Cyber security digital concept with shield — Cyber security abstract concept. 3D contour of shield icon on digital background. Computer safety symbol 3D illustration.

Cyber security abstract concept. 3D contour of shield icon on digital background. Computer safety symbol 3D illustration.

OMICRON 产品安全漏洞处理和披露

OMICRON 会非常严谨地解决影响我们产品的任何类型的漏洞问题，欢迎并感谢大家能够帮助我们一起改进产品安全问题。因此，我们确定了接收、处理和披露这些漏洞的系统化方法。

协调性披露

我们已意识到必须提高网络安全，特别是在关键基础设施方面。因此，我们将在以下安全咨询部分向客户介绍关于影响我们产品的验证及相关漏洞。但是，为避免对客户造成不必要的风险，建议所有用户进行漏洞检测，从而确保在我们评估相应修复方案之前信息不会公开。

OMICRON Product Security Team

OMICRON 设有专门负责管理安全问题和采取后续披露行动的 Product Security Team（产品安全团队）。他们乐意帮助您解决任何与 OMICRON 产品漏洞相关的问题。如果可能，请使用加密电子邮件通讯。

product-security@omicronenergy.com

PGP 公钥4.90 kB
指纹: 90F2 6F91 6186 22EA AFF1 06A0 F014 F4B8 C72E C818

漏洞处理和披露流程

为确保可靠和高效地处理和披露相关安全问题，我们确定了全面和系统化的流程。您可在下面找到与每个流程阶段相关的更多详细信息。

1. 报告

诚邀所有用户告知我们影响 OMICRON 产品的安全问题。
我们尊重您的隐私，不会在未经您同意的情况下发布任何与您相关的信息。

您可以匿名提交已确定的安全问题，但如果需要，我们希望您在我们的安全咨询中查找漏洞问题。

要报告漏洞问题，请联系上述专属 Product Security Team。报告安全问题时，请尽可能提供更多详细信息，并在报告中包含以下信息：

受影响的 OMICRON 产品（包括详细版本）
漏洞问题的详细说明
如果可能，请附上可用的漏洞利用代码或分步方法以查找漏洞
是否有任何漏洞公开计划？

2. 分析

收到您的报告后，我们会对安全问题进行全面分析。我们的目标是再现问题并确定其根源。

3. 评估

完成安全问题分析后，我们将继续评估问题发生的几率以及对客户的潜在影响。

4. 处理

根据评估结果，我们将会推导出后续处理措施。可能包括向受影响客户提供修补程序以及结构化漏洞披露计划。

5. 披露

我们有责任且有必要向受影响的客户，告知与其有关的 OMICRON 产品的相关漏洞问题以避免扩大损失。因此，我们会严肃对待每个安全问题并通知受影响的客户。
我们将会发布以下披露信息：

