Amrc-Benmorrow

#11206of 53,634
24.6Total CVSS
Vulnerabilities · 3
High
3
PT-2025-1381
8.2
2025-01-09
Openssl · Openssl · CVE-2023-24010
**Name of the Vulnerable Software and Affected Versions** Data Distribution Service (DDS) (affected versions not specified) **Description** The issue allows an attacker to compromise and gain full control of a secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS#7 certificate validation. This is due to a non-compliant implementation of permission document verification used by some DDS vendors, specifically an improper use of the OpenSSL `PKCS7 verify` function used to validate S/MIME signatures. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2025-1382
8.2
2025-01-09
Openssl · Openssl · CVE-2023-24011
**Name of the Vulnerable Software and Affected Versions** Data Distribution Service (DDS) (affected versions not specified) **Description** The issue allows an attacker to compromise and gain full control of a secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS#7 certificate validation. This is due to a non-compliant implementation of permission document verification used by some DDS vendors, specifically an improper use of the OpenSSL `PKCS7 verify` function used to validate S/MIME signatures. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2025-1383
8.2
2025-01-09
Openssl · Openssl · CVE-2023-24012
**Name of the Vulnerable Software and Affected Versions** DDS (affected versions not specified) **Description** The issue allows an attacker to compromise and gain full control of a secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS#7 certificate validation. This is due to a non-compliant implementation of permission document verification used by some DDS vendors, specifically an improper use of the OpenSSL `PKCS7 verify` function used to validate S/MIME signatures. An attacker can create malicious DDS Participants or ROS 2 Nodes with valid certificates to take over the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.