Advisory ID: SYSS-2023-011
Product: PIXMA TR4550
Manufacturer: Canon
Affected Version(s): 1.020 / 1.080
also affects many other Canon inkjet printer
models[4]
Tested Version(s): 1.020
Solution Status: Open
Manufacturer Notification: 2023-03-30
Solution Date: -
Public Disclosure: 2023-07-20
CVE Reference: CVE-2023-38334
Author of Advisory:Matthias Deeg (SySS GmbH
Solution Status: Open
Manufacturer Notification: 2023-03-30
Solution Date: -
Public Disclosure: 2023-07-20
CVE Reference: CVE-2023-38335
Author of Advisory:Matthias Deeg (SySS GmbH
Behavior Violation (CWE-440)
Risk Level:Low
Solution Status: Open
Manufacturer Notification: 2022-06-29
Solution Date: -
Public Disclosure: 2022-10-07
CVE Reference: CVE-2022-28386
Author of Advisory:Matthias Deeg (SySS GmbH
Immutable Root of Trust in Hardware
(CWE-1326)
Risk Level:Medium
Solution Status: Fixed
Manufacturer Notification: 2022-06-29
Solution Date: -
Public Disclosure: 2022-10-07
CVE Reference: CVE-2022-28383
Author of Advisory:Matthias Deeg
-28382
Author of Advisory:Matthias Deeg (SySS GmbH)
Overview:
The Verbatim Store 'n' Go Secure Portable SSD is a portable USB drive
with AES 256-bit hardware encryption and a built-in keypad for passcode
entry
-28384
Author of Advisory:Matthias Deeg (SySS GmbH)
Overview:
The Verbatim Store 'n' Go Secure Portable SSD is a portable USB drive
with AES 256-bit hardware encryption and a built-in keypad for passcode
entry
Solution Status: Open
Manufacturer Notification: 2022-04-12
Solution Date: -
Public Disclosure: 2022-06-10
CVE Reference: CVE-2022-29948
Author of Advisory:Matthias Deeg (SySS GmbH
)
Risk Level:Low
Solution Status: Open
Manufacturer Notification: 2022-02-03
Solution Date: -
Public Disclosure: 2022-06-08
CVE Reference: CVE-2022-28385
Author of Advisory:Matthias Deeg (SySS GmbH
)
Risk Level:Medium
Solution Status: Open
Manufacturer Notification: 2022-02-03
Solution Date: -
Public Disclosure: 2022-06-08
CVE Reference: CVE-2022-28383
Author of Advisory:Matthias Deeg (SySS GmbH
Implementation (CWE-1240)
Risk Level:Low
Solution Status: Open
Manufacturer Notification: 2022-02-03
Solution Date: -
Public Disclosure: 2022-06-08
CVE Reference: CVE-2022-28382
Author of Advisory:Matthias Deeg (SySS
Implementation (CWE-1240)
Risk Level:High
Solution Status: Open
Manufacturer Notification: 2022-02-03
Solution Date: -
Public Disclosure: 2022-06-08
CVE Reference: CVE-2022-28387
Author of Advisory:Matthias Deeg (SySS
of Data
Authenticity (CWE-345)
Risk Level:Low
Solution Status: Open
Manufacturer Notification: 2022-02-03
Solution Date: -
Public Disclosure: 2022-06-08
CVE Reference: CVE-2022-28385
Author of Advisory:Matthias Deeg (SySS GmbH
of Trust in Hardware
(CWE-1326)
Risk Level:Medium
Solution Status: Open
Manufacturer Notification: 2022-02-03
Solution Date: -
Public Disclosure: 2022-06-08
CVE Reference: CVE-2022-28383
Author of Advisory:Matthias Deeg (SySS GmbH
:Matthias Deeg (SySS GmbH)
Overview:
The Verbatim Executive Fingerprint Secure SSD is a USB drive with AES
256-bit hardware encryption and a built-in fingerprint sensor for
unlocking the device with previously
of Advisory:Matthias Deeg (SySS GmbH)
Overview:
The Verbatim Executive Fingerprint Secure SSD is a USB drive with AES
256-bit hardware encryption and a built-in fingerprint sensor for
unlocking the device with previously
-440)
Risk Level:Low
Solution Status: Open
Manufacturer Notification: 2022-01-31
Solution Date: -
Public Disclosure: 2022-06-08
CVE Reference: CVE-2022-28386
Author of Advisory:Matthias Deeg (SySS GmbH
in Hardware
(CWE-1326)
Risk Level:Medium
Solution Status: Open
Manufacturer Notification: 2022-01-31
Solution Date: -
Public Disclosure: 2022-06-08
CVE Reference: CVE-2022-28383
Author of Advisory:Matthias Deeg (SySS GmbH
:Matthias Deeg (SySS GmbH)
Overview:
The Verbatim Store 'n' Go Secure Portable HDD is a portable USB drive
with AES 256-bit hardware encryption and a built-in keypad for passcode
entry.
