! ! BRAND NEW WHITEPAPER: SOFTWARE SUPPLY CHAIN REGULATIONS: How to achieve effective & efficient SBOM management? »DOWNLOAD YOUR COPY NOW ! !

New OpenSSL vulnerability: IoT Inspector automatically detects affected software even in IoT / IIoT devices

Widely popular OpenSSL software for data encryption urgently needs to be updated  

Düsseldorf, March 17, 2022 – A new security vulnerability threatens all systems that use OpenSSL, one of the most widely used software for encryption of all kinds, for transport encryption based on TLS. When processing certain TLS certificates, targeted attacks can bring clients and servers to a complete standstill (DoS – Denial of Service). “Servers, clients and other devices must be checked immediately and patched if necessary. Since this software is very widespread, most IT systems – from servers to clients to the Internet of Things – are affected. If hackers target this vulnerability, the situation can become very critical for companies and institutions,” warns Jan Wendenburg, CEO of IoT Inspector. The security company operates the leading European service for automated IoT firmware analyses. The recently disclosed vulnerability can easily be detected in IoT and IIoT devices and infrastructures by IoT Inspector, and thus be remediated. 

Threat level: High  

The IoT Inspector team has uncovered numerous vulnerabilities in devices by well-known hardware manufacturers. “We have seen that after the publication of a technical advisory, hackers have specifically started to attack the addressed vulnerability. Therefore, administrators should immediately check if the issue is present in their networks,” said Jan Wendenburg of IoT Inspector. The vulnerability (CVE-2022-0778) is rated with a threat level of “high.” It was discovered by Tavis Ormandy, a British cybersecurity specialist who currently works at Google as part of the Project Zero team. The vulnerability affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. Administrators using OpenSSL are urged to promptly install one of the secured editions 1.1.1n or 3.0.2.   

Unpredictable situation  

Fast action is particularly advised regarding international cyberattacks due to the ongoing war in Ukraine, according to the team of specialists at IoT Inspector: “Critical infrastructures, as well as companies, are currently more at risk than ever. The alleged use of European technology in Russian war equipment shows how quickly companies are now caught in the crossfire and could potentially be drawn into a campaign by Anonymous hackers. The situation is unpredictable,” Wendenburg explains. Just a few days ago, the German Federal Office for Information Security (BSI) issued its third warning of war-related attacks on IT infrastructures. In this context, every component of a network can be used as a gateway, unless the security vulnerabilities are identified through targeted analyses and subsequently remedied. IoT Inspector continues to offer a free security check for IoT/IIoT endpoints of all types in critical infrastructures following the BSI warnings. A firmware check takes only a few minutes and analyzes the relevant risks. 

About ONEKEY

ONEKEY is the leading European specialist in Product Cybersecurity & Compliance Management and part of the investment portfolio of PricewaterhouseCoopers Germany (PwC). The unique combination of an automated Product Cybersecurity & Compliance Platform (PCCP) with expert knowledge and consulting services provides fast and comprehensive analysis, support, and management to improve product cybersecurity and compliance from product purchasing, design, development, production to end-of-life.

Critical vulnerabilities and compliance violations in device firmware are automatically identified in binary code by AI-based technology in minutes – without source code, device, or network access. Proactively audit software supply chains with integrated software bill of materials (SBOM) generation. “Digital Cyber Twins” enable automated 24/7 post-release cybersecurity monitoring throughout the product lifecycle.

The patent-pending, integrated Compliance Wizard™ already covers the upcoming EU Cyber Resilience Act (CRA) and existing requirements according to IEC 62443-4-2, ETSI EN 303 645, UNECE R 155 and many others.

The Product Security Incident Response Team (PSIRT) is effectively supported by the integrated automatic prioritisation of vulnerabilities, significantly reducing the time to remediation.

Leading international companies in Asia, Europe and the Americas already benefit from the ONEKEY Product Cybersecurity & Compliance Platform and ONEKEY Cybersecurity Experts.

 

CONTACT:

Sara Fortmann

Marketing Manager

sara.fortmann@onekey.com

 

euromarcom public relations GmbH

+49 611 973 150

team@euromarcom.de

Stay informed

News

Spotting Silent Patches in OSS with Binary Static Analysis

April 9, 2024

IT Security: New Automated Zero-Day Security Analysis For Binary Executable Files!

March 18, 2024

Security Advisory: Remote Command Execution in Cisco Access Point WAP Products

March 18, 2024
All news

Downloads

ONEKEY SBOM Whitepaper Cover_Website-Download

Whitepaper: How to achieve effective & efficient SBOM management?

ONEKEY Whitepaper EU Cyber Resilience Act Cover

Whitepaper: Understanding the EU Cyber Resilience Act

Coverpage of the ONEKEY Success Story

Use Case: How SWISSCOM saves 400K EUR per avoided incident

ONEKEY Datasheet Manufacturing Coverpage

Datasheet: ONEKEY Platform - Manufacturing

All Downloads
contact us
  • ONEKEY GMBH
    KAISERSWERTHER STRASSE 45
    40477 DÜSSELDORF, GERMANY 
  • © ONEKEY GmbH