{ "document": { "category": "csaf_security_advisory", "csaf_version": "2.0", "tracking": { "generator": { "date": "2026-06-09T07:33:02.783Z", "engine": { "version": "2.5.20", "name": "Secvisogram" } }, "id": "OSA-20", "status": "final", "version": "1.0.0", "initial_release_date": "2026-06-13T10:00:00.000Z", "current_release_date": "2026-06-13T10:00:00.000Z", "revision_history": [ { "number": "1.0.0", "date": "2026-06-13T10:00:00.000Z", "summary": "Initial publication" } ] }, "lang": "en-US", "title": "3rd Party vulnerabilities in CM-Line, CMS 356 and ARCO 400 embedded image versions", "distribution": { "text": "Public", "tlp": { "label": "WHITE" } }, "notes": [ { "category": "summary", "title": "Summary", "text": "3rd Party Vulnerabilities in image versions before 2.73.0015 affecting CMS 356, CMC 256plus, CMC 310, CMC 353, CMC 356, CMC 430, CMC 500, CMC 850, ARCO 400." }, { "category": "details", "title": "Mitigation", "text": "OMICRON has released new software versions for CMS 356, CMC 256plus, CMC 310, CMC 353, CMC 356, CMC 430, CMC 500, CMC 850, ARCO 400 which fix the vulnerabilities mentioned in this document." }, { "category": "general", "text": "OMICRON is an international company serving the electrical power industry with innovative testing, diagnostic and cybersecurity solutions. The application of OMICRON products allows users to assess and monitor the condition of assets in their electrical energy systems with complete confidence. Services offered in the area of consulting, commissioning, testing, diagnosis and training make the product range complete. Customers in more than 160 countries rely on the company\u2019s ability to supply leading edge technology of excellent quality. Service centers on all continents provide a broad base of knowledge and extraordinary customer support. All of this together with our strong network of sales partners is what has made our company a market leader in the electrical power industry.", "title": "About OMICRON electronics" }, { "title": "Simplified affected products list included for external usage", "category": "other", "text": "CMS 356@https://www.omicronenergy.com/en/products/cms-356/; CMC 256plus@https://www.omicronenergy.com/en/products/cmc-256plus/; CMC 310@https://www.omicronenergy.com/en/products/cmc-310/; CMC 353@https://www.omicronenergy.com/en/products/cmc-353/; CMC 356@https://www.omicronenergy.com/en/products/cmc-356/; CMC 430@https://www.omicronenergy.com/en/products/cmc-430/; CMC 500@https://www.omicronenergy.com/en/products/cmc-500/; CMC 850@https://www.omicronenergy.com/en/products/cmc-850/; ARCO 400@https://www.omicronenergy.com/en/products/arco-400/" } ], "publisher": { "category": "vendor", "contact_details": "product.security@omicronenergy.com", "name": "OMICRON Product Security Team", "namespace": "https://www.omicronenergy.com/security/" }, "references": [ { "category": "self", "summary": "OSA-20 3rd Party vulnerabilities in CM-Line, CMS 356 and ARCO 400 embedded image versions - PDF File", "url": "https://www.omicronenergy.com/.well-known/csaf/osa-20.pdf" }, { "category": "self", "summary": "OSA-20 3rd Party vulnerabilities in CM-Line, CMS 356 and ARCO 400 embedded image versions - TXT File", "url": "https://www.omicronenergy.com/.well-known/csaf/osa-20.txt" }, { "category": "self", "summary": "OSA-20 3rd Party vulnerabilities in CM-Line, CMS 356 and ARCO 400 embedded image versions - CSAF File", "url": "https://www.omicronenergy.com/.well-known/csaf/osa-20.json" }, { "summary": "CMS 356 Product Page", "url": "https://www.omicronenergy.com/en/products/cms-356/" }, { "summary": "CMC 