#csaf — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #csaf, aggregated by home.social.
-
#OT #Advisory VDE-2026-042
CODESYS Modbus TCP Server - Improper resource managementCODESYS Modbus is an add‑on for the CODESYS Development System that provides a fully integrated Modbus protocol stack along with diagnostic capabilities. A flaw in the CODESYS Modbus TCP Server protocol stack library results in a vulnerability. When a Modbus TCP server is configured, this vulnerable protocol stack is downloaded to and executed by CODESYS Control runtime systems.
#CVE CVE-2026-35227https://certvde.com/en/advisories/vde-2026-042/
#CSAF https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2026/advisory2026-05_vde-2026-042.json
-
#OT #Advisory VDE-2026-042
CODESYS Modbus TCP Server - Improper resource managementCODESYS Modbus is an add‑on for the CODESYS Development System that provides a fully integrated Modbus protocol stack along with diagnostic capabilities. A flaw in the CODESYS Modbus TCP Server protocol stack library results in a vulnerability. When a Modbus TCP server is configured, this vulnerable protocol stack is downloaded to and executed by CODESYS Control runtime systems.
#CVE CVE-2026-35227https://certvde.com/en/advisories/vde-2026-042/
#CSAF https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2026/advisory2026-05_vde-2026-042.json
-
#OT #Advisory VDE-2026-042
CODESYS Modbus TCP Server - Improper resource managementCODESYS Modbus is an add‑on for the CODESYS Development System that provides a fully integrated Modbus protocol stack along with diagnostic capabilities. A flaw in the CODESYS Modbus TCP Server protocol stack library results in a vulnerability. When a Modbus TCP server is configured, this vulnerable protocol stack is downloaded to and executed by CODESYS Control runtime systems.
#CVE CVE-2026-35227https://certvde.com/en/advisories/vde-2026-042/
#CSAF https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2026/advisory2026-05_vde-2026-042.json
-
"The Common Security Advisory Framework (#CSAF) is an effective and efficient means by which manufacturers can communicate their recommendations for action on vulnerabilities."
writes the Institute for Occupational Safety and Health (a main department of the German Social Accident Insurance) here:
https://www.dguv.de/ifa/fachinfos/industrial-security/csaf/index-2.jsp
further
"New EU regulations place greater responsibility on manufacturers of products with digital elements.For example, Article 14 (8) of the Cyber Resilience Act (CRA) sets out "reporting obligations of manufacturers", together with strict deadlines."
Note that https://www.csaf.io/specification/ version 2.1 is available as "Committee Specification Draft 02" since a few weeks. The technical committee welcomes comments!
-
A new pull request for Vulnerability-Lookup adds a CSAF producer that publishes advisories for many manufacturers.
This is great for defenders and researchers, as it increases the amount of detailed vulnerability information available.
It will push the number of ingested feeds to more than 50 unique sources, highlighting the growing diversity of our data sources.
If someone tells you there is a single source of truth for vulnerability information, they’re ignoring the reality: vulnerability intelligence comes from many different sources.
Thanks to @rafi0t for the continuous work on adding CSAF and feeds to vulnerability-lookup
#gcve #cve #cybersecurity #csaf #vulnerability #opendata #opensource
🔗 The new PR with many new CSAF sources https://github.com/vulnerability-lookup/vulnerability-lookup/pull/348
🔗 The open source vulnerability-lookup software https://www.vulnerability-lookup.org/
🔗 GCVE instance https://db.gcve.eu/ -
@bagder However, it's the classic chicken-egg problem: Why should I start? The answer is: #curl is a mature project and can lead the way.
We are happy to help you and others getting started. Feel free to reach out to our #CSAF team at [email protected].(2/2)
-
@bagder Great that you are considering #CSAF. We think that CSAF is a gamechanger: CSAF works for open source as well as closed source, hardware, specifications etc. - basically anything you can think of writing a security advisory or #VEX for.
