Security advisories
Managing and minimizing security risks to our and customers’ business
At Valmet, we consider the security of our products, systems and services a top priority. Vulnerability management is one essential part of managing and minimizing security risks to our and customers’ business.
Security advisories
Advisory |
Description |
|
Valmet DNA Remote Code Execution CVE-2021-26726 |
Remote code execution vulnerability in Valmet DNA. The vulnerability has been fixed and the fix is available from Valmet Automation Customer Service. |
|
Valmet DNA local privilege escalation through insecure DCOM configuration |
It is possible to gain SYSTEM privileges as any local user via a permission issue in the DCOM object. |
|
An arbitrary number of login attempts can be made via the Valmet DNA operator user interface without the user being blocked. |
|
|
Passwords of Valmet DNA users are stored in plain text within the Valmet DNA function blocks. |
In the public information concerning the problem reported, as a token of our gratitude and recognition, we will give your name as the discoverer of the problem (unless you desire otherwise). If you discover a vulnerability, we would like to know about it so we can take steps to address it as quickly as possible. We would like to ask you to help us better protect our company and our clients and our systems.
For more information please contact your local Valmet Customer Service.