256plus Product Page", "url": "https://www.omicronenergy.com/en/products/cmc-256plus/" }, { "summary": "CMC 310 Product Page", "url": "https://www.omicronenergy.com/en/products/cmc-310/" }, { "summary": "CMC 353 Product Page", "url": "https://www.omicronenergy.com/en/products/cmc-353/" }, { "summary": "CMC 356 Product Page", "url": "https://www.omicronenergy.com/en/products/cmc-356/" }, { "summary": "CMC 430 Product Page", "url": "https://www.omicronenergy.com/en/products/cmc-430/" }, { "summary": "CMC 500 Product Page", "url": "https://www.omicronenergy.com/en/products/cmc-500/" }, { "summary": "CMC 850 Product Page", "url": "https://www.omicronenergy.com/en/products/cmc-850/" }, { "summary": "ARCO 400 Product Page", "url": "https://www.omicronenergy.com/en/products/arco-400/" } ] }, "product_tree": { "branches": [ { "category": "vendor", "name": "OMICRON electronics", "branches": [ { "name": "CM-Line Devices", "category": "product_family", "branches": [ { "category": "product_name", "name": "CMC 256plus", "product": { "name": "CMC 256plus", "product_id": "CMC256plus" } }, { "category": "product_name", "name": "CMC 310", "product": { "name": "CMC 310", "product_id": "CMC310" } }, { "category": "product_name", "name": "CMC 353", "product": { "name": "CMC 353", "product_id": "CMC353" } }, { "category": "product_name", "name": "CMC 356", "product": { "name": "CMC 356", "product_id": "CMC356" } }, { "category": "product_name", "name": "CMC 430", "product": { "name": "CMC 430", "product_id": "CMC430" } }, { "category": "product_name", "name": "CMC 500", "product": { "name": "CMC 500", "product_id": "CMC500" } }, { "category": "product_name", "name": "CMC 850", "product": { "name": "CMC 850", "product_id": "CMC850" } } ] }, { "category": "product_name", "name": "CMS 356", "product": { "name": "CMS 356", "product_id": "CMS356" } }, { "category": "product_name", "name": "ARCO 400", "product": { "name": "ARCO 400", "product_id": "ARCO400" } }, { "category": "product_name", "name": "Device Firmware", "branches": [ { "category": "product_version_range", "name": "< 2.73.0015", "product": { "name": "CM Line Image before 2.73", "product_id": "DeviceImage_before_2.73" } }, { "category": "product_version", "name": "2.73.0015", "product": { "name": "CM Line Image 2.73", "product_id": "DeviceImage_2.73" } } ] } ] } ], "relationships": [ { "category": "installed_on", "product_reference": "DeviceImage_before_2.73", "relates_to_product_reference": "CMS356", "full_product_name": { "name": "CMS 356 with images before version 2.73.0015", "product_id": "DeviceImage_before_2.73_on_CMS356" } }, { "category": "installed_on", "product_reference": "DeviceImage_before_2.73", "relates_to_product_reference": "CMC256plus", "full_product_name": { "name": "CMC 256plus with images before version 2.73.0015", "product_id": "DeviceImage_before_2.73_on_CMC256plus" } }, { "category": "installed_on", "product_reference": "DeviceImage_before_2.73", "relates_to_product_reference": "CMC310", "full_product_name": { "name": "CMC 310 with images before version 2.73.0015", "product_id": "DeviceImage_before_2.73_on_CMC310" } }, { "category": "installed_on", "product_reference": "DeviceImage_before_2.73", "relates_to_product_reference": "CMC353", "full_product_name": { "name": "CMC 353 with images before version 2.73.0015", "product_id": "DeviceImage_before_2.73_on_CMC353" } }, { "category": "installed_on", "product_reference": "DeviceImage_before_2.73", "relates_to_product_reference": "CMC356", "full_product_name": { "name": "CMC 