Supply Chain Security: No one can secure single handed - everyone is needed. A single format: You can profit from the upstream CSAFs, your downstream users profit from your CSAFs.(1/2)
-
Für viele Unternehmen sind die Anforderungen an das #Schwachstellenmanagement in der #Cybersicherheit ein zunehmend dickes Brett.
Neben der reinen Menge an Meldungen ist ein weiteres Problem, dass #Cybersecurity-#Advisories bislang in den unterschiedlichen Formaten, also beispielsweise als PDF, als Website oder als Textfile veröffentlicht werden.
Deshalb empfiehlt das #BSI Unternehmen den #CSAF-Einsatz, um Risiken schneller erfassen und effizienter bewerten zu können:
-
Want to know how to write and distribute #SecurityAdvisories that can be parsed and processed automatically?
Freshly announced are this years workshops for the Common Security Advisory Framework (#CSAF). They will be held in Nuremberg, Germany, November 10th to 12th.
See https://www.csaf.io/workshops/2025/
(right after this are the CSAF Community-Days). -
#OT #Advisory VDE-2025-020
WAGO: Switches affected by year 2k38 problem#CVE CVE-2025-1235
https://certvde.com/en/advisories/VDE-2025-020
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-020.json
-
#OT #Advisory VDE-2025-044
Weidmueller: Industrial ethernet switches are affected by multiple vulnerabilities#CVE CVE-2025-41651, CVE-2025-41652, CVE-2025-41649, CVE-2025-41650, CVE-2025-41653
https://certvde.com/en/advisories/VDE-2025-044
#CSAF https://weidmueller.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-044.json
-
#OT #Advisory VDE-2025-041
Weidmueller: ResMa is affected by a Vulnerability for ASP.NET AJAXWeidmueller product ResMa is affected by ASP.NET AJAX vulnerability.
Weidmueller has released a new firmware for the affected product to fix the vulnerability.
#CVE CVE-2025-3600https://certvde.com/en/advisories/VDE-2025-041
#CSAF https://weidmueller.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-041.json
-
#OT #Advisory #Update VDE-2023-046
WAGO: Multiple products vulnerable to local file inclusionAn attacker with administrative privileges which can access sensitive files can additionally access them in an unintended, undocumented way.
UPDATE 07.05.2025: The fixed versions have been updated, because the previously mentioned versions are still vulnerable to this issue. More details have been added to the hardware devices. More affected version numbers were added to the firmwares.
#CVE CVE-2023-4089https://certvde.com/en/advisories/VDE-2023-046
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2023/vde-2023-046.json
-
Searching for an #OT #Advisory?
Want it machine readable?
Have a look at our #csaf aggregator https://aggregator.certvde.com for advisories of 35+ OT and #ICS vendors that partner with CERT@VDE.See https://certvde.com/en/more/csaf/ for a full list of the trusted providers used on the aggregator.
-
Automating finding and parsing of security advisories? That is what the Common Security Advisory Framework (CSAF) attempts to. https://csaf.io. There are going to be workshops and community days in the 2nd week of December in Germany. See https://csaf.io/workshop/ .
The call for presentations is until the 3rd of November. The location is still to be announced within Germany. I guess Munich or Bonn. (My company is contracted by the BSI to help with CSAF software and spec)
-
Samen met het NCSC en collega's van DPC zit ik dinsdag 1 oktober in een track op de altijd mooie 'ONE Conference 2024'. We hebben het over waarom 'weten wat je hebt' belangrijk is in kwetsbaarhedenbeheer en hoe 'real time vulnerability feeds', CSAF en SBOMs je daarbij kunnen helpen. Als je op de ONE bent, kom langs! :-). https://one-conference.nl/side-event/ncsc-side-tracks/ #oneconference24 #sbom #csaf #ncscnl
-
CSAF Walker: Working with CSAF providers in Rust
A quick introduction blog post to a Rust crate & CLI for working with CSAF advisories and providers.
