Stack buffer overflow in CMS (Auth)EnvelopedData parsing

Summary

CVECVE-2025-15467
StatePUBLISHED
Assigneropenssl
Source PriorityCVE Program / NVD first with legacy fallback
Published2026-01-27 16:16:14 UTC
Updated2026-06-30 03:16:46 UTC
DescriptionIssue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs. Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable. Because the overflow occurs prior to authentication, no valid key material is required to trigger it. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue. OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.

Risk And Classification

Primary CVSS: v3.1 8.8 HIGH from ADP

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Problem Types: CWE-787 | CWE-120 | CWE-787 CWE-787 Out-of-bounds Write | CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')


VersionSourceTypeScoreSeverityVector
3.1ADPDECLARED8.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
3.1ADPCVSS9.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1134c704f-9b21-4f2e-91b3-4a467353bcc0Secondary8.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
3.10b0ca135-0b70-47e7-9f44-1890c2a1c46cSecondary9.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v3.1 Breakdown

Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Application Openssl Openssl All All All All

Vendor Declared Affected Products

SourceVendorProductVersionPlatforms
CNA OpenSSL OpenSSL affected 3.6.0 3.6.1 semver Not specified
CNA OpenSSL OpenSSL affected 3.5.0 3.5.5 semver Not specified
CNA OpenSSL OpenSSL affected 3.4.0 3.4.4 semver Not specified
CNA OpenSSL OpenSSL affected 3.3.0 3.3.6 semver Not specified
CNA OpenSSL OpenSSL affected 3.0.0 3.0.19 semver Not specified
ADP Siemens AI Lightweight Inference Server affected * custom Not specified
ADP Siemens Connector For Azure affected V1.8.0 custom Not specified
ADP Siemens Databus affected V3.3.2 custom Not specified
ADP Siemens HiMed Cockpit affected * custom Not specified
ADP Siemens RUGGEDCOM RM1224 LTE4G EU affected * custom Not specified
ADP Siemens RUGGEDCOM RM1224 LTE4G NAM affected * custom Not specified
ADP Siemens SCALANCE LPE9403 affected * custom Not specified
ADP Siemens SCALANCE LPE9413 affected * custom Not specified
ADP Siemens SCALANCE LPE9433 affected * custom Not specified
ADP Siemens SCALANCE M804PB affected * custom Not specified
ADP Siemens SCALANCE M812-1 ADSL-Router Family affected * custom Not specified
ADP Siemens SCALANCE M816-1 ADSL-Router Family affected * custom Not specified
ADP Siemens SCALANCE M826-2 SHDSL-Router affected * custom Not specified
ADP Siemens SCALANCE M874-2 affected * custom Not specified
ADP Siemens SCALANCE M874-3 affected * custom Not specified
ADP Siemens SCALANCE M874-3 3G-Router CN affected * custom Not specified
ADP Siemens SCALANCE M876-3 affected * custom Not specified
ADP Siemens SCALANCE M876-3 ROK affected * custom Not specified
ADP Siemens SCALANCE M876-4 affected * custom Not specified
ADP Siemens SCALANCE M876-4 EU affected * custom Not specified
ADP Siemens SCALANCE M876-4 NAM affected * custom Not specified
ADP Siemens SCALANCE MUB852-1 A1 affected * custom Not specified
ADP Siemens SCALANCE MUB852-1 B1 affected * custom Not specified
ADP Siemens SCALANCE MUM853-1 A1 affected * custom Not specified
ADP Siemens SCALANCE MUM853-1 B1 affected * custom Not specified
ADP Siemens SCALANCE MUM853-1 EU affected * custom Not specified
ADP Siemens SCALANCE MUM856-1 A1 affected * custom Not specified
ADP Siemens SCALANCE MUM856-1 B1 affected * custom Not specified
ADP Siemens SCALANCE MUM856-1 CN affected * custom Not specified
ADP Siemens SCALANCE MUM856-1 EU affected * custom Not specified
ADP Siemens SCALANCE MUM856-1 RoW affected * custom Not specified
ADP Siemens SCALANCE S615 EEC LAN-Router affected * custom Not specified
