All news with #open62541 tag

Hitachi Energy MSM: XSS and Assertion Vulnerabilities

⚠️ Hitachi Energy reports multiple vulnerabilities in the MSM product that are exploitable remotely with low attack complexity. An XSS flaw in the EmbedThis GoAhead goform/formTest endpoint (name parameter) can allow HTML injection, while an assertion in open62541's fuzz_binary_decode can cause a crash. CVE-2023-53155 (CVSS 7.2) and CVE-2024-53429 (CVSS 7.5) are assigned. Vendors and CISA recommend disconnecting affected devices from internet-facing networks and following product-specific guidance.