-
vulnerability-lookup version v0.7.0 has been released.
- News feed added
- Support for CSAF sources (CERT Bund, RedHat, Siemens, CISA, CISCO, Nozomi Networks, OpenXchange, SICK)
- OSSF Malicious packages repository
- Pagination for recent vulnerabilities (API & Web)🔗 Source code https://github.com/cve-search/vulnerability-lookup/releases/tag/v0.7.0
🔗 Vulnerability lookup online https://vulnerability.circl.lu/
-
Today's Live Cyber Security Awareness Forum panel session is on "The problem of employees using FREE stuff from the Internet."
Everyone is welcome.
#csaf #cybersecurityawarenessforumhttps://us02web.zoom.us/webinar/register/4117048890923/WN_aS5vJaPaRg-0CATjBcW07Q
-
Working in cyber security can wear you down. Even if you love the work.
The results of your good work rarely show as a big red, flashing sign that says "You succeeded". Sometimes you wonder if anyone even notices.
But when you can speak to others who are facing the same issues in other organizations, you realize that the work you are doing is really important.
One day, you'll likely see a news story where another organization just like yours fell victim to an attack, and you realize that what you've done makes it less likely to happen in your organization.
That's when you understand the value of what you are contributing.
Come and join the Cyber Security Awareness Forum live panel discussion today, and hear from others in the security awareness industry who have dealt with similar challenges to the ones you're facing.
https://us02web.zoom.us/webinar/register/6017000567129/WN_638kBM5tTzaVM-_oCT3soA
#csaf #cybersecurityawarenessforum #securityawareness #securitymanagement #riskmanagement #humanriskmanagement
-
There are some well-known reasons why gamification is considered to be a good tool for cyber security training and awareness programs.
There are also some misconceptions about gamification that tend to lead people to dismiss the approach.
In today's live Cyber Security Awareness Forum panel discussion, we'll dig into "The pros and cons of gamification in a security awareness program"
Joing us at 1pm EDT today (Wednesday, November 1), and bring your questions or comments...
https://us02web.zoom.us/webinar/register/4316988555351/WN_FQ_uqVfESBazpD2HYNlcWA
#csaf #cybersecurityawarenessforum #gamification #securityawareness #securitymanagement #riskmanagement #securitytraining
-
“Vulnerability management is becoming increasingly important” – Greenbone CEO Dr. Jan-Oliver Wagner at PITS Congress
Greenbone CEO Dr. Jan-Oliver Wagner was invited as an expert to take part in the panel discussion “Putting your finger in the wound – managing or closing vulnerabilities?" at the Public IT Security Congress initiated by Behoerdenspiegel.
More at the Greenbone Blog via @mfeilner
https://www.greenbone.net/en/blog/vulnerability-management-is-becoming-increasingly-important/
#PublicITSecurity #CRA #CSAF #VulnerabilityManagement #Greenbone #OpenVas
-
Are You working with Software Security Advisories? Ever heard of #CSAF? A study from members of the Human Factors in Security and Privacy Group @FAU tries to identify difficulties in reception and processing of security advisories and the decision-making process involved.
Please support the study by taking part in this anonymous 10 minute survey:
https://user-surveys.cs.fau.de/?r=security_advisories_df
Thx! 💐
-
SBOM alone may not encode enough detail to separate non-exploitable vulnerabilities from exploitable ones writes Surendra Pathak in our latest guest blog on #VDR, #VEX, #OpenVEX and #CSAF https://openssf.org/blog/2023/09/07/vdr-vex-openvex-and-csaf/
-
Over 225 security professionals have signed up for today's bi-weekly Cyber Security Awareness Forum.
Think of these sessions as: "The Best Part of Your Security Week"
Attendees love the casual atmosphere, the panel format and the variety of perspectives from CISOs and security awareness managers.