ADP Siemens SCALANCE S615 LAN-Router affected * custom Not specified
ADP Siemens SCALANCE SC622-2C affected * custom Not specified
ADP Siemens SCALANCE SC626-2C affected * custom Not specified
ADP Siemens SCALANCE SC632-2C affected * custom Not specified
ADP Siemens SCALANCE SC636-2C affected * custom Not specified
ADP Siemens SCALANCE SC642-2C affected * custom Not specified
ADP Siemens SCALANCE SC646-2C affected * custom Not specified
ADP Siemens SCALANCE WAB762-1 affected * custom Not specified
ADP Siemens SCALANCE WAM763-1 affected * custom Not specified
ADP Siemens SCALANCE WAM763-1 ME affected * custom Not specified
ADP Siemens SCALANCE WAM763-1 US affected * custom Not specified
ADP Siemens SCALANCE WAM766-1 affected * custom Not specified
ADP Siemens SCALANCE WAM766-1 ME affected * custom Not specified
ADP Siemens SCALANCE WAM766-1 US affected * custom Not specified
ADP Siemens SCALANCE WAM766-1 EEC affected * custom Not specified
ADP Siemens SCALANCE WAM766-1 EEC ME affected * custom Not specified
ADP Siemens SCALANCE WAM766-1 EEC US affected * custom Not specified
ADP Siemens SCALANCE WUB762-1 affected * custom Not specified
ADP Siemens SCALANCE WUB762-1 IFeatures affected * custom Not specified
ADP Siemens SCALANCE WUM763-1 affected * custom Not specified
ADP Siemens SCALANCE WUM763-1 affected * custom Not specified
ADP Siemens SCALANCE WUM763-1 US affected * custom Not specified
ADP Siemens SCALANCE WUM763-1 US affected * custom Not specified
ADP Siemens SCALANCE WUM766-1 affected * custom Not specified
ADP Siemens SCALANCE WUM766-1 ME affected * custom Not specified
ADP Siemens SCALANCE WUM766-1 USA affected * custom Not specified
ADP Siemens SCALANCE X200-4P IRT affected * custom Not specified
ADP Siemens SCALANCE X200-4P IRT affected * custom Not specified
ADP Siemens SCALANCE X201-3P IRT affected * custom Not specified
ADP Siemens SCALANCE X201-3P IRT affected * custom Not specified
ADP Siemens SCALANCE X201-3P IRT PRO affected * custom Not specified
ADP Siemens SCALANCE X201-3P IRT PRO affected * custom Not specified
ADP Siemens SCALANCE X202-2IRT affected * custom Not specified
ADP Siemens SCALANCE X202-2IRT affected * custom Not specified
ADP Siemens SCALANCE X202-2P IRT affected * custom Not specified
ADP Siemens SCALANCE X202-2P IRT affected * custom Not specified
ADP Siemens SCALANCE X202-2P IRT PRO affected * custom Not specified
ADP Siemens SCALANCE X202-2P IRT PRO affected * custom Not specified
ADP Siemens SCALANCE X204-2 affected * custom Not specified
ADP Siemens SCALANCE X204-2FM affected * custom Not specified
ADP Siemens SCALANCE X204-2LD affected * custom Not specified
ADP Siemens SCALANCE X204-2LD TS affected * custom Not specified
ADP Siemens SCALANCE X204-2TS affected * custom Not specified
ADP Siemens SCALANCE X204IRT affected * custom Not specified
ADP Siemens SCALANCE X204IRT affected * custom Not specified
ADP Siemens SCALANCE X204IRT PRO affected * custom Not specified
ADP Siemens SCALANCE X204IRT PRO affected * custom Not specified
ADP Siemens SCALANCE X204RNA HSR affected * custom Not specified
ADP Siemens SCALANCE X204RNA PRP affected * custom Not specified
ADP Siemens SCALANCE X204RNA EEC HSR affected * custom Not specified
ADP Siemens SCALANCE X204RNA EEC PRP affected * custom Not specified
ADP Siemens SCALANCE X204RNA EEC PRP/HSR affected * custom Not specified
ADP Siemens SCALANCE X206-1 affected * custom Not specified
ADP Siemens SCALANCE X206-1LD affected * custom Not specified
ADP Siemens SCALANCE X208 affected * custom Not specified
ADP Siemens SCALANCE X208PRO affected * custom Not specified
ADP Siemens SCALANCE X212-2 affected * custom Not specified
ADP Siemens SCALANCE X212-2LD affected * custom Not specified
ADP Siemens SCALANCE X216 affected * custom Not specified