356 with images before version 2.73.0015", "product_id": "DeviceImage_before_2.73_on_CMC356" } }, { "category": "installed_on", "product_reference": "DeviceImage_before_2.73", "relates_to_product_reference": "CMC430", "full_product_name": { "name": "CMC 430 with images before version 2.73.0015", "product_id": "DeviceImage_before_2.73_on_CMC430" } }, { "category": "installed_on", "product_reference": "DeviceImage_before_2.73", "relates_to_product_reference": "CMC500", "full_product_name": { "name": "CMC 500 with images before version 2.73.0015", "product_id": "DeviceImage_before_2.73_on_CMC500" } }, { "category": "installed_on", "product_reference": "DeviceImage_before_2.73", "relates_to_product_reference": "CMC850", "full_product_name": { "name": "CMC 850 with images before version 2.73.0015", "product_id": "DeviceImage_before_2.73_on_CMC850" } }, { "category": "installed_on", "product_reference": "DeviceImage_before_2.73", "relates_to_product_reference": "ARCO400", "full_product_name": { "name": "ARCO 400 with images before version 2.73.0015", "product_id": "DeviceImage_before_2.73_on_ARCO400" } }, { "category": "installed_on", "product_reference": "DeviceImage_2.73", "relates_to_product_reference": "CMS356", "full_product_name": { "name": "CMS 356 with Image v2.73", "product_id": "DeviceImage_2.73_on_CMS356" } }, { "category": "installed_on", "product_reference": "DeviceImage_2.73", "relates_to_product_reference": "CMC256plus", "full_product_name": { "name": "CMC 256plus with Image v2.73", "product_id": "DeviceImage_2.73_on_CMC256plus" } }, { "category": "installed_on", "product_reference": "DeviceImage_2.73", "relates_to_product_reference": "CMC310", "full_product_name": { "name": "CMC 310 with Image v2.73", "product_id": "DeviceImage_2.73_on_CMC310" } }, { "category": "installed_on", "product_reference": "DeviceImage_2.73", "relates_to_product_reference": "CMC353", "full_product_name": { "name": "CMC 353 with Image v2.73", "product_id": "DeviceImage_2.73_on_CMC353" } }, { "category": "installed_on", "product_reference": "DeviceImage_2.73", "relates_to_product_reference": "CMC356", "full_product_name": { "name": "CMC 356 with Image v2.73", "product_id": "DeviceImage_2.73_on_CMC356" } }, { "category": "installed_on", "product_reference": "DeviceImage_2.73", "relates_to_product_reference": "CMC430", "full_product_name": { "name": "CMC 430 with Image v2.73", "product_id": "DeviceImage_2.73_on_CMC430" } }, { "category": "installed_on", "product_reference": "DeviceImage_2.73", "relates_to_product_reference": "CMC500", "full_product_name": { "name": "CMC 500 with Image v2.73", "product_id": "DeviceImage_2.73_on_CMC500" } }, { "category": "installed_on", "product_reference": "DeviceImage_2.73", "relates_to_product_reference": "CMC850", "full_product_name": { "name": "CMC 850 with Image v2.73", "product_id": "DeviceImage_2.73_on_CMC850" } }, { "category": "installed_on", "product_reference": "DeviceImage_2.73", "relates_to_product_reference": "ARCO400", "full_product_name": { "name": "ARCO 400 with Image v2.73", "product_id": "DeviceImage_2.73_on_ARCO400" } } ] }, "vulnerabilities": [ { "cve": "CVE-2025-68468", "title": "Avahi has a reachable assertion in lookup_multicast_callback", "cwe": { "id": "CWE-617", "name": "Reachable Assertion" }, "notes": [ { "category": "summary", "text": "Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending unsolicited announcements containing CNAME resource records pointing it to resource records with short TTLs. As soon as they expire avahi-daemon crashes.