漏洞说明
受影响的 OMICRON 产品（包括详细版本）
CVSS 分数
CVE 条目（如适用）
修复漏洞所需的步骤
信用（根据客户需要）

安全公告

您可以在下方找到所有已建立并发布的安全公告。

ID	标题	Affected Products	CVE ID	CVSS Score	Last update	下载
OSA-16	3rd Party Vulnerabilities in CM-Line, CMS 356 and ARCO 400 embedded image versions	CMC 256plus 2.63, CMC 353 2.63, CMC 356 2.63, CMC 430 2.63, CMC 500 2.63, CMC 850 2.63, ARCO 400 2.63	CVE-2025-24928 CVE-2024-56171 CVE-2024-47718 CVE-2025-21766 CVE-2025-21759 CVE-2025-21760 CVE-2025-32415 CVE-2025-27113 CVE-2024-8176 CVE-2024-50602 CVE-2024-50083 CVE-2025-21765 CVE-2025-21762 CVE-2025-21720 CVE-2025-21828 CVE-2024-50076 CVE-2024-5535 CVE-2023-40403 CVE-2024-13176 CVE-2025-21710 CVE-2025-26466 CVE-2025-21776 CVE-2025-21910 CVE-2025-22055 CVE-2025-32728	8.1 8.1 7.8 7.5 7.5 7.5 7.5 7.5 7.5 7.5 7.5 6.6 6.6 6.6 6.5 6.5 6.5 6.5 5.9 5.9 5.9 5.5 5.4 5.4 3.8	2025-10-01	PDF TXT CSAF
OSA-15	3rd Party Vulnerabilities affecting StationGuard	StationGuard 3.00	CVE-2025-23085 CVE-2025-23166 CVE-2025-23165	7.5 7.5 7.5	2025-10-01	PDF TXT CSAF
OSA-14	3rd Party Vulnerabilities in GridOps before 2.00	GridOps 2.00	CVE-2023-28450 CVE-2023-50387 CVE-2023-25193 CVE-2023-52425 CVE-2023-4863 CVE-2024-25062 CVE-2023-39615	9.3 7.5 7.5 7.5 7.5 8.1 8.1	2025-10-01	PDF TXT CSAF
OSA-13	Vulnerabilities in DANEO 400 firmware image versions before 5.00.0007	DANEO 400	CVE-2016-2183 CVE-2023-48795 CVE-2005-4900 CVE-2004-2761	9.4 6.8 5.9 5.0	2025-04-09	PDF TXT CSAF
OSA-12	3rd Party Vulnerabilities in CM-Line, CMS 356 and ARCO 400 embedded image versions	CMC 256plus, CMC 353, CMC 430, CMC 356, CMC 850, ARCO 400	CVE-2024-26659 CVE-2024-26716 CVE-2024-26731 CVE-2024-26964 CVE-2024-35857 CVE-2024-36941 CVE-2024-36904 CVE-2024-36896 CVE-2024-26933 CVE-2024-6387 CVE-2022-41409 CVE-2024-28757 CVE-2024-50602 CVE-2023-52425 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 CVE-2024-25062	7.4 7.4 8.1 6.2 7.0 8.1 8.1 6.2 5.5 8.1 7.5 7.5 7.5 7.5 8.1 8.1 8.1 8.1	2025-01-29	PDF TXT CSAF
OSA-11	3rd Party Vulnerabilities affecting StationGuard and StationScout	StationScout 3.00, StationGuard 3.00	CVE-2024-26921 CVE-2024-36904 CVE-2024-36905 CVE-2024-35890 CVE-2024-36929 CVE-2024-37890 CVE-2024-37168	8.1 8.1 5.9 7.5 7.5 7.5 5.3	2025-10-01	PDF TXT CSAF
OSA-10	3rd Party Vulnerabilities affecting StationGuard and StationScout	StationScout 2.40, StationGuard before 2.40	CVE-2023-6237 CVE-2023-6915 CVE-2023-39956 CVE-2023-44487 CVE-2023-52522 CVE-2024-22019 CVE-2024-26614	5.3 5.5 6.6 7.5 8.1 7.5 5.9	2024-05-27	PDF TXT CSAF
OSA-9	3rd Party Vulnerabilities in CM-Line, CMS 356 and ARCO 400 embedded image versions	CMC 256plus, CMC 353, CMC 430, CMS 356, CMC 850, ARCO 400 with Images before v2.63	CVE-1999-0517 CVE-2019-20372 CVE-2020-11022 CVE-2020-11023	7.5 5.3 6.1 6.1	2024-03-29	PDF TXT CSAF
OSA-8	Linux Kernel Vulnerability in IGB Driver affecting StationGuard and StationScout	StationGuard Image 2.10.0073, 2.20.0080, 2.21.0081, StationScout StationScout Image 2.10.0059, 2.20.0063, 2.21.0064	CVE-2023-45871	9.8	2023-11-22	PDF TXT CSAF
OSA-7	3rd Party Vulnerabilities affecting StationGuard and StationScout	StationGuard < 2.30, StationScout < 2.30	CVE-2023-23919 CVE-2023-30589	7.5 8.2	2023-11-22	PDF TXT CSAF
OSA-6	Incorrect Authorization Vulnerability in StationScout and StationGuard	StationGuard StationGuard Image 1.10.0056 - 2.20.0080, StationScout StationScout Image 1.30.0040 - 2.20.0063	CVE-2023-28611	10	2023-11-22	PDF TXT CSAF
OSA-5	Vulnerability in Update Process of StationScout and StationGuard < 2.21	StationGuard StationGuard Image all before 2.20.0080, StationScout StationScout Image all before 2.20.0063	CVE-2023-28610	10	2023-11-22	PDF TXT CSAF
OSA-4	3rd Party Vulnerabilities affecting StationGuard and StationScout < 2.20	StationGuard < 2.20, StationScout < 2.20	CVE-2018-25032 CVE-2022-0778 CVE-2022-32223 CVE-2022-20368	7.5 7.5 7.3 7.8	2023-11-22	PDF TXT CSAF
OSA-3	3rd Party Vulnerabilities affecting StationGuard image < 2.00	StationGuard StationGuard Image all before 1.10.0056	CVE-2021-37701 CVE-2021-37712	5 5	2023-11-22	PDF TXT CSAF
OSA-2	Multiple 3rd Party Denial-of-Service Vulnerabilities in StationGuard and StationScout < 2.0	StationGuard StationGuard Image all before 1.10.0056, StationScout StationScout Image all before 1.30.0040	CVE-2020-8265 CVE-2021-23840 CVE-2021-3449 CVE-2021-22930	8.1 7.5 5.9 7.5	2022-11-22	PDF TXT CSAF
OSA-1	Denial-of-Service Vulnerability in StationGuard 1.0	StationGuard StationGuard Image 1.00.0048	CVE-2021-30464	7.5	2022-11-22	PDF TXT CSAF