ADP Siemens SCALANCE X224 affected * custom Not specified
ADP Siemens SCALANCE X302-7 EEC 230V Coated affected * custom Not specified
ADP Siemens SCALANCE X302-7 EEC 230V affected * custom Not specified
ADP Siemens SCALANCE X302-7 EEC 24V Coated affected * custom Not specified
ADP Siemens SCALANCE X302-7 EEC 24V affected * custom Not specified
ADP Siemens SCALANCE X302-7 EEC 2x 230V Coated affected * custom Not specified
ADP Siemens SCALANCE X302-7 EEC 2x 230V affected * custom Not specified
ADP Siemens SCALANCE X302-7 EEC 2x 24V Coated affected * custom Not specified
ADP Siemens SCALANCE X302-7 EEC 2x 24V affected * custom Not specified
ADP Siemens SCALANCE X304-2FE affected * custom Not specified
ADP Siemens SCALANCE X306-1LD FE affected * custom Not specified
ADP Siemens SCALANCE X307-2 EEC 230V Coated affected * custom Not specified
ADP Siemens SCALANCE X307-2 EEC 230V affected * custom Not specified
ADP Siemens SCALANCE X307-2 EEC 24V Coated affected * custom Not specified
ADP Siemens SCALANCE X307-2 EEC 24V affected * custom Not specified
ADP Siemens SCALANCE X307-2 EEC 2x 230V Coated affected * custom Not specified
ADP Siemens SCALANCE X307-2 EEC 2x 230V affected * custom Not specified
ADP Siemens SCALANCE X307-2 EEC 2x 24V Coated affected * custom Not specified
ADP Siemens SCALANCE X307-2 EEC 2x 24V affected * custom Not specified
ADP Siemens SCALANCE X307-3 affected * custom Not specified
ADP Siemens SCALANCE X307-3 affected * custom Not specified
ADP Siemens SCALANCE X307-3LD affected * custom Not specified
ADP Siemens SCALANCE X307-3LD affected * custom Not specified
ADP Siemens SCALANCE X308-2 affected * custom Not specified
ADP Siemens SCALANCE X308-2 affected * custom Not specified
ADP Siemens SCALANCE X308-2LD affected * custom Not specified
ADP Siemens SCALANCE X308-2LD affected * custom Not specified
ADP Siemens SCALANCE X308-2LH affected * custom Not specified
ADP Siemens SCALANCE X308-2LH affected * custom Not specified
ADP Siemens SCALANCE X308-2LH affected * custom Not specified
ADP Siemens SCALANCE X308-2LH affected * custom Not specified
ADP Siemens SCALANCE X308-2M affected * custom Not specified
ADP Siemens SCALANCE X308-2M affected * custom Not specified
ADP Siemens SCALANCE X308-2M PoE affected * custom Not specified
ADP Siemens SCALANCE X308-2M PoE affected * custom Not specified
ADP Siemens SCALANCE X308-2M TS affected * custom Not specified
ADP Siemens SCALANCE X308-2M TS affected * custom Not specified
ADP Siemens SCALANCE X310 affected * custom Not specified
ADP Siemens SCALANCE X310 affected * custom Not specified
ADP Siemens SCALANCE X310FE affected * custom Not specified
ADP Siemens SCALANCE X310FE affected * custom Not specified
ADP Siemens SCALANCE X320-1 FE affected * custom Not specified
ADP Siemens SCALANCE X320-1-2LD FE affected * custom Not specified
ADP Siemens SCALANCE X408-2 affected * custom Not specified
ADP Siemens SCALANCE XC316-8 affected * custom Not specified
ADP Siemens SCALANCE XC324-4 affected * custom Not specified
ADP Siemens SCALANCE XC324-4 EEC affected * custom Not specified
ADP Siemens SCALANCE XC332 affected * custom Not specified
ADP Siemens SCALANCE XC416-8 affected * custom Not specified
ADP Siemens SCALANCE XC424-4 affected * custom Not specified
ADP Siemens SCALANCE XC432 affected * custom Not specified
ADP Siemens SCALANCE XF201-3P IRT affected * custom Not specified
ADP Siemens SCALANCE XF202-2P IRT affected * custom Not specified
ADP Siemens SCALANCE XF204 affected * custom Not specified
ADP Siemens SCALANCE XF204-2 affected * custom Not specified
ADP Siemens SCALANCE XF204-2BA IRT affected * custom Not specified
ADP Siemens SCALANCE XF204IRT affected * custom Not specified
ADP Siemens SCALANCE XF204IRT affected * custom Not specified
