FAQ: Do COPA-DATA products use OpenSSL and if yes, are they affected by the Heartbleed vulnerability in OpenSSL?

• Related Articles

• Is the zenon product family affected by the vulnerability CVE-2022-0778 in OpenSSL?

  A vulnerability in OpenSSL has been published with the ID CVE-2022-0778, detailing a potential issue of an endless loop resulting in a denial of service, when specific invalid certificates are parsed.  Version 11 includes OpenSSL 1.1.1N that resolves ...

• FAQ: CD_SVA_2022_1: Vulnerability in zenon Software platform

  Summary  COPA-DATA received a report from Security Researcher Ruben Santamarta detailing a security vulnerability for the zenon Logging Service which is part of the zenon platform standard deployment. Based on this vulnerability additional ...

• CD_SVA_2023_3: Wibu Systems - CodeMeter Runtime - security vulnerability addressed

  A report has been received for the following security vulnerability in the zenon software platform: CVE-2023-3935 Further details regarding the vulnerability, mitigation options and product fixes that may be available, can be found in the document ...

• FAQ: Which CSPRNG is used by OpenSSL in zenon, for e.g. TLS communication?

  The OpenSSL version used in zenon is the LTS version 1.1.1. On Windows systems OpenSSL in zenon makes use of the Windows Cryptography API: Next Generation (CNG). For generation of random numbers and seeding of the random number generator, ...

• FAQ: Are products in the zenon product family affected by the Log4j security vulnerability registered with CVE-2021-44228?

  No, core products in the zenon product family are not based on Java and do not make use of the Log4j library. Additional information can be found in the information report.