Letzte Änderung:
<$Updated: 03-Apr-26 10:57:56$>

Security advisories

Our Security advisories are published to notify customers about security vulnerabilities and provide guidance on how to minimize and mitigate the risks associated with such vulnerabilities.

Report Security issue/Vulnerability

Please send Security/Vulnerability reports to:
E-Mail security@realthoughts.de

No security advisories for Java and Mbed TLS in this list

We do not list security advisories for Java and Mbed TLS in our security advisories list. Instead visit the official web pages of the Java and Mbed TLS projects.

Security advisories for Java:

[ OpenJDK Vulnerability Advisories ]

Security advisories for Mbed TLS:

In 2025

RTSA-CPTT-2025-1

Description: WIBU-100031: An untrusted Pointer Dereference can be exploited to escalate privileges by an unprivileged user on Windows;
WIBU-100057: Denial of Service due to Improper Pointer Checks on WibuKey for Windows
Required action: Update to WibuKey 6.71, no CPTT update necessary

RTSA-CPLB-2025-5

Description: WIBU-100031: An untrusted Pointer Dereference can be exploited to escalate privileges by an unprivileged user on Windows;
WIBU-100057: Denial of Service due to Improper Pointer Checks on WibuKey for Windows
Required action: Update to WibuKey 6.71, no CPLB update necessary

RTSA-CPLB-2025-4

Description: With Transmission procedure Balanced a Message with Common Address 255 or 65535 was repeated endlessly.
Affected components: CPLBMIec101, CPLBSIec101 when using Transmission procedure Balanced.
Required action: Update to CPLB T.4.25.3

RTSA-CPLB-2025-3

Description: Issue in example source code: Only with Events of Data Type SP, DP and ST the COTs CPLBIEC101_AL_COT11_RETREM and CPLBIEC101_AL_COT12_RETLOC can be used.
Affected components: Customers may have copied the example source code. Customers should fix their implementation.
Required action: Update to CPLB T.4.25.3

RTSA-CPLB-2025-2

Description: Issue in example source code: With C_SE_* CPLBIEC101_AL_COT11_RETREM and CPLBIEC101_AL_COT12_RETLOC cannot be used, instead CPLBIEC101_AL_COT3_SPONT should be used.
Affected components: Customers may have copied the example source code. Customers should fix their implementation.
Required action: Update to CPLB T.4.25.3

RTSA-CPLB-2025-1

Description: Deadband implementation extended and now handles the float classes FP_NAN, FP_INFINITE, FP_ZERO, FP_SUBNORMAL and FP_NORMAL.
Required action: Update to CPLB T.4.25.3

In 2024

RTSA-CPTT-2024-1

Description: WIBU-94453: Denial of service and kernel memory corruption due to improper buffer bounds checks in WibuKey for Windows
Required action: Update to WibuKey 6.70, no CPTT update necessary

RTSA-CPLB-2024-1

Description: WIBU-94453: Denial of service and kernel memory corruption due to improper buffer bounds checks in WibuKey for Windows
Required action: Update to WibuKey 6.70, no CPLB update necessary

In 2022

RTSA-CPTT-2022-1

Description: Out of bounds memory access in CPLBOsStrlcpy() with debugging output. Fixed in CPLBOs.c, version 450, issue introduced in version 442
Required action: Update CPTT T.2.22.2

RTSA-CPLB-2022-2

Description: Out of bounds memory access in CPLBOsStrlcpy() with debugging output. Fixed in CPLBOs.c, version 450, issue introduced in version 442
Affected components: All CPLB products
Required action: Update to CPLB T.4.22.1

RTSA-CPLB-2022-1

Description: Array index out of bound access: On Win32, when enumating the loaded DLLs, when the number of loaded DLLs is >128.
Affected components: CPLB Shlib HwKey and SwKey.
Required action: Update to CPLB T.4.22.1

In 2020

RTSA-CPLB-2020-1

Description: Customer tested SIec103 and SDnp3Serial with Coverity Static Analysis, reported high severity issues are fixed.
Affected components: CPLBSIec103, CPLBSDnp3Serial, CPLBSDnp3Ip
Required action: Update to CPLB T.4.20.3

In 2019

RTSA-CPLB-2019-2

Description: Severe issue in SPA-Bus Frame Scanner fixed.
Affected components: CPLBMSpabus, CPLBSSpabus
Required action: Update to CPLB T.4.19.4

RTSA-CPLB-2019-1

Description: If tCPLBIec104LlObj::pTlsLocalHostCert is NULL or tCPLBIec104LlObj::pTlsLocalHostPubKey is NULL, different Mbed TLS Modules were not correctly initialized.
Affected components: CPLBMIec104, CPLBSIec104, CPLBMModbusTcp, CPLBSModbusTcp, CPLBMDnp3Ip, CPLBSDnp3Ip
Required action: Update to CPLB T.4.19.4

In 2018

RTSA-CPTT-2018-1

Description: CVE-2018-3989: WIBU-SYSTEMS WibuKey.sys kernel memory information disclosure vulnerability;
CVE-2018-3990: WIBU-SYSTEMS WibuKey.sys pool corruption privilege escalation vulnerability;
CVE-2018-3991: WIBU-SYSTEMS WibuKey network server management remote code execution vulnerability
Required action: Update to WibuKey 6.50, no CPTT update necessary

RTSA-CPLB-2018-4

Description: CVE-2018-3989: WIBU-SYSTEMS WibuKey.sys kernel memory information disclosure vulnerability;
CVE-2018-3990: WIBU-SYSTEMS WibuKey.sys pool corruption privilege escalation vulnerability;
CVE-2018-3991: WIBU-SYSTEMS WibuKey network server management remote code execution vulnerability
Required action: Update to WibuKey 6.50, no CPLB update necessary

RTSA-CPLB-2018-3

Description: Fixed: If station A sent k Frames and opposite station B acknowledge these Frames not after receiving w Frames but after timeout t2, then station A ignored this acknowledgement and closed the connection.
Affected components: CPLBMIec104, CPLBSIec104
Required action: Update to CPLB T.4.18.3

RTSA-CPLB-2018-2

Description: Fixed: Message with incorrect RSN executed.
Affected components: CPLBMIec104, CPLBSIec104
Required action: Update to CPLB T.4.18.3

RTSA-CPLB-2018-1

Description: Fixed: Out of bounds memory access when sending a Response to a commanding Request.
Affected components: CPLBSDnp3Serial, CPLBSDnp3Ip
Required action: Update to CPLB T.4.18.1