ADP Siemens SCALANCE XF206-1 affected * custom Not specified
ADP Siemens SCALANCE XF208 affected * custom Not specified
ADP Siemens SCALANCE XR302-32 affected * custom Not specified
ADP Siemens SCALANCE XR302-32 affected * custom Not specified
ADP Siemens SCALANCE XR302-32 affected * custom Not specified
ADP Siemens SCALANCE XR322-12 affected * custom Not specified
ADP Siemens SCALANCE XR322-12 affected * custom Not specified
ADP Siemens SCALANCE XR322-12 affected * custom Not specified
ADP Siemens SCALANCE XR324-12M 230V Ports On Front affected * custom Not specified
ADP Siemens SCALANCE XR324-12M 230V Ports On Front affected * custom Not specified
ADP Siemens SCALANCE XR324-12M 230V Ports On Rear affected * custom Not specified
ADP Siemens SCALANCE XR324-12M 230V Ports On Rear affected * custom Not specified
ADP Siemens SCALANCE XR324-12M 24V Ports On Front affected * custom Not specified
ADP Siemens SCALANCE XR324-12M 24V Ports On Front affected * custom Not specified
ADP Siemens SCALANCE XR324-12M 24V Ports On Rear affected * custom Not specified
ADP Siemens SCALANCE XR324-12M 24V Ports On Rear affected * custom Not specified
ADP Siemens SCALANCE XR324-12M TS 24V affected * custom Not specified
ADP Siemens SCALANCE XR324-12M TS 24V affected * custom Not specified
ADP Siemens SCALANCE XR324-4M EEC 100-240VAC/60-250VDC Ports On Front affected * custom Not specified
ADP Siemens SCALANCE XR324-4M EEC 100-240VAC/60-250VDC Ports On Front affected * custom Not specified
ADP Siemens SCALANCE XR324-4M EEC 100-240VAC/60-250VDC Ports On Rear affected * custom Not specified
ADP Siemens SCALANCE XR324-4M EEC 100-240VAC/60-250VDC Ports On Rear affected * custom Not specified
ADP Siemens SCALANCE XR324-4M EEC 24V Ports On Front affected * custom Not specified
ADP Siemens SCALANCE XR324-4M EEC 24V Ports On Front affected * custom Not specified
ADP Siemens SCALANCE XR324-4M EEC 24V Ports On Rear affected * custom Not specified
ADP Siemens SCALANCE XR324-4M EEC 24V Ports On Rear affected * custom Not specified
ADP Siemens SCALANCE XR324-4M EEC 2x 100-240VAC/60-250VDC Ports On Front affected * custom Not specified
ADP Siemens SCALANCE XR324-4M EEC 2x 100-240VAC/60-250VDC Ports On Front affected * custom Not specified
ADP Siemens SCALANCE XR324-4M EEC 2x 100-240VAC/60-250VDC Ports On Rear affected * custom Not specified
ADP Siemens SCALANCE XR324-4M EEC 2x 100-240VAC/60-250VDC Ports On Rear affected * custom Not specified
ADP Siemens SCALANCE XR324-4M EEC 2x 24V Ports On Front affected * custom Not specified
ADP Siemens SCALANCE XR324-4M EEC 2x 24V Ports On Front affected * custom Not specified
ADP Siemens SCALANCE XR324-4M EEC 2x 24V Ports On Rear affected * custom Not specified
ADP Siemens SCALANCE XR324-4M EEC 2x 24V Ports On Rear affected * custom Not specified
ADP Siemens SCALANCE XR324-4M PoE 230V Ports On Front affected * custom Not specified
ADP Siemens SCALANCE XR324-4M PoE 230V Ports On Front affected * custom Not specified
ADP Siemens SCALANCE XR324-4M PoE 230V Ports On Rear affected * custom Not specified
ADP Siemens SCALANCE XR324-4M PoE 230V Ports On Rear affected * custom Not specified
ADP Siemens SCALANCE XR324-4M PoE 24V Ports On Front affected * custom Not specified
ADP Siemens SCALANCE XR324-4M PoE 24V Ports On Front affected * custom Not specified
ADP Siemens SCALANCE XR324-4M PoE 24V Ports On Rear affected * custom Not specified
ADP Siemens SCALANCE XR324-4M PoE 24V Ports On Rear affected * custom Not specified
ADP Siemens SCALANCE XR324-4M PoE TS 24V Ports On Front affected * custom Not specified
ADP Siemens SCALANCE XR324-4M PoE TS 24V Ports On Front affected * custom Not specified
ADP Siemens SCALANCE XR326-8 affected * custom Not specified
ADP Siemens SCALANCE XR326-8 affected * custom Not specified
ADP Siemens SCALANCE XR326-8 affected * custom Not specified
