Details
-
Fix
-
Status: Released (View Workflow)
-
Minor
-
Resolution: Fixed
-
2.5.9, 2.6.6
-
None
-
None
-
CVE-2024-29857, CVE-2024-30171, CVE-2024-30172
Description
Current Situation
- JS7 Controller, Agent and JOC ship with bouncycastle bcprov-jdk15to18 version 1.75
- Vulnerabilities affect this version:
- CVE-2024-29857
- disclosed, public description not available yet
- https://www.cve.org/CVERecord?id=CVE-2024-29857
- https://nvd.nist.gov/vuln/detail/CVE-2024-30371
- https://nvd.nist.gov/vuln/detail/CVE-2024-30672
- CVE-2024-29857
Impact
- We rate the impact to our software being low because
- CVE-2024-30171 affects only pdf reader implementations which we do not use.
- CVE-2024-30172 affects only ROS (Robot Operating System) and is already disputed by multiple vendors, rating process at NVD is ongoing
- CVE-2024-29857 we can´t rate this issue as public description of the vulnerability is not available yet
Desired Behavior
- JS7 Controller, Agent and JOC should ship with the latest version 1.78.1 which solve the vulnerability issues.