Why not join us today at 1pm EDT, to hear what other security professionals have to say about employee-related risks "beyond phishing links"?
https://us02web.zoom.us/webinar/register/5016940050066/WN_2F_JwTZCThKBK5L3aI4dfw
#csaf #cybersecurityawarenessforum #securityawareness #securityculture #securitymanagement #riskmanagement
-
Learn what really takes up security awareness managers' time in their jobs.
Join us for today's Live Cyber Security Awareness Forum panel session on:
"A day in the life of a security awareness manager (tasks and challenges)"
We have live audience Q&A with an industry expert panel, to share insights and lessons learned about managing security awareness programs.
https://us02web.zoom.us/webinar/register/7716927883621/WN_FuV5x9lyTj-8RfHItu0cVw
#csaf #cybersecurityawarenessforum #securityculture #securitymanagement #riskmanagement
-
If your organization has stories to share about how role-based security awareness is making a difference, others want to hear about it.
Too often, organizations miss the opportunity to provide quality security training to staff who have a common risk environment.
Attackers are focusing on roles now, so they can create more compelling pretexts for social engineering.
Soon, it won't be just gift card scams. There will be attacks targeting people like software librarians that give source code access to privileged access to remote attackers.
What ignored roles do you see that can receive value from more focused security training?
Join our live Cyber Security Awareness Forum today at 1pm EDT, where you can hear from an expert panel and learn from live audience Q&A.
https://us02web.zoom.us/webinar/register/4716891587055/WN_pPRjbM7OSJSvSKnOGgxPFQ
#csaf #cybersecurityawarenessforum #securitytraining #securityawareness #riskmanagement #securitymanagement #instructionaldesign
-
Working on some #CSAF tooling:
csaf download -3 -v -o out/ https://access.redhat.com/security/data/csaf/v2/provider-metadata.json
-
It's a great day to talk about "cyber security industry statistics" in the Live Cyber Security Awareness Forum.
Join the panel discussion with live audience Q&A today at 1pm ET.
#csaf #cybersecurity #statistics #riskmanagement #securityculture
https://us02web.zoom.us/webinar/register/6116755984161/WN_J5jQ7FcETn2wNhilo4tyUQ -
Security industry statistics like "total cybercrime losses" and "percent of breaches involving human vulnerabilities" can be used to make business cases for security awareness training.
But sometimes those stats are misleading.
Join us as we explore the use of industry statistics related to security awareness and impacts of human vulnerability this week in the Live Cyber Security Awareness Forum with panel and audience Q&A.
#csaf #cybersecurityawarenessforum #statisticshttps://us02web.zoom.us/webinar/register/6116755984161/WN_J5jQ7FcETn2wNhilo4tyUQ
-
Die US-Behörde CISA hat am 10. November 2022 einen 3 Punkteplan für effizientes Schwachstellenmanagement veröffentlicht: https://cisa.gov/blog/2022/11/10/transforming-vulnerability-management-landscape
Zentrale Punkte sind der #CSAF-Standard und das #VEX-Profil: Maschinenlesbare #Advisory reduzieren den manuellen Aufwand und mitigieren effektiver Schwachstellen.
Die #CISA zeigt hiermit offiziell ihre Unterstützung dieses Standards. Das #BSI erwartet eine Signalwirkung für alle PSIRTs – speziell auch #IndustrialSecurity.
-
Das Common Security #Advisory Framework (#CSAF) liefert maschinenverarbeitbare Advisories
Gemeinsam mit dem Cyber-Defense Campus (CYD Campus) in der Schweiz arbeitet das #BSI daran #OpenSource-#Tools bereitzustellen, damit alle Beteiligten einer Supply-Chain CSAF-Advisories erzeugen und verwalten können, um effizienter Schwachstellen-Informationen auszutauschen und ihre IT-Sicherheit zu verbessern.
👉 https://www.admin.ch/gov/de/start/dokumentation/medienmitteilungen.msg-id-86565.html#IndustrialSecurity #Secvisogram #DeutschlandDigitalSicherBSI