The manufacturer describes
:Matthias Deeg (SySS GmbH)
Overview:
The Verbatim Store 'n' Go Secure Portable HDD is a portable USB drive
with AES 256-bit hardware encryption and a built-in keypad for passcode
entry.
The manufacturer describes
)
Risk Level:Low
Solution Status: Open
Manufacturer Notification: 2022-01-27
Solution Date: -
Public Disclosure: 2022-06-08
CVE Reference: CVE-2022-28386
Author of Advisory: Matthias Deeg (SySS GmbH
in Hardware
(CWE-1326)
Risk Level:Medium
Solution Status: Open
Manufacturer Notification: 2022-01-27
Solution Date: -
Public Disclosure: 2022-06-08
CVE Reference: CVE-2022-28383
Author of Advisory:Matthias Deeg (SySS GmbH
:Matthias Deeg (SySS GmbH)
Overview:
The Verbatim Keypad Secure is a USB drive with AES 256-bit hardware
encryption and a built-in keypad for passcode entry.
The manufacturer describes the product as follows:
"The AES 25
:Matthias Deeg (SySS GmbH)
Overview:
The Verbatim Keypad Secure is a USB drive with AES 256-bit hardware
encryption and a built-in keypad for passcode entry.
The manufacturer describes the product as follows:
"The AES 25
)
"Time Traveler Attack"
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2021-02-04
Solution Date: -
Public Disclosure: 2021-06-16
CVE Reference: CVE-2021-32033
Author of Advisory: Matthias Deeg
Sphere (CWE-668)
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2020-12-02
Solution Date: -
Public Disclosure: 2021-03-18
CVE Reference: CVE-2021-28133
Authors of Advisory: Michael Strametz, Matthias Deeg
Manufacturer Notification: 2020-04-03
Solution Date: -
Public Disclosure: 2020-07-30
CVE Reference: CVE-2020-14158
Authors of Advisory: Michael Rüttgers, Thomas Detert,
Matthias Deeg (SySS GmbH)
Overview:
The ABUS
Solution Date: -
Public Disclosure: 2020-06-17
CVE Reference: CVE-2020-14157
Authors of Advisory: Michael Rüttgers, Thomas Detert,
Matthias Deeg (SySS GmbH)
Overview:
ABUS Secvest Wireless Control Device
Notification: 2019-05-22
Solution Date: -
Public Disclosure: 2019-11-28
CVE Reference: CVE-2019-12503
Author of Advisory: Matthias Deeg (SySS GmbH)
Overview:
Inateck BCST-60 is a barcode scanner that can be either used
)
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2019-07-31
Solution Date: -
Public Disclosure: 2019-10-10
CVE Reference: Not assigned yet
Author of Advisory: Matthias Deeg (SySS GmbH)
Overview:
Microsoft
)
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2019-07-31
Solution Date: -
Public Disclosure: 2019-10-10
CVE Reference: Not assigned yet
Author of Advisory: Matthias Deeg (SySS GmbH)
Overview:
Microsoft
)
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2019-07-31
Solution Date: -
Public Disclosure: 2019-10-10
CVE Reference: Not assigned yet
Author of Advisory: Matthias Deeg (SySS GmbH)
Overview:
Microsoft
Solution Date: -
Public Disclosure: 2019-07-26
CVE Reference: CVE-2019-14261
Authors of Advisory: Matthias Deeg (SySS GmbH), Thomas Detert
Overview:
ABUS Secvest (FUAA5) is a wireless alarm system with different
features
Advisory ID: SYSS-2019-021
Product: Cynap
Manufacturer: WolfVision
Affected Version(s): 1.18g, 1.28j
Tested Version(s): 1.18g, 1.28j
Vulnerability Type: Use of Hard-coded Cryptographic Key (CWE-321)
Risk Level: High
Solution Status: Fixed
Manufacturer Notification: 2019-05-03
Solution Date:
Advisory ID: SYSS-2019-021
Product: Cynap
Manufacturer: WolfVision
Affected Version(s): 1.18g, 1.28j
Tested Version(s): 1.18g, 1.28j
Vulnerability Type: Use of Hard-coded Cryptographic Key (CWE-321)
Risk Level: High
Solution Status: Fixed
Manufacturer Notification: 2019-05-03
Solution