隨時了解情況

您可以在下方找到我们特定于产品的 RSS 提要，以随时了解最新或更新的安全建议。只需选择所需的产品即可接收相应的 RSS 链接，该链接可集成到您选择的 RSS 阅读器中。

Select product

1. 报告

2. 分析

3. 评估

4. 处理

5. 披露

OSA-16

3rd Party Vulnerabilities in CM-Line, CMS 356 and ARCO 400 embedded image versions

CMC 256plus 2.63, CMC 353 2.63, CMC 356 2.63, CMC 430 2.63, CMC 500 2.63, CMC 850 2.63, ARCO 400 2.63

8.1 8.1 7.8 7.5 7.5 7.5 7.5 7.5 7.5 7.5 7.5 6.6 6.6 6.6 6.5 6.5 6.5 6.5 5.9 5.9 5.9 5.5 5.4 5.4 3.8

2025-10-01

OSA-15

3rd Party Vulnerabilities affecting StationGuard

CVE-2025-23085 CVE-2025-23166 CVE-2025-23165

7.5 7.5 7.5

2025-10-01

OSA-14

3rd Party Vulnerabilities in GridOps before 2.00

CVE-2023-28450 CVE-2023-50387 CVE-2023-25193 CVE-2023-52425 CVE-2023-4863 CVE-2024-25062 CVE-2023-39615

9.3 7.5 7.5 7.5 7.5 8.1 8.1

2025-10-01

OSA-13

Vulnerabilities in DANEO 400 firmware image versions before 5.00.0007

CVE-2016-2183 CVE-2023-48795 CVE-2005-4900 CVE-2004-2761

9.4 6.8 5.9 5.0

2025-04-09

OSA-12

3rd Party Vulnerabilities in CM-Line, CMS 356 and ARCO 400 embedded image versions

CMC 256plus, CMC 353, CMC 430, CMC 356, CMC 850, ARCO 400

CVE-2024-26659 CVE-2024-26716 CVE-2024-26731 CVE-2024-26964 CVE-2024-35857 CVE-2024-36941 CVE-2024-36904 CVE-2024-36896 CVE-2024-26933 CVE-2024-6387 CVE-2022-41409 CVE-2024-28757 CVE-2024-50602 CVE-2023-52425 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 CVE-2024-25062

7.4 7.4 8.1 6.2 7.0 8.1 8.1 6.2 5.5 8.1 7.5 7.5 7.5 7.5 8.1 8.1 8.1 8.1

2025-01-29

OSA-11

3rd Party Vulnerabilities affecting StationGuard and StationScout

StationScout 3.00, StationGuard 3.00

CVE-2024-26921 CVE-2024-36904 CVE-2024-36905 CVE-2024-35890 CVE-2024-36929 CVE-2024-37890 CVE-2024-37168

8.1 8.1 5.9 7.5 7.5 7.5 5.3

2025-10-01

OSA-10

3rd Party Vulnerabilities affecting StationGuard and StationScout

StationScout 2.40, StationGuard before 2.40

CVE-2023-6237 CVE-2023-6915 CVE-2023-39956 CVE-2023-44487 CVE-2023-52522 CVE-2024-22019 CVE-2024-26614

5.3 5.5 6.6 7.5 8.1 7.5 5.9

2024-05-27

OSA-9

3rd Party Vulnerabilities in CM-Line, CMS 356 and ARCO 400 embedded image versions

