Vulnerabilities in OpenSSL Open Source Library
07th November 2022
In the OpenSSL open source library, two vulnerabilities (CVE-2022-3602, CVE-2022-3786) with a high threat level were closed in version 3.0.7. All 3.x versions up to and including version 3.0.6 are affected.
After concluding the first evaluations, we are able to confirm for the following VIVAVIS products that OpenSSL is not used at all or in versions 1.x, and that they are therefore not affected by the aforementioned vulnerabilities:
• HIGH-LEIT NT
• HIGH-LEIT XW
• HIGH-LEIT Engineering
• All RTUs from the ACOS series
• EP2000, CP84 and BLM800
The evaluation of further VIVAVIS products is not yet completed. If any other products are affected, we will inform you in further security bulletins as soon as the necessary patches can be made available.
With regard to 3rd-party products distributed by VIVAVIS, we have to rely on the statements of the respective manufacturers. At this moment, we are able to point out that the products from Sophos, CISCO and HP we are using in our systems are not affected, according to the information provided by the manufacturers. Of course we are keeping a close eye on the security information of all manufacturers whose products we are using, and will provide information on other affected products if necessary.
If you have further questions on this matter or if you require support, please contact our Customer Support.
Our RSS feed always keeps you up to date! This way, you’ll receive same-day notification when a new article has been posted to the IT Security Bulletin. Just enter the following link in your feed reader:
You can find out how to integrate the RSS feed into Outlook here.