)
Keystroke Injection Vulnerability
Risk Level: High
Solution Status: Open
Manufacturer Notification: 2019-04-12
Solution Date: -
Public Disclosure: 2019-06-04
CVE Reference: CVE-2019-12506
Author of Advisory: Matthias Deeg (SySS GmbH
Solution Status: Open
Manufacturer Notification: 2019-03-22
Solution Date: -
Public Disclosure: 2019-06-04
CVE Reference: CVE-2019-12504
Author of Advisory: Matthias Deeg (SySS GmbH)
Overview:
Inateck WP2002 is a ring-shaped
: High
Solution Status: Open
Manufacturer Notification: 2019-03-22
Solution Date: -
Public Disclosure: 2019-06-04
CVE Reference: CVE-2019-12505
Author of Advisory: Matthias Deeg (SySS GmbH)
Overview:
Inateck WP1001
Manufacturer Notification: 2019-04-04
Solution Date: 2019-05-14 (recommended mitigation by manufacturer)
Public Disclosure: 2019-05-29
CVE Reference: CVE-2019-10921
Authors of Advisory: Manuel Stotz (SySS GmbH), Matthias Deeg (SySS GmbH
Manufacturer Notification: 2019-04-04
Solution Date: 2019-05-14 (recommended mitigation by manufacturer)
Public Disclosure: 2019-05-29
CVE Reference: CVE-2019-10920
Authors of Advisory: Manuel Stotz, Matthias Deeg (SySS GmbH
Disclosure: 2019-05-02
CVE Reference: CVE-2019-9861
Authors of Advisory: Matthias Deeg, Gerhard Klostermeier (SySS GmbH)
Overview:
ABUS Secvest (FUAA5) is a wireless alarm system with different
features.
Some of the supported
Notification: 2018-11-21
Solution Date: -
Public Disclosure: 2019-03-25
CVE Reference: CVE-2019-9860
Authors of Advisory: Matthias Deeg (SySS GmbH), Thomas Detert
Overview:
ABUS Secvest FUBE50014 and FUBE50015 are wireless remote
Solution Date: -
Public Disclosure: 2019-03-25
CVE Reference: CVE-2019-9862
Authors of Advisory: Matthias Deeg (SySS GmbH), Thomas Detert
Overview:
ABUS Secvest FUBE50014 and FUBE50015 are wireless remote controls
Solution Date: -
Public Disclosure: 2019-03-25
CVE Reference: CVE-2019-9863
Authors of Advisory: Matthias Deeg (SySS GmbH), Thomas Detert
Overview:
ABUS Secvest (FUAA5) is a wireless alarm system with different
features
Attacks
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2017-10-20
Solution Date: -
Public Disclosure: 2018-01-29
CVE Reference: Not yet assigned
Authors of Advisory: Matthias Deeg (SySS GmbH)
Overview
so
[9] SySS Security Advisory SYSS-2017-027
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2017-027.txt
[10] SySS Responsible Disclosure Policy
https://www.syss.de/en/responsible-disclosure-policy/
~~~~
)
Violation of Secure Design Principles (CWE-657)
Risk Level: High
Solution Status: Fixed
Manufacturer Notification: 2015-07-09
Solution Date: 2016-10-18
Public Disclosure: 2017-04-10
CVE Reference: Not yet assigned
Author of Advisory: Matthias Deeg (SySS GmbH
)
SQL Injection (CWE-89)
Risk Level: High
Solution Status: Fixed
Manufacturer Notification: 2015-07-09
Solution Date: 2016-10-18
Public Disclosure: 2017-04-10
CVE Reference: Not yet assigned
Author of Advisory: Matthias Deeg (SySS GmbH
Manufacturer Notification: 2016-11-28
Solution Date: -
Public Disclosure: 2017-02-20
CVE Reference: Not yet assigned
Author of Advisory: Matthias Deeg (SySS GmbH)
Overview:
ABUS Secvest (FUAA5) is a wireless alarm system
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Advisory ID: SYSS-2016-107
Product: EASY HOME Alarmanlagen-Set
Manufacturer: monolith GmbH
Affected Version(s): Model No. MAS-S01-09
Tested Version(s): Model No. MAS-S01-09
Vulnerability Type: Cryptographic Issues (CWE-310)
Risk Level: Low
Solution
: Medium
Solution Status: Open
Manufacturer Notification: 2016-09-26
Solution Date: -
Public Disclosure: 2016-11-23
