Stack buffer overflow in CMS (Auth)EnvelopedData parsing
Summary
| CVE | CVE-2025-15467 |
|---|---|
| State | PUBLISHED |
| Assigner | openssl |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-01-27 16:16:14 UTC |
| Updated | 2026-06-30 03:16:46 UTC |
| Description | Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs. Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable. Because the overflow occurs prior to authentication, no valid key material is required to trigger it. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue. OpenSSL 1.1.1 and 1.0.2 are not affected by this issue. |
Risk And Classification
Primary CVSS: v3.1 8.8 HIGH from ADP
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Problem Types: CWE-787 | CWE-120 | CWE-787 CWE-787 Out-of-bounds Write | CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | ADP | DECLARED | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
| 3.1 | ADP | CVSS | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| 3.1 | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | Secondary | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
| 3.1 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | Secondary | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
CVSS v3.1 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
NVD Known Affected Configurations (CPE 2.3)
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | OpenSSL | OpenSSL | affected 3.6.0 3.6.1 semver | Not specified |
| CNA | OpenSSL | OpenSSL | affected 3.5.0 3.5.5 semver | Not specified |
| CNA | OpenSSL | OpenSSL | affected 3.4.0 3.4.4 semver | Not specified |
| CNA | OpenSSL | OpenSSL | affected 3.3.0 3.3.6 semver | Not specified |
| CNA | OpenSSL | OpenSSL | affected 3.0.0 3.0.19 semver | Not specified |
| ADP | Siemens | AI Lightweight Inference Server | affected * custom | Not specified |
| ADP | Siemens | Connector For Azure | affected V1.8.0 custom | Not specified |
| ADP | Siemens | Databus | affected V3.3.2 custom | Not specified |
| ADP | Siemens | HiMed Cockpit | affected * custom | Not specified |
| ADP | Siemens | RUGGEDCOM RM1224 LTE4G EU | affected * custom | Not specified |
| ADP | Siemens | RUGGEDCOM RM1224 LTE4G NAM | affected * custom | Not specified |
| ADP | Siemens | SCALANCE LPE9403 | affected * custom | Not specified |
| ADP | Siemens | SCALANCE LPE9413 | affected * custom | Not specified |
| ADP | Siemens | SCALANCE LPE9433 | affected * custom | Not specified |
| ADP | Siemens | SCALANCE M804PB | affected * custom | Not specified |
| ADP | Siemens | SCALANCE M812-1 ADSL-Router Family | affected * custom | Not specified |
| ADP | Siemens | SCALANCE M816-1 ADSL-Router Family | affected * custom | Not specified |
| ADP | Siemens | SCALANCE M826-2 SHDSL-Router | affected * custom | Not specified |
| ADP | Siemens | SCALANCE M874-2 | affected * custom | Not specified |
| ADP | Siemens | SCALANCE M874-3 | affected * custom | Not specified |
| ADP | Siemens | SCALANCE M874-3 3G-Router CN | affected * custom | Not specified |
| ADP | Siemens | SCALANCE M876-3 | affected * custom | Not specified |
| ADP | Siemens | SCALANCE M876-3 ROK | affected * custom | Not specified |
| ADP | Siemens | SCALANCE M876-4 | affected * custom | Not specified |
| ADP | Siemens | SCALANCE M876-4 EU | affected * custom | Not specified |
| ADP | Siemens | SCALANCE M876-4 NAM | affected * custom | Not specified |
| ADP | Siemens | SCALANCE MUB852-1 A1 | affected * custom | Not specified |
| ADP | Siemens | SCALANCE MUB852-1 B1 | affected * custom | Not specified |
| ADP | Siemens | SCALANCE MUM853-1 A1 | affected * custom | Not specified |
| ADP | Siemens | SCALANCE MUM853-1 B1 | affected * custom | Not specified |
| ADP | Siemens | SCALANCE MUM853-1 EU | affected * custom | Not specified |
| ADP | Siemens | SCALANCE MUM856-1 A1 | affected * custom | Not specified |
| ADP | Siemens | SCALANCE MUM856-1 B1 | affected * custom | Not specified |
| ADP | Siemens | SCALANCE MUM856-1 CN | affected * custom | Not specified |
| ADP | Siemens | SCALANCE MUM856-1 EU | affected * custom | Not specified |
| ADP | Siemens | SCALANCE MUM856-1 RoW | affected * custom | Not specified |
| ADP | Siemens | SCALANCE S615 EEC LAN-Router | affected * custom | Not specified |
| ADP | Siemens | SCALANCE S615 LAN-Router | affected * custom | Not specified |
| ADP | Siemens | SCALANCE SC622-2C | affected * custom | Not specified |
| ADP | Siemens | SCALANCE SC626-2C | affected * custom | Not specified |
| ADP | Siemens | SCALANCE SC632-2C | affected * custom | Not specified |
| ADP | Siemens | SCALANCE SC636-2C | affected * custom | Not specified |
| ADP | Siemens | SCALANCE SC642-2C | affected * custom | Not specified |
| ADP | Siemens | SCALANCE SC646-2C | affected * custom | Not specified |
| ADP | Siemens | SCALANCE WAB762-1 | affected * custom | Not specified |
| ADP | Siemens | SCALANCE WAM763-1 | affected * custom | Not specified |
| ADP | Siemens | SCALANCE WAM763-1 ME | affected * custom | Not specified |
| ADP | Siemens | SCALANCE WAM763-1 US | affected * custom | Not specified |