ADP Siemens SCALANCE XR326-8 EEC affected * custom Not specified
ADP Siemens SCALANCE XR502-32 affected * custom Not specified
ADP Siemens SCALANCE XR502-32 affected * custom Not specified
ADP Siemens SCALANCE XR502-32 affected * custom Not specified
ADP Siemens SCALANCE XR522-12 affected * custom Not specified
ADP Siemens SCALANCE XR522-12 affected * custom Not specified
ADP Siemens SCALANCE XR522-12 affected * custom Not specified
ADP Siemens SCALANCE XR524-8WG affected * custom Not specified
ADP Siemens SCALANCE XR524-8WG affected * custom Not specified
ADP Siemens SCALANCE XR524-8WG affected * custom Not specified
ADP Siemens SCALANCE XR524-8WG affected * custom Not specified
ADP Siemens SCALANCE XR526-8 affected * custom Not specified
ADP Siemens SCALANCE XR526-8 affected * custom Not specified
ADP Siemens SCALANCE XR526-8 affected * custom Not specified
ADP Siemens Shopfloor IT Suite affected * custom Not specified
ADP Siemens SIDIS Prime affected V4.0.700 * custom Not specified
ADP Siemens Siemens OPC UA Modelling Editor SiOME affected * custom Not specified
ADP Siemens SIMATIC Comfort/Mobile RT affected * custom Not specified
ADP Siemens SIMATIC EaSie Core Package affected * custom Not specified
ADP Siemens SIMATIC EaSie PCS 7 Skill Package affected * custom Not specified
ADP Siemens SIMATIC HMI Basic Panels affected V17.9 custom Not specified
ADP Siemens SIMATIC HMI Comfort Panels affected V17.9 custom Not specified
ADP Siemens SIMATIC HMI Mobile Panels affected V17 Update 9 custom Not specified
ADP Siemens SIMATIC IOT2050 affected * custom Not specified
ADP Siemens SIMATIC IPC BX-21A affected * custom Not specified
ADP Siemens SIMATIC IPC MD-57A affected * custom Not specified
ADP Siemens SIMATIC IPC ORCLA affected * custom Not specified
ADP Siemens SIMATIC MV530 H affected * custom Not specified
ADP Siemens SIMATIC MV530 S affected * custom Not specified
ADP Siemens SIMATIC MV540 H affected * custom Not specified
ADP Siemens SIMATIC MV540 H CRANES affected * custom Not specified
ADP Siemens SIMATIC MV540 S affected * custom Not specified
ADP Siemens SIMATIC MV550 H affected * custom Not specified
ADP Siemens SIMATIC MV550 S affected * custom Not specified
ADP Siemens SIMATIC MV560 U affected * custom Not specified
ADP Siemens SIMATIC MV560 X affected * custom Not specified
ADP Siemens SIMATIC PDM V9.3 affected * custom Not specified
ADP Siemens SIMATIC RTLS Locating Manager affected * custom Not specified
ADP Siemens SIMATIC RTLS Locating Manager affected * custom Not specified
ADP Siemens SIMATIC RTLS Locating Manager affected * custom Not specified
ADP Siemens SIMATIC RTLS Locating Manager affected * custom Not specified
ADP Siemens SIMATIC RTLS Locating Manager affected * custom Not specified
ADP Siemens SIMATIC RTLS Locating Manager affected * custom Not specified
ADP Siemens SIMATIC RTLS Locating Manager affected * custom Not specified
ADP Siemens SIMATIC STEP 7 V5 affected V5.7 SP4 custom Not specified
ADP Siemens SIMATIC Target affected * custom Not specified
ADP Siemens SIMATIC WinCC OA V3.19 affected V3.19 P024 custom Not specified
ADP Siemens SIMATIC WinCC OA V3.20 affected V3.20 P012 custom Not specified
ADP Siemens SIMATIC WinCC OA V3.21 affected V3.21 P02 custom Not specified
ADP Siemens SIMATIC WinCC Runtime Advanced V17 affected V17 Update 9 custom Not specified
ADP Siemens SIMATIC WinCC Unified Sequence affected V21 custom Not specified
ADP Siemens SIMATIC WinCC V7.5 affected * custom Not specified
ADP Siemens SIMATIC WinCC V8.0 affected * custom Not specified
ADP Siemens SIMATIC WinCC V8.1 affected * custom Not specified
ADP Siemens SIMOTION OACAMGEN affected * custom Not specified
ADP Siemens SIMOVE Fleetmanager V3.1 affected * custom Not specified
