ECU Flash Programming Tool 2.8 - OpenSSL 1.1.1g
Problem Description
When installing the ECU Flash Programming Tool 2.8, the OpenSSL component version 1.1.1g is installed. The component is obsolete and can be removed from the system.
Connected CVE's
The following vulnerabilities are associated with the components.
A detailed description of the CVE's can be found here.
Database |
CVE |
Score |
Classification |
|
NVD |
CVE-2022-2068 |
9.8 |
Critical |
|
NVD |
CVE-2021-3711 |
9.8 |
Critical |
|
NVD |
CVE-2022-1292 |
9.8 |
Critical |
|
NVD |
CVE-2023-4807 |
7.8 |
High |
|
NVD |
CVE-2023-0215 |
7.5 |
High |
|
NVD |
CVE-2023-0464 |
7.5 |
High |
|
NVD |
CVE-2022-0778 |
7.5 |
High |
|
NVD |
CVE-2021-23840 |
7.5 |
High |
|
NVD |
CVE-2022-4450 |
7.5 |
High |
|
NVD |
CVE-2023-0286 |
7.4 |
High |
|
NVD |
CVE-2021-3712 |
7.4 |
High |
|
NVD |
CVE-2023-2650 |
6.5 |
Medium |
|
NVD |
CVE-2022-4304 |
5.9 |
Medium |
|
NVD |
CVE-2021-3449 |
5.9 |
Medium |
|
NVD |
CVE-2021-4160 |
5.9 |
Medium |
|
NVD |
CVE-2021-23841 |
5.9 |
Medium |
|
NVD |
CVE-2020-1971 |
5.9 |
Medium |
|
NVD |
CVE-2023-3817 |
5.3 |
Medium |
|
NVD |
CVE-2022-2097 |
5.3 |
Medium |
|
NVD |
CVE-2023-0465 |
5.3 |
Medium |
|
NVD |
CVE-2023-0466 |
5.3 |
Medium |
|
NVD |
CVE-2023-5678 |
5.3 |
Medium |
Affected Products / Affected Versions
ECU Flash Programming Tool 2.8 Release 2022-A, 2022-B, 2023-A, 2023-B (already removed from 2024-A)
Solution
The provided script removes the vulnerable component OpenSSL 1.1.1g from the ECU Flash Programming Tool.
The script must be executed after the installation of the basic software and after the installation of service packs and patches. If a recovery/repair is carried out, the components are automatically restored and the script must be executed again.
Limitations
None
-
- View online
- Download
| Date | 2024-01-09 |
| Product | dSPACE ECU Flash Programming Tool |
| Information Type | Notifications |
| Information Category | Product Security, Troubleshooting |
| dSPACE Release | 2023-B, 2023-A, 2022-B, 2022-A |
Drive innovation forward. Always on the pulse of technology development.
Subscribe to our expert knowledge. Learn from our successful project examples. Keep up to date on simulation and validation. Subscribe to/manage dSPACE direct and aerospace & defense now.