| ADP | Siemens | SCALANCE WAM766-1 | affected * custom | Not specified |
| ADP | Siemens | SCALANCE WAM766-1 ME | affected * custom | Not specified |
| ADP | Siemens | SCALANCE WAM766-1 US | affected * custom | Not specified |
| ADP | Siemens | SCALANCE WAM766-1 EEC | affected * custom | Not specified |
| ADP | Siemens | SCALANCE WAM766-1 EEC ME | affected * custom | Not specified |
| ADP | Siemens | SCALANCE WAM766-1 EEC US | affected * custom | Not specified |
| ADP | Siemens | SCALANCE WUB762-1 | affected * custom | Not specified |
| ADP | Siemens | SCALANCE WUB762-1 IFeatures | affected * custom | Not specified |
| ADP | Siemens | SCALANCE WUM763-1 | affected * custom | Not specified |
| ADP | Siemens | SCALANCE WUM763-1 | affected * custom | Not specified |
| ADP | Siemens | SCALANCE WUM763-1 US | affected * custom | Not specified |
| ADP | Siemens | SCALANCE WUM763-1 US | affected * custom | Not specified |
| ADP | Siemens | SCALANCE WUM766-1 | affected * custom | Not specified |
| ADP | Siemens | SCALANCE WUM766-1 ME | affected * custom | Not specified |
| ADP | Siemens | SCALANCE WUM766-1 USA | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X200-4P IRT | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X200-4P IRT | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X201-3P IRT | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X201-3P IRT | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X201-3P IRT PRO | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X201-3P IRT PRO | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X202-2IRT | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X202-2IRT | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X202-2P IRT | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X202-2P IRT | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X202-2P IRT PRO | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X202-2P IRT PRO | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X204-2 | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X204-2FM | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X204-2LD | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X204-2LD TS | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X204-2TS | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X204IRT | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X204IRT | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X204IRT PRO | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X204IRT PRO | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X204RNA HSR | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X204RNA PRP | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X204RNA EEC HSR | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X204RNA EEC PRP | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X204RNA EEC PRP/HSR | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X206-1 | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X206-1LD | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X208 | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X208PRO | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X212-2 | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X212-2LD | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X216 | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X224 | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X302-7 EEC 230V Coated | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X302-7 EEC 230V | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X302-7 EEC 24V Coated | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X302-7 EEC 24V | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X302-7 EEC 2x 230V Coated | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X302-7 EEC 2x 230V | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X302-7 EEC 2x 24V Coated | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X302-7 EEC 2x 24V | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X304-2FE | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X306-1LD FE | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X307-2 EEC 230V Coated | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X307-2 EEC 230V | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X307-2 EEC 24V Coated | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X307-2 EEC 24V | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X307-2 EEC 2x 230V Coated | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X307-2 EEC 2x 230V | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X307-2 EEC 2x 24V Coated | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X307-2 EEC 2x 24V | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X307-3 | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X307-3 | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X307-3LD | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X307-3LD | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X308-2 | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X308-2 | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X308-2LD | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X308-2LD | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X308-2LH | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X308-2LH | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X308-2LH | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X308-2LH | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X308-2M | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X308-2M | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X308-2M PoE | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X308-2M PoE | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X308-2M TS | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X308-2M TS | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X310 | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X310 | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X310FE | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X310FE | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X320-1 FE | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X320-1-2LD FE | affected * custom | Not specified |
| ADP | Siemens | SCALANCE X408-2 | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XC316-8 | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XC324-4 | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XC324-4 EEC | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XC332 | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XC416-8 | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XC424-4 | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XC432 | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XF201-3P IRT | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XF202-2P IRT | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XF204 | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XF204-2 | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XF204-2BA IRT | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XF204IRT | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XF204IRT | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XF206-1 | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XF208 | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XR302-32 | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XR302-32 | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XR302-32 | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XR322-12 | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XR322-12 | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XR322-12 | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XR324-12M 230V Ports On Front | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XR324-12M 230V Ports On Front | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XR324-12M 230V Ports On Rear | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XR324-12M 230V Ports On Rear | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XR324-12M 24V Ports On Front | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XR324-12M 24V Ports On Front | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XR324-12M 24V Ports On Rear | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XR324-12M 24V Ports On Rear | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XR324-12M TS 24V | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XR324-12M TS 24V | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XR324-4M EEC 100-240VAC/60-250VDC Ports On Front | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XR324-4M EEC 100-240VAC/60-250VDC Ports On Front | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XR324-4M EEC 100-240VAC/60-250VDC Ports On Rear | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XR324-4M EEC 100-240VAC/60-250VDC Ports On Rear | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XR324-4M EEC 24V Ports On Front | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XR324-4M EEC 24V Ports On Front | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XR324-4M EEC 24V Ports On Rear | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XR324-4M EEC 24V Ports On Rear | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XR324-4M EEC 2x 100-240VAC/60-250VDC Ports On Front | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XR324-4M EEC 2x 100-240VAC/60-250VDC Ports On Front | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XR324-4M EEC 2x 100-240VAC/60-250VDC Ports On Rear | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XR324-4M EEC 2x 100-240VAC/60-250VDC Ports On Rear | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XR324-4M EEC 2x 24V Ports On Front | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XR324-4M EEC 2x 24V Ports On Front | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XR324-4M EEC 2x 24V Ports On Rear | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XR324-4M EEC 2x 24V Ports On Rear | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XR324-4M PoE 230V Ports On Front | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XR324-4M