CVE Reference: Not yet assigned
Author of Advisory: Matthias Deeg (SySS GmbH)
Overview:
The EASY HOME MAS-S01-09
Status: Fixed
Manufacturer Notification: 2016-07-21
Solution Date: 2016-11-14
Public Disclosure: 2016-11-23
CVE Reference: Not yet assigned
Author of Advisory: Matthias Deeg (SySS GmbH)
Overview:
The Olympia Protect 9061
Manufacturer Notification: 2016-07-14
Solution Date: -
Public Disclosure: 2016-11-23
CVE Reference: Not yet assigned
Author of Advisory: Matthias Deeg (SySS GmbH)
Overview:
The Blaupunkt Smart GSM Alarm SA 2500 Kit is a wireless
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Advisory ID: SYSS-2016-066
Product: M2B GSM Wireless Alarm System
Manufacturer: Multi Kon Trade
Affected Version(s): Unspecified
Tested Version(s): Unspecified
Vulnerability Type: Missing Protection against Replay Attacks
Risk Level: Medium
Solution
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Advisory ID: SYSS-2016-064
Product: M2B GSM Wireless Alarm System
Manufacturer: Multi Kon Trade
Affected Version(s): Unspecified
Tested Version(s): Unspecified
Vulnerability Type: Improper Restriction of Excessive Authentication
)
Mouse Spoofing Attack
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2016-08-16
Solution Date: -
Public Disclosure: 2016-10-12
CVE Reference: Not yet assigned
Authors of Advisory: Matthias Deeg (SySS GmbH
)
Keystroke Injection Vulnerability
Risk Level: High
Solution Status: Open
Manufacturer Notification: 2016-08-12
Solution Date: -
Public Disclosure: 2016-10-12
CVE Reference: Not yet assigned
Authors of Advisory: Matthias Deeg (SySS GmbH
: Open
Manufacturer Notification: 2016-05-19
Solution Date: -
Public Disclosure: 2016-10-05
CVE Reference: Not yet assigned
Authors of Advisory: Matthias Deeg and Gerhard Klostermeier (SySS GmbH)
Overview:
Microsoft Wireless
Status: Open
Manufacturer Notification: 2016-07-07
Solution Date: -
Public Disclosure: 2016-10-05
CVE Reference: Not yet assigned
Authors of Advisory: Matthias Deeg and Gerhard Klostermeier (SySS GmbH)
Overview:
Fujitsu
Replay Attacks
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2016-05-19
Solution Date: -
Public Disclosure: 2016-10-05
CVE Reference: Not yet assigned
Authors of Advisory: Matthias Deeg and Gerhard Klostermeier (SySS GmbH
(Cryptographic Key)
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2016-04-22
Solution Date: -
Public Disclosure: 2016-10-05
CVE Reference: Not yet assigned
Authors of Advisory: Gerhard Klostermeier and Matthias Deeg (SySS GmbH
project about modern wireless desktop
sets using AES encryption, Expert IT Security consultant Matthias Deeg
and IT Security Consultant Gerhard Klostermeier noticed that the radio
communication of all tested wireless mice so far was unencrypted and
unauthenticated.
The insight that radio
)
Mouse Spoofing Attack
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2016-06-28
Solution Date: -
Public Disclosure: 2016-09-30
CVE Reference: Not yet assigned
Authors of Advisory: Matthias Deeg and Gerhard Klostermeier (SySS GmbH
)
Mouse Spoofing Attack
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2016-06-28
Solution Date: -
Public Disclosure: 2016-09-30
CVE Reference: Not yet assigned
Authors of Advisory: Matthias Deeg and Gerhard Klostermeier (SySS GmbH
build 3380124 (Update 1)
Vulnerability Type: Improper Input Validation (CWE-20)
Risk Level: Medium
Solution Status: Fixed
Manufacturer Notification: 2016-07-01
Solution Date: 2016-08-04
Public Disclosure: 2016-08-05
CVE Reference: CVE-2016-5331
Authors of Advisory: Matthias Deeg (SySS GmbH
65 matches
Mail list logo