ADP Siemens SIMOVE Fleetmanager V3.2 affected * custom Not specified
ADP Siemens SIMOVE Fleetmanager V3.3 affected * custom Not specified
ADP Siemens SINAMICS G200 affected V6.3 * custom Not specified
ADP Siemens SINAMICS G220 affected V6.3 * custom Not specified
ADP Siemens SINAMICS S200 affected V6.3 * custom Not specified
ADP Siemens SINAMICS S210 affected V6.3 * custom Not specified
ADP Siemens SINAMICS S220 affected V6.3 * custom Not specified
ADP Siemens SINEC INS affected V1.0 SP2 Update 5 custom Not specified
ADP Siemens SINEC NMS affected * custom Not specified
ADP Siemens SINEC Security Monitor affected * custom Not specified
ADP Siemens SINUMERIK Access MyMachine /OPC UA affected * custom Not specified
ADP Siemens SIPLANT affected * custom Not specified
ADP Siemens SIPLUS NET SCALANCE X202-2P IRT affected * custom Not specified
ADP Siemens SIPLUS NET SCALANCE X308-2 affected * custom Not specified
ADP Siemens SITRANS ASM IQ affected * custom Not specified
ADP Siemens SITRANS Soft Sensor Engine IQ SITRANS SSE IQ affected * custom Not specified
ADP Siemens User Management Component UMC affected V2.15.3.0 custom Not specified
ADP Siemens Visual Inspection Cockpit affected * custom Not specified
ADP Red Hat Red Hat OpenShift Container Platform 4.13 Not specified Not specified
ADP Red Hat Red Hat OpenShift Container Platform 4.14 Not specified Not specified
ADP Red Hat Red Hat OpenShift Container Platform 4.15 Not specified Not specified
ADP Red Hat Red Hat OpenShift Container Platform 4.16 Not specified Not specified
ADP Red Hat Red Hat OpenShift Container Platform 4.17 Not specified Not specified
ADP Red Hat Red Hat OpenShift Container Platform 4.18 Not specified Not specified
ADP Red Hat Red Hat OpenShift Container Platform 4.19 Not specified Not specified
ADP Red Hat Red Hat OpenShift Container Platform 4.20 Not specified Not specified
ADP Red Hat Red Hat Service Interconnect 1 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux AppStream EUS V. 10.0 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux AppStream V. 10 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux AppStream E4S V.9.0 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux AppStream E4S V.9.2 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux AppStream EUS V.9.4 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux AppStream EUS V.9.6 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux AppStream V. 9 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux BaseOS EUS V. 10.0 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux BaseOS V. 10 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux BaseOS E4S V.9.0 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux BaseOS E4S V.9.2 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux BaseOS EUS V.9.4 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux BaseOS EUS V.9.6 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux BaseOS V. 9 Not specified Not specified
ADP Red Hat Cost Management 4 Not specified Not specified
ADP Red Hat Red Hat AI Inference Server 3.2 Not specified Not specified
ADP Red Hat Red Hat Discovery 2 Not specified Not specified
ADP Red Hat Red Hat Hardened Images Not specified Not specified
ADP Red Hat Red Hat Insights Proxy 1.5 Not specified Not specified
ADP Red Hat Red Hat JBoss Core Services 2.4.62.SP3 Not specified Not specified
ADP Red Hat Red Hat OpenShift Dev Spaces RHOSDS 3.26 Not specified Not specified
ADP Red Hat Red Hat Update Infrastructure 5 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux 10 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux 6 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux 7 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux 8 Not specified Not specified
ADP Red Hat Red Hat Enterprise Linux 9 Not specified Not specified