CMC 256plus, CMC 353, CMC 430, CMS 356, CMC 850, ARCO 400 with Images before v2.63

CVE-1999-0517 CVE-2019-20372 CVE-2020-11022 CVE-2020-11023

7.5 5.3 6.1 6.1

2024-03-29

OSA-8

Linux Kernel Vulnerability in IGB Driver affecting StationGuard and StationScout

StationGuard Image 2.10.0073, 2.20.0080, 2.21.0081, StationScout StationScout Image 2.10.0059, 2.20.0063, 2.21.0064

CVE-2023-45871

9.8

2023-11-22

OSA-7

3rd Party Vulnerabilities affecting StationGuard and StationScout

StationGuard < 2.30, StationScout < 2.30

CVE-2023-23919 CVE-2023-30589

7.5 8.2

2023-11-22

OSA-6

Incorrect Authorization Vulnerability in StationScout and StationGuard

StationGuard StationGuard Image 1.10.0056 - 2.20.0080, StationScout StationScout Image 1.30.0040 - 2.20.0063

CVE-2023-28611

10

2023-11-22

OSA-5

Vulnerability in Update Process of StationScout and StationGuard < 2.21

StationGuard StationGuard Image all before 2.20.0080, StationScout StationScout Image all before 2.20.0063

CVE-2023-28610

10

2023-11-22

OSA-4

3rd Party Vulnerabilities affecting StationGuard and StationScout < 2.20

StationGuard < 2.20, StationScout < 2.20

CVE-2018-25032 CVE-2022-0778 CVE-2022-32223 CVE-2022-20368

7.5 7.5 7.3 7.8

2023-11-22

OSA-3

8.1
8.1
7.8
7.5
7.5
7.5
7.5
7.5
7.5
7.5
7.5
6.6
6.6
6.6
6.5
6.5
6.5
6.5
5.9
5.9
5.9
5.5
5.4
5.4
3.8

CVE-2025-23085
CVE-2025-23166
CVE-2025-23165

7.5
7.5
7.5

CVE-2023-28450
CVE-2023-50387
CVE-2023-25193
CVE-2023-52425
CVE-2023-4863
CVE-2024-25062
CVE-2023-39615

9.3
7.5
7.5
7.5
7.5
8.1
8.1

CVE-2016-2183
CVE-2023-48795
CVE-2005-4900
CVE-2004-2761

9.4
6.8
5.9
5.0

CVE-2024-26659
CVE-2024-26716
CVE-2024-26731
CVE-2024-26964
CVE-2024-35857
CVE-2024-36941
CVE-2024-36904
CVE-2024-36896
CVE-2024-26933
CVE-2024-6387
CVE-2022-41409
CVE-2024-28757
CVE-2024-50602
CVE-2023-52425
CVE-2024-45490
CVE-2024-45491
CVE-2024-45492
CVE-2024-25062

7.4
7.4
8.1
6.2
7.0
8.1
8.1
6.2
5.5
8.1
7.5
7.5
7.5
7.5
8.1
8.1
8.1
8.1

CVE-2024-26921
CVE-2024-36904
CVE-2024-36905
CVE-2024-35890
CVE-2024-36929
CVE-2024-37890
CVE-2024-37168

8.1
8.1
5.9
7.5
7.5
7.5
5.3

CVE-2023-6237
CVE-2023-6915
CVE-2023-39956
CVE-2023-44487
CVE-2023-52522
CVE-2024-22019
CVE-2024-26614

5.3
5.5
6.6
7.5
8.1
7.5
5.9

CVE-1999-0517
CVE-2019-20372
CVE-2020-11022
CVE-2020-11023

7.5
5.3
6.1
6.1

CVE-2023-23919
CVE-2023-30589

7.5
8.2

CVE-2018-25032
CVE-2022-0778
CVE-2022-32223
CVE-2022-20368

7.5
7.5
7.3
7.8

CVE-2021-37701
CVE-2021-37712

5
5

CVE-2020-8265
CVE-2021-23840
CVE-2021-3449
CVE-2021-22930

8.1
7.5
5.9
7.5