in the controller's operating system

HARDENINGUse network firewalls and zone segmentation to isolate the controller from business networks and the Internet

HARDENINGIf remote access is required, use a VPN to tunnel into the controller network rather than allowing direct exposure

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXContact your machine vendor to confirm availability of updates that include SSH tunneling for secure remote access instead of LSV2/DNC

CVEs (1)

CVE-2022-41648

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/fdcd491f-747c-484d-b9ab-a6967e948f94