References

ReferenceSourceLinkTags
bugzilla.redhat.com/show_bug.cgi 0b0ca135-0b70-47e7-9f44-1890c2a1c46c bugzilla.redhat.com
access.redhat.com/errata/RHSA-2026:3462 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:2077 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:7261 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:1473 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:2844 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:1594 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
github.com/guiimoraes/CVE-2025-15467 134c704f-9b21-4f2e-91b3-4a467353bcc0 github.com Exploit, Third Party Advisory
access.redhat.com/errata/RHSA-2026:2671 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:4419 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15467.json 0b0ca135-0b70-47e7-9f44-1890c2a1c46c security.access.redhat.com
access.redhat.com/errata/RHSA-2026:4943 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:2995 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3 [email protected] github.com Patch
access.redhat.com/errata/RHSA-2026:6481 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e [email protected] github.com Patch
access.redhat.com/errata/RHSA-2026:3415 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:1733 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:1496 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9 [email protected] github.com Patch
access.redhat.com/errata/RHSA-2026:1519 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:2974 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:2563 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
cert-portal.siemens.com/productcert/html/ssa-434797.html 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e cert-portal.siemens.com
openssl-library.org/news/secadv/20260127.txt [email protected] openssl-library.org Vendor Advisory
access.redhat.com/errata/RHSA-2026:2659 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:2485 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:1736 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:3228 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:2633 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/security/cve/CVE-2025-15467 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc [email protected] github.com Patch
www.openwall.com/lists/oss-security/2026/01/27/10 af854a3a-2127-422b-91ae-364da2661108 www.openwall.com Mailing List
www.openwall.com/lists/oss-security/2026/02/25/6 af854a3a-2127-422b-91ae-364da2661108 www.openwall.com Mailing List
access.redhat.com/errata/RHSA-2026:1472 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:1503 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703 [email protected] github.com Patch
access.redhat.com/errata/RHSA-2026:2072 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
access.redhat.com/errata/RHSA-2026:3461 0b0ca135-0b70-47e7-9f44-1890c2a1c46c access.redhat.com
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Vendor Comments And Credit