\n\n", "title": "Summary" }, { "title": "Component", "text": "Avahi", "category": "description" } ], "product_status": { "first_fixed": [ "DeviceImage_2.73_on_CMS356", "DeviceImage_2.73_on_CMC256plus", "DeviceImage_2.73_on_CMC310", "DeviceImage_2.73_on_CMC353", "DeviceImage_2.73_on_CMC356", "DeviceImage_2.73_on_CMC430", "DeviceImage_2.73_on_CMC500", "DeviceImage_2.73_on_CMC850", "DeviceImage_2.73_on_ARCO400" ], "known_affected": [ "DeviceImage_before_2.73_on_CMS356", "DeviceImage_before_2.73_on_CMC256plus", "DeviceImage_before_2.73_on_CMC310", "DeviceImage_before_2.73_on_CMC353", "DeviceImage_before_2.73_on_CMC356", "DeviceImage_before_2.73_on_CMC430", "DeviceImage_before_2.73_on_CMC500", "DeviceImage_before_2.73_on_CMC850", "DeviceImage_before_2.73_on_ARCO400" ] }, "references": [ { "category": "external", "summary": "CVE-2025-68468", "url": "https://www.cve.org/CVERecord?id=CVE-2025-68468" } ], "scores": [ { "cvss_v3": { "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "baseScore": 6.5, "baseSeverity": "MEDIUM", "temporalScore": 6.5, "temporalSeverity": "MEDIUM", "environmentalScore": 6.5, "environmentalSeverity": "MEDIUM" }, "products": [ "DeviceImage_before_2.73_on_CMS356", "DeviceImage_before_2.73_on_CMC256plus", "DeviceImage_before_2.73_on_CMC310", "DeviceImage_before_2.73_on_CMC353", "DeviceImage_before_2.73_on_CMC356", "DeviceImage_before_2.73_on_CMC430", "DeviceImage_before_2.73_on_CMC500", "DeviceImage_before_2.73_on_CMC850", "DeviceImage_before_2.73_on_ARCO400" ] } ] }, { "cve": "CVE-2025-68471", "title": "Avahi has a reachable assertion in lookup_start", "cwe": { "id": "CWE-617", "name": "Reachable Assertion" }, "notes": [ { "category": "summary", "text": "Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending 2 unsolicited announcements with CNAME resource records 2 seconds apart.", "title": "Summary" }, { "title": "Component", "text": "Avahi", "category": "description" } ], "product_status": { "first_fixed": [ "DeviceImage_2.73_on_CMS356", "DeviceImage_2.73_on_CMC256plus", "DeviceImage_2.73_on_CMC310", "DeviceImage_2.73_on_CMC353", "DeviceImage_2.73_on_CMC356", "DeviceImage_2.73_on_CMC430", "DeviceImage_2.73_on_CMC500", "DeviceImage_2.73_on_CMC850", "DeviceImage_2.73_on_ARCO400" ], "known_affected": [ "DeviceImage_before_2.73_on_CMS356", "DeviceImage_before_2.73_on_CMC256plus", "DeviceImage_before_2.73_on_CMC310", "DeviceImage_before_2.73_on_CMC353", "DeviceImage_before_2.73_on_CMC356", "DeviceImage_before_2.73_on_CMC430", "DeviceImage_before_2.73_on_CMC500", "DeviceImage_before_2.73_on_CMC850", "DeviceImage_before_2.73_on_ARCO400" ] }, "references": [ { "category": "external", "url": "https://www.cve.org/CVERecord?id=CVE-2025-68471", "summary": "CVE-2025-68471" } ], "scores": [ { "cvss_v3": { "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "baseScore": 6.5, "baseSeverity": "MEDIUM", "temporalScore": 6.5, "temporalSeverity": "MEDIUM", "environmentalScore": 6.5, "environmentalSeverity": "MEDIUM" }, "products": [ "DeviceImage_before_2.73_on_CMS356", "DeviceImage_before_2.73_on_CMC256plus", "DeviceImage_before_2.73_on_CMC310", "DeviceImage_before_2.73_on_CMC353", "DeviceImage_before_2.73_on_CMC356", "DeviceImage_before_2.73_on_CMC430", "DeviceImage_before_2.73_on_CMC500", "DeviceImage_before_2.73_on_CMC850", "DeviceImage_before_2.73_on_ARCO400" ] } ] }, { "cve": "CVE-2025-59375", "title": "Dynamic memory allocations when parsing a malicious file via libexpat", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "notes": [ { "category": "summary", "text": "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "title": "Summary" }, { "title": "Component", "text": "Libexpat", "category": "description" } ], "product_status": { "first_fixed": [ "DeviceImage_2.73_on_CMS356", "DeviceImage_2.73_on_CMC256plus", "DeviceImage_2.73_on_CMC310", "DeviceImage_2.73_on_CMC353", "DeviceImage_2.73_on_CMC356", "DeviceImage_2.73_on_CMC430", "DeviceImage_2.73_on_CMC500", "DeviceImage_2.73_on_CMC850", "DeviceImage_2.73_on_ARCO400" ], "known_affected": [ "DeviceImage_before_2.73_on_CMS356", "DeviceImage_before_2.73_on_CMC256plus", "DeviceImage_before_2.73_on_CMC310", "DeviceImage_before_2.73_on_CMC353", "DeviceImage_before_2.73_on_CMC356", "DeviceImage_before_2.73_on_CMC430", "DeviceImage_before_2.73_on_CMC500", "DeviceImage_before_2.73_on_CMC850", "DeviceImage_before_2.73_on_ARCO400" ] }, "references": [ { "category": "external", "url": "https://www.cve.org/CVERecord?id=CVE-2025-59375", "summary": "CVE-2025-59375" } ], "scores": [ { "cvss_v3": { "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "exploitCodeMaturity": "HIGH", "remediationLevel": "TEMPORARY_FIX", "reportConfidence": "CONFIRMED", "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:T/RC:C", "baseScore": 7.5, "baseSeverity": "HIGH", "temporalScore": 7.2, "temporalSeverity": "HIGH", "environmentalScore": 7.2, "environmentalSeverity": "HIGH" }, "products": [ "DeviceImage_before_2.73_on_CMS356", "DeviceImage_before_2.73_on_CMC256plus", "DeviceImage_before_2.73_on_CMC310", "DeviceImage_before_2.73_on_CMC353", "DeviceImage_before_2.73_on_CMC356", "DeviceImage_before_2.73_on_CMC430", "DeviceImage_before_2.73_on_CMC500", "DeviceImage_before_2.73_on_CMC850", "DeviceImage_before_2.73_on_ARCO400" ] } ] }, { "cve": "CVE-2026-0990", "title": "Denial of service via uncontrolled recursion in xml catalog processing", "cwe": { "id": "CWE-674", "name": "Uncontrolled Recursion" }, "notes": [ { "category": "summary", "text": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "title": "Summary" }, { "title": "Component", "text": "Libxml2", "category": "description" } ], "product_status": { "first_fixed": [ "DeviceImage_2.73_on_CMS356", "DeviceImage_2.73_on_CMC256plus", "DeviceImage_2.73_on_CMC310", "DeviceImage_2.73_on_CMC353", "DeviceImage_2.73_on_CMC356", "DeviceImage_2.73_on_CMC430", "DeviceImage_2.73_on_CMC500", "DeviceImage_2.73_on_CMC850", "DeviceImage_2.73_on_ARCO400" ], "known_affected": [ "DeviceImage_before_2.73_on_CMS356", "DeviceImage_before_2.73_on_CMC256plus", "DeviceImage_before_2.73_on_CMC310", "DeviceImage_before_2.73_on_CMC353", "DeviceImage_before_2.73_on_CMC356", "DeviceImage_before_2.73_on_CMC430", "DeviceImage_before_2.73_on_CMC500", "DeviceImage_before_2.73_on_CMC850", "DeviceImage_before_2.73_on_ARCO400" ] }, "scores": [ { "products": [ "DeviceImage_before_2.73_on_CMS356", "DeviceImage_before_2.73_on_CMC256plus", "DeviceImage_before_2.73_on_CMC310", "DeviceImage_before_2.73_on_CMC353", "DeviceImage_before_2.73_on_CMC356", "DeviceImage_before_2.73_on_CMC430", "DeviceImage_before_2.73_on_CMC500", "DeviceImage_before_2.73_on_CMC850", "DeviceImage_before_2.73_on_ARCO400" ], "cvss_v3": { "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 5.9, "baseSeverity": "MEDIUM", "temporalScore": 5.9, "temporalSeverity": "MEDIUM", "environmentalScore": 5.9, "environmentalSeverity": "MEDIUM" } } ], "references": [ { "category": "external", "url": "https://www.cve.org/CVERecord?id=CVE-2026-0990", "summary": "CVE-2026-0990" } ] }, { "cve": "CVE-2025-6021", "title": "Integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "summary", "text": "A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.", "title": "Summary" }, { "title": "Component", "text": "Libxml2", "category": "description" } ], "product_status": { "first_fixed": [ "DeviceImage_2.73_on_CMS356", "DeviceImage_2.73_on_CMC256plus", "DeviceImage_2.73_on_CMC310", "DeviceImage_2.73_on_CMC353", "DeviceImage_2.73_on_CMC356", "DeviceImage_2.73_on_CMC430", "DeviceImage_2.73_on_CMC500", "DeviceImage_2.73_on_CMC850", "DeviceImage_2.73_on_ARCO400" ], "known_affected": [ "DeviceImage_before_2.73_on_CMS356", "DeviceImage_before_2.73_on_CMC256plus", "DeviceImage_before_2.73_on_CMC310", "DeviceImage_before_2.73_on_CMC353", "DeviceImage_before_2.73_on_CMC356", "DeviceImage_before_2.73_on_CMC430", "DeviceImage_before_2.73_on_CMC500", "DeviceImage_before_2.73_on_CMC850", "DeviceImage_before_2.73_on_ARCO400" ] }, "scores": [ { "products": [ "DeviceImage_before_2.73_on_CMS356", "DeviceImage_before_2.73_on_CMC256plus", "DeviceImage_before_2.73_on_CMC310", "DeviceImage_before_2.73_on_CMC353", "DeviceImage_before_2.73_on_CMC356", "DeviceImage_before_2.73_on_CMC430", "DeviceImage_before_2.73_on_CMC500", "DeviceImage_before_2.73_on_CMC850", "DeviceImage_before_2.73_on_ARCO400" ], "cvss_v3": { "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "temporalScore": 7.5, "temporalSeverity": "HIGH", "environmentalScore": 7.5, "environmentalSeverity": "HIGH" } } ], "references": [ { "category": "external", "url": "https://www.cve.org/CVERecord?id=CVE-2025-6021", "summary": "CVE-2025-6021" } ] }, { "cve": "CVE-2025-11731", "title": "Type confusion in exsltfuncresultcompfunction of libxslt", "cwe": { "id": "CWE-843", "name": "Access of Resource Using Incompatible Type ('Type Confusion')" }, "notes": [ { "category": "summary", "text": "A flaw was found in the exsltFuncResultComp() function of libxslt, which handles EXSLT elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regular XML element node, resulting in a type confusion. This can cause unexpected memory reads and potential crashes. While difficult to exploit, the flaw could lead to application instability or denial of service.", "title": "Summary" }, { "title": "Component", "text": "Libxslt", "category": "description" } ], "product_status": { "first_fixed": [ "DeviceImage_2.73_on_CMS356", "DeviceImage_2.73_on_CMC256plus", "DeviceImage_2.73_on_CMC310", "DeviceImage_2.73_on_CMC353", "DeviceImage_2.73_on_CMC356", "DeviceImage_2.73_on_CMC430", "DeviceImage_2.73_on_CMC500", "DeviceImage_2.73_on_CMC850", "DeviceImage_2.73_on_ARCO400" ], "known_affected": [ "DeviceImage_before_2.73_on_CMS356", "DeviceImage_before_2.73_on_CMC256plus", "DeviceImage_before_2.73_on_CMC310", "DeviceImage_before_2.73_on_CMC353", "DeviceImage_before_2.73_on_CMC356", "DeviceImage_before_2.73_on_CMC430", "DeviceImage_before_2.73_on_CMC500", "DeviceImage_before_2.73_on_CMC850", "DeviceImage_before_2.73_on_ARCO400" ] }, "scores": [ { "products": [ "DeviceImage_before_2.73_on_CMS356", "DeviceImage_before_2.73_on_CMC256plus", "DeviceImage_before_2.73_on_CMC310", "DeviceImage_before_2.73_on_CMC353", "DeviceImage_before_2.73_on_CMC356", "DeviceImage_before_2.73_on_CMC430", "DeviceImage_before_2.73_on_CMC500", "DeviceImage_before_2.73_on_CMC850", "DeviceImage_before_2.73_on_ARCO400" ], "cvss_v3": { "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "baseScore": 3.1, "baseSeverity": "LOW", "temporalScore": 3.1, "temporalSeverity": "LOW", "environmentalScore": 3.1, "environmentalSeverity": "LOW" } } ], "references": [ { "category": "external", "url": "https://www.cve.org/CVERecord?id=CVE-2025-11731", "summary": "CVE-2025-11731" } ] } ] }