Is the zenon product family affected by the vulnerability CVE-2022-0778 in OpenSSL?
A vulnerability in OpenSSL has been published with the ID CVE-2022-0778, detailing a potential issue of an endless loop resulting in a denial of service, when specific invalid certificates are parsed.
Version 11 includes OpenSSL 1.1.1N that resolves the issue.
The OPC UA Server in the Process Gateway is potentially affected by this issue.
Related Articles
FAQ: Are products in the zenon product family affected by the Log4j security vulnerability registered with CVE-2021-44228?
No, core products in the zenon product family are not based on Java and do not make use of the Log4j library. Additional information can be found in the information report.
FAQ: Are products in the zenon product family affected by the vulnerability, labelled BlastRADIUS?
The vulnerability labelled BlastRADIUS is a vulnerability in the RADIUS protocol, also known under the reference CVE-2024-3596. The zenon IIoT Services Identity Service supports an Identity Provider for authentication against RADIUS server, that can ...
CD_SVA_2023_3: Wibu Systems - CodeMeter Runtime - security vulnerability addressed
A report has been received for the following security vulnerability in the zenon software platform: CVE-2023-3935 Further details regarding the vulnerability, mitigation options and product fixes that may be available, can be found in the document ...
FAQ: Do COPA-DATA products use OpenSSL and if yes, are they affected by the Heartbleed vulnerability in OpenSSL?
There are components of COPA-DATA products that use parts of the OpenSSL library. The parts of the OpenSSL library that are used, include parts for certificate handling, encryption and secure connections. The following components in particular use ...
FAQ: Are products in the zenon product family affected by vulnerabilities, labelled Ripple20?
The vulnerabilities labelled Ripple20 exist in a TCP/IP stack of a specific vendor typically found on embedded devices. COTS products within the zenon product family make use of the standard TCP/IP stack provided by the operating system and are ...