Discovery Credit

CNA: Stanislav Fort (Aisle Research) (en)

CNA: Igor Ustinov (en)

Additional Advisory Data

SourceTimeEvent
ADP2026-01-16T14:21:50.710ZReported to Red Hat.
ADP2026-01-27T14:00:00.000ZMade public.

Solutions

ADP: RHSA-2026:3415: Red Hat OpenShift Container Platform 4.13

ADP: RHSA-2026:2974: Red Hat OpenShift Container Platform 4.14

ADP: RHSA-2026:4419: Red Hat OpenShift Container Platform 4.15

ADP: RHSA-2026:2659: Red Hat OpenShift Container Platform 4.16

ADP: RHSA-2026:2671: Red Hat OpenShift Container Platform 4.17

ADP: RHSA-2026:2072: Red Hat OpenShift Container Platform 4.18

ADP: RHSA-2026:2633: Red Hat OpenShift Container Platform 4.19

ADP: RHSA-2026:2077: Red Hat OpenShift Container Platform 4.20

ADP: RHSA-2026:6481: Red Hat Service Interconnect 1

ADP: RHSA-2026:1496: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux BaseOS EUS (v. 10.0)

ADP: RHSA-2026:1472: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux BaseOS (v. 10)

ADP: RHSA-2026:1733: Red Hat Enterprise Linux AppStream E4S (v.9.0), Red Hat Enterprise Linux BaseOS E4S (v.9.0)

ADP: RHSA-2026:1594: Red Hat Enterprise Linux AppStream E4S (v.9.2), Red Hat Enterprise Linux BaseOS E4S (v.9.2)

ADP: RHSA-2026:1519: Red Hat Enterprise Linux AppStream EUS (v.9.4), Red Hat Enterprise Linux BaseOS EUS (v.9.4)

ADP: RHSA-2026:1503: Red Hat Enterprise Linux AppStream EUS (v.9.6), Red Hat Enterprise Linux BaseOS EUS (v.9.6)

ADP: RHSA-2026:1473: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux BaseOS (v. 9)

ADP: RHSA-2026:3228: Cost Management 4

ADP: RHSA-2026:3461: Red Hat AI Inference Server 3.2

ADP: RHSA-2026:3462: Red Hat AI Inference Server 3.2

ADP: RHSA-2026:1736: Red Hat Discovery 2

ADP: RHSA-2026:7261: Red Hat Hardened Images

ADP: RHSA-2026:2485: Red Hat Insights proxy 1.5

ADP: RHSA-2026:2995: Red Hat JBoss Core Services 2.4.62.SP3

ADP: RHSA-2026:2844: Red Hat OpenShift Dev Spaces (RHOSDS) 3.26

ADP: RHSA-2026:4943: Red Hat Update Infrastructure 5

ADP: RHSA-2026:2563: Red Hat Update Infrastructure 5

Workarounds

ADP: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report