Security
iba AG's product security team, ProductCERT acts holistically to identify security threats and issues with the aim of improving iba AG's products.
ProductCERT maintains relationships with partners and security experts to test the security of iba products against current threat scenarios and to advance product security.
iba AG develops recommendations for the secure operation of iba components in industry. In this way, it makes it easier for operators to cope with the constantly growing threat situation in the field of IT security.
Security advices are provided via Product Information Newsletter for subscribers and published on this page (see table) to inform customers about necessary steps for the secure operation of iba products.
ID | CVSS Base Score | Document Title | Version | Last Update |
---|---|---|---|---|
IBA-2022-05 | 7.5 | OpenSSL component vulnerability | V1.0 | 2022-08-08 |
IBA-2022-04 | 2.8 | Hardcoded credentials | V1.0 | 2022-04-12 |
IBA-2022-03 | 6.1 | Credentials stored in plaintext | V1.0 | 2022-04-12 |
IBA-2022-02 | 4.8 | Unable to establish OPC DA connection after installing patch for CVE-2021-26414 | V1.0 | 2022-03-23 |
IBA-2022-01 | 4.2 | ibaPDA OPC UA server allowed in some cases connections with untrusted certificates | V1.0 | 2022-03-08 |
IBA-2021-04 | 10.0 | maxView Storage Manager Remote Code Execution Vulnerability | V1.0 | 2021-12-17 |
IBA-2021-03 | 7.1 | CodeMeter Runtime for Windows: Denial of Service (DoS) | V1.0 | 2022-07-05 |
IBA-2021-02 | 9.1 | CodeMeter Runtime Network Server: Heap Leak and Denial of Service | V1.0 | 2021-09-06 |
IBA-2021-01 | 7.8 | Local privilege escalation | V1.0 | 2021-04-19 |
IBA-2020-01 | WIBU Systems CodeMeter Runtime Vulnerabilities in iba Products | V1.0 | 2021-04-24 |
Contact
ProductCERT also acts as a central point of contact for security teams and developers, industry groups and vendors to report potential security vulnerabilities in iba products. It coordinates and maintains communication with all involved parties, both internal and external, to respond appropriately to identified security issues. It also handles the public reporting of security issues related to iba products.
Email: productcert@iba-ag.com
Twitter: iba AG