PoE 230V Ports On Front | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XR324-4M PoE 230V Ports On Rear | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XR324-4M PoE 230V Ports On Rear | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XR324-4M PoE 24V Ports On Front | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XR324-4M PoE 24V Ports On Front | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XR324-4M PoE 24V Ports On Rear | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XR324-4M PoE 24V Ports On Rear | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XR324-4M PoE TS 24V Ports On Front | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XR324-4M PoE TS 24V Ports On Front | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XR326-8 | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XR326-8 | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XR326-8 | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XR326-8 EEC | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XR502-32 | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XR502-32 | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XR502-32 | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XR522-12 | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XR522-12 | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XR522-12 | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XR524-8WG | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XR524-8WG | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XR524-8WG | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XR524-8WG | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XR526-8 | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XR526-8 | affected * custom | Not specified |
| ADP | Siemens | SCALANCE XR526-8 | affected * custom | Not specified |
| ADP | Siemens | Shopfloor IT Suite | affected * custom | Not specified |
| ADP | Siemens | SIDIS Prime | affected V4.0.700 * custom | Not specified |
| ADP | Siemens | Siemens OPC UA Modelling Editor SiOME | affected * custom | Not specified |
| ADP | Siemens | SIMATIC Comfort/Mobile RT | affected * custom | Not specified |
| ADP | Siemens | SIMATIC EaSie Core Package | affected * custom | Not specified |
| ADP | Siemens | SIMATIC EaSie PCS 7 Skill Package | affected * custom | Not specified |
| ADP | Siemens | SIMATIC HMI Basic Panels | affected V17.9 custom | Not specified |
| ADP | Siemens | SIMATIC HMI Comfort Panels | affected V17.9 custom | Not specified |
| ADP | Siemens | SIMATIC HMI Mobile Panels | affected V17 Update 9 custom | Not specified |
| ADP | Siemens | SIMATIC IOT2050 | affected * custom | Not specified |
| ADP | Siemens | SIMATIC IPC BX-21A | affected * custom | Not specified |
| ADP | Siemens | SIMATIC IPC MD-57A | affected * custom | Not specified |
| ADP | Siemens | SIMATIC IPC ORCLA | affected * custom | Not specified |
| ADP | Siemens | SIMATIC MV530 H | affected * custom | Not specified |
| ADP | Siemens | SIMATIC MV530 S | affected * custom | Not specified |
| ADP | Siemens | SIMATIC MV540 H | affected * custom | Not specified |
| ADP | Siemens | SIMATIC MV540 H CRANES | affected * custom | Not specified |
| ADP | Siemens | SIMATIC MV540 S | affected * custom | Not specified |
| ADP | Siemens | SIMATIC MV550 H | affected * custom | Not specified |
| ADP | Siemens | SIMATIC MV550 S | affected * custom | Not specified |
| ADP | Siemens | SIMATIC MV560 U | affected * custom | Not specified |
| ADP | Siemens | SIMATIC MV560 X | affected * custom | Not specified |
| ADP | Siemens | SIMATIC PDM V9.3 | affected * custom | Not specified |
| ADP | Siemens | SIMATIC RTLS Locating Manager | affected * custom | Not specified |
| ADP | Siemens | SIMATIC RTLS Locating Manager | affected * custom | Not specified |
| ADP | Siemens | SIMATIC RTLS Locating Manager | affected * custom | Not specified |
| ADP | Siemens | SIMATIC RTLS Locating Manager | affected * custom | Not specified |
| ADP | Siemens | SIMATIC RTLS Locating Manager | affected * custom | Not specified |
| ADP | Siemens | SIMATIC RTLS Locating Manager | affected * custom | Not specified |
| ADP | Siemens | SIMATIC RTLS Locating Manager | affected * custom | Not specified |
| ADP | Siemens | SIMATIC STEP 7 V5 | affected V5.7 SP4 custom | Not specified |
| ADP | Siemens | SIMATIC Target | affected * custom | Not specified |
| ADP | Siemens | SIMATIC WinCC OA V3.19 | affected V3.19 P024 custom | Not specified |
| ADP | Siemens | SIMATIC WinCC OA V3.20 | affected V3.20 P012 custom | Not specified |
| ADP | Siemens | SIMATIC WinCC OA V3.21 | affected V3.21 P02 custom | Not specified |
| ADP | Siemens | SIMATIC WinCC Runtime Advanced V17 | affected V17 Update 9 custom | Not specified |
| ADP | Siemens | SIMATIC WinCC Unified Sequence | affected V21 custom | Not specified |
| ADP | Siemens | SIMATIC WinCC V7.5 | affected * custom | Not specified |
| ADP | Siemens | SIMATIC WinCC V8.0 | affected * custom | Not specified |
| ADP | Siemens | SIMATIC WinCC V8.1 | affected * custom | Not specified |
