OpenSSL released a patch for high severity vulnerabilities – do operators and vendors of connected devices need to worry?


- Only 25% of devices run on a supported OpenSSL branch (1.1.1 or 3.0) – assuming that 38% of devices running OpenSSL 1.0.2 are not covered by extended LTS.
- The oldest OpenSSL version we observed was 0.9.2, which was released in 1999
- Less than 5% of devices use an OpenSSL version newer than one year (not considering backported patches)
- OpenWRT switched to OpenSSL 1.1.1q in its 22.03.0-rc6 release, which was published on August 2nd, 2022.
- Yocto recently switched from OpenSSL 1.1.1l to OpenSSL 3.0.2 in their 4.0 (kirkstone) release, which was published in April 2022.
- Android only includes OpenSSL bindings for Rust
Über Onekey
ONEKEY ist der führende europäische Spezialist für Product Cybersecurity & Compliance Management und Teil des Anlageportfolios von PricewaterhouseCoopers Deutschland (PwC). Die einzigartige Kombination der automatisierten ONEKEY Product Cybersecurity & Compliance Platform (OCP) mit Expertenwissen und Beratungsdiensten bietet schnelle und umfassende Analyse-, Support- und Verwaltungsfunktionen zur Verbesserung der Produktsicherheit und -konformität — vom Kauf über das Design, die Entwicklung, die Produktion bis hin zum Ende des Produktlebenszyklus.

KONTAKT:
Sara Fortmann
Senior Marketing Manager
sara.fortmann@onekey.com
euromarcom public relations GmbH
team@euromarcom.de
VERWANDTE FORSCHUNGSARTIKEL

Unblob 2024 Highlights: Sandboxing, Reporting, and Community Milestones
Explore the latest developments in Unblob, including enhanced sandboxing with Landlock, improved carving reporting, and χ² randomness analysis. Celebrate community contributions, academic research collaborations, and new format handlers, while looking forward to exciting updates in 2025.
%201.avif)
Critical Vulnerabilities in EV Charging Stations: Analysis of eCharge Controllers
Discover how severe security flaws, including unauthenticated remote command execution (CVE-2024-11665 & CVE-2024-11666), affect eCharge EV charging controllers. Learn about insecure firmware practices, cloud infrastructure issues, and actionable steps to mitigate risks in EV charging systems.
Bereit zur automatisierung ihrer Cybersicherheit & Compliance?
Machen Sie Cybersicherheit und Compliance mit ONEKEY effizient und effektiv.