| ADP | Siemens | SIMOTION OACAMGEN | affected * custom | Not specified |
| ADP | Siemens | SIMOVE Fleetmanager V3.1 | affected * custom | Not specified |
| ADP | Siemens | SIMOVE Fleetmanager V3.2 | affected * custom | Not specified |
| ADP | Siemens | SIMOVE Fleetmanager V3.3 | affected * custom | Not specified |
| ADP | Siemens | SINAMICS G200 | affected V6.3 * custom | Not specified |
| ADP | Siemens | SINAMICS G220 | affected V6.3 * custom | Not specified |
| ADP | Siemens | SINAMICS S200 | affected V6.3 * custom | Not specified |
| ADP | Siemens | SINAMICS S210 | affected V6.3 * custom | Not specified |
| ADP | Siemens | SINAMICS S220 | affected V6.3 * custom | Not specified |
| ADP | Siemens | SINEC INS | affected V1.0 SP2 Update 5 custom | Not specified |
| ADP | Siemens | SINEC NMS | affected * custom | Not specified |
| ADP | Siemens | SINEC Security Monitor | affected * custom | Not specified |
| ADP | Siemens | SINUMERIK Access MyMachine /OPC UA | affected * custom | Not specified |
| ADP | Siemens | SIPLANT | affected * custom | Not specified |
| ADP | Siemens | SIPLUS NET SCALANCE X202-2P IRT | affected * custom | Not specified |
| ADP | Siemens | SIPLUS NET SCALANCE X308-2 | affected * custom | Not specified |
| ADP | Siemens | SITRANS ASM IQ | affected * custom | Not specified |
| ADP | Siemens | SITRANS Soft Sensor Engine IQ SITRANS SSE IQ | affected * custom | Not specified |
| ADP | Siemens | User Management Component UMC | affected V2.15.3.0 custom | Not specified |
| ADP | Siemens | Visual Inspection Cockpit | affected * custom | Not specified |
| ADP | Red Hat | Red Hat OpenShift Container Platform 4.13 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenShift Container Platform 4.14 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenShift Container Platform 4.15 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenShift Container Platform 4.16 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenShift Container Platform 4.17 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenShift Container Platform 4.18 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenShift Container Platform 4.19 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenShift Container Platform 4.20 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Service Interconnect 1 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux AppStream EUS V. 10.0 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux AppStream V. 10 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux AppStream E4S V.9.0 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux AppStream E4S V.9.2 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux AppStream EUS V.9.4 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux AppStream EUS V.9.6 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux AppStream V. 9 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux BaseOS EUS V. 10.0 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux BaseOS V. 10 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux BaseOS E4S V.9.0 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux BaseOS E4S V.9.2 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux BaseOS EUS V.9.4 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux BaseOS EUS V.9.6 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux BaseOS V. 9 | Not specified | Not specified |
| ADP | Red Hat | Cost Management 4 | Not specified | Not specified |
| ADP | Red Hat | Red Hat AI Inference Server 3.2 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Discovery 2 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Hardened Images | Not specified | Not specified |
| ADP | Red Hat | Red Hat Insights Proxy 1.5 | Not specified | Not specified |
| ADP | Red Hat | Red Hat JBoss Core Services 2.4.62.SP3 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenShift Dev Spaces RHOSDS 3.26 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Update Infrastructure 5 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux 10 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux 6 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux 7 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux 8 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux 9 | Not specified | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| bugzilla.redhat.com/show_bug.cgi | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | bugzilla.redhat.com | |
| access.redhat.com/errata/RHSA-2026:3462 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| access.redhat.com/errata/RHSA-2026:2077 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| access.redhat.com/errata/RHSA-2026:7261 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| access.redhat.com/errata/RHSA-2026:1473 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| access.redhat.com/errata/RHSA-2026:2844 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| access.redhat.com/errata/RHSA-2026:1594 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| github.com/guiimoraes/CVE-2025-15467 | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | github.com | Exploit, Third Party Advisory |
| access.redhat.com/errata/RHSA-2026:2671 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| access.redhat.com/errata/RHSA-2026:4419 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15467.json | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | security.access.redhat.com | |
| access.redhat.com/errata/RHSA-2026:4943 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| access.redhat.com/errata/RHSA-2026:2995 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3 | [email protected] | github.com | Patch |
| access.redhat.com/errata/RHSA-2026:6481 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e | [email protected] | github.com | Patch |
| access.redhat.com/errata/RHSA-2026:3415 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| access.redhat.com/errata/RHSA-2026:1733 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| access.redhat.com/errata/RHSA-2026:1496 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9 | [email protected] | github.com | Patch |
| access.redhat.com/errata/RHSA-2026:1519 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| access.redhat.com/errata/RHSA-2026:2974 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| access.redhat.com/errata/RHSA-2026:2563 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| cert-portal.siemens.com/productcert/html/ssa-434797.html | 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e | cert-portal.siemens.com | |
| openssl-library.org/news/secadv/20260127.txt | [email protected] | openssl-library.org | Vendor Advisory |
| access.redhat.com/errata/RHSA-2026:2659 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| access.redhat.com/errata/RHSA-2026:2485 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| access.redhat.com/errata/RHSA-2026:1736 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| access.redhat.com/errata/RHSA-2026:3228 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| access.redhat.com/errata/RHSA-2026:2633 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| access.redhat.com/security/cve/CVE-2025-15467 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc | [email protected] | github.com | Patch |
| www.openwall.com/lists/oss-security/2026/01/27/10 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List |
| www.openwall.com/lists/oss-security/2026/02/25/6 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List |
| access.redhat.com/errata/RHSA-2026:1472 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| access.redhat.com/errata/RHSA-2026:1503 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703 | [email protected] | github.com | Patch |
| access.redhat.com/errata/RHSA-2026:2072 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| access.redhat.com/errata/RHSA-2026:3461 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
CNA: Stanislav Fort (Aisle Research) (en)
CNA: Igor Ustinov (en)
Additional Advisory Data
| Source | Time | Event |
|---|---|---|
| ADP | 2026-01-16T14:21:50.710Z | Reported to Red Hat. |
| ADP | 2026-01-27T14:00:00.000Z | Made public. |
Solutions
ADP: RHSA-2026:3415: Red Hat OpenShift Container Platform 4.13
ADP: RHSA-2026:2974: Red Hat OpenShift Container Platform 4.14
ADP: RHSA-2026:4419: Red Hat OpenShift Container Platform 4.15
ADP: RHSA-2026:2659: Red Hat OpenShift Container Platform 4.16
ADP: RHSA-2026:2671: Red Hat OpenShift Container Platform 4.17
ADP: RHSA-2026:2072: Red Hat OpenShift Container Platform 4.18
ADP: RHSA-2026:2633: Red Hat OpenShift Container Platform 4.19
ADP: RHSA-2026:2077: Red Hat OpenShift Container Platform 4.20
ADP: RHSA-2026:6481: Red Hat Service Interconnect 1
ADP: RHSA-2026:1496: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux BaseOS EUS (v. 10.0)
ADP: RHSA-2026:1472: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux BaseOS (v. 10)
ADP: RHSA-2026:1733: Red Hat Enterprise Linux AppStream E4S (v.9.0), Red Hat Enterprise Linux BaseOS E4S (v.9.0)
ADP: RHSA-2026:1594: Red Hat Enterprise Linux AppStream E4S (v.9.2), Red Hat Enterprise Linux BaseOS E4S (v.9.2)
ADP: RHSA-2026:1519: Red Hat Enterprise Linux AppStream EUS (v.9.4), Red Hat Enterprise Linux BaseOS EUS (v.9.4)
ADP: RHSA-2026:1503: Red Hat Enterprise Linux AppStream EUS (v.9.6), Red Hat Enterprise Linux BaseOS EUS (v.9.6)
ADP: RHSA-2026:1473: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux BaseOS (v. 9)
ADP: RHSA-2026:3228: Cost Management 4
ADP: RHSA-2026:3461: Red Hat AI Inference Server 3.2
ADP: RHSA-2026:3462: Red Hat AI Inference Server 3.2
ADP: RHSA-2026:1736: Red Hat Discovery 2
ADP: RHSA-2026:7261: Red Hat Hardened Images
ADP: RHSA-2026:2485: Red Hat Insights proxy 1.5
ADP: RHSA-2026:2995: Red Hat JBoss Core Services 2.4.62.SP3
ADP: RHSA-2026:2844: Red Hat OpenShift Dev Spaces (RHOSDS) 3.26
ADP: RHSA-2026:4943: Red Hat Update Infrastructure 5
ADP: RHSA-2026:2563: Red Hat Update Infrastructure 5
Workarounds
ADP: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.