[FD] [SYSS-2023-011]: Canon PIXMA TR4550 and other inkjet printer models - Insufficient or Incomplete Data Removal, within Hardware Component (CWE-1301)

Advisory ID: SYSS-2023-011 Product: PIXMA TR4550 Manufacturer: Canon Affected Version(s): 1.020 / 1.080 also affects many other Canon inkjet printer models[4] Tested Version(s): 1.020

[FD] [SYSS-2023-006]: Omnis Studio - Expected Behavior Violation (CWE-440) (CVE-2023-38334)

Solution Status: Open Manufacturer Notification: 2023-03-30 Solution Date: - Public Disclosure: 2023-07-20 CVE Reference: CVE-2023-38334 Author of Advisory:Matthias Deeg (SySS GmbH

[FD] [SYSS-2023-005]: Omnis Studio - Expected Behavior Violation (CWE-440) (CVE-2023-38335)

Solution Status: Open Manufacturer Notification: 2023-03-30 Solution Date: - Public Disclosure: 2023-07-20 CVE Reference: CVE-2023-38335 Author of Advisory:Matthias Deeg (SySS GmbH

[FD] [SYSS-2022-046]: Verbatim Store 'n' Go Secure Portable SSD - Expected Behavior Violation (CWE-440) (CVE-2022-28386)

Behavior Violation (CWE-440) Risk Level:Low Solution Status: Open Manufacturer Notification: 2022-06-29 Solution Date: - Public Disclosure: 2022-10-07 CVE Reference: CVE-2022-28386 Author of Advisory:Matthias Deeg (SySS GmbH

[FD] [SYSS-2022-045]: Verbatim Store 'n' Go Secure Portable SSD - Missing Immutable Root of Trust in Hardware (CWE-1326) (CVE-2022-28383)

Immutable Root of Trust in Hardware (CWE-1326) Risk Level:Medium Solution Status: Fixed Manufacturer Notification: 2022-06-29 Solution Date: - Public Disclosure: 2022-10-07 CVE Reference: CVE-2022-28383 Author of Advisory:Matthias Deeg

[FD] [SYSS-2022-044]: Verbatim Store 'n' Go Secure Portable SSD - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28382)

-28382 Author of Advisory:Matthias Deeg (SySS GmbH) Overview: The Verbatim Store 'n' Go Secure Portable SSD is a portable USB drive with AES 256-bit hardware encryption and a built-in keypad for passcode entry

[FD] [SYSS-2022-043]: Verbatim Store 'n' Go Secure Portable SSD - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28384)

-28384 Author of Advisory:Matthias Deeg (SySS GmbH) Overview: The Verbatim Store 'n' Go Secure Portable SSD is a portable USB drive with AES 256-bit hardware encryption and a built-in keypad for passcode entry

[FD] [SYSS-2022-024]: Lepin EP-KP001 - Violation of Secure Design Principles (CWE-657) (CVE-2022-29948)

Solution Status: Open Manufacturer Notification: 2022-04-12 Solution Date: - Public Disclosure: 2022-06-10 CVE Reference: CVE-2022-29948 Author of Advisory:Matthias Deeg (SySS GmbH

[FD] [SYSS-2022-017]: Verbatim Fingerprint Secure Portable Hard Drive - Insufficient Verification of Data Authenticity (CWE-345) (CVE-2022-28385)

) Risk Level:Low Solution Status: Open Manufacturer Notification: 2022-02-03 Solution Date: - Public Disclosure: 2022-06-08 CVE Reference: CVE-2022-28385 Author of Advisory:Matthias Deeg (SySS GmbH

[FD] [SYSS-2022-016]: Verbatim Fingerprint Secure Portable Hard Drive - Missing Immutable Root of Trust in Hardware (CWE-1326) (CVE-2022-28383)

) Risk Level:Medium Solution Status: Open Manufacturer Notification: 2022-02-03 Solution Date: - Public Disclosure: 2022-06-08 CVE Reference: CVE-2022-28383 Author of Advisory:Matthias Deeg (SySS GmbH

[FD] [SYSS-2022-015]: Verbatim Fingerprint Secure Portable Hard Drive - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28382)

Implementation (CWE-1240) Risk Level:Low Solution Status: Open Manufacturer Notification: 2022-02-03 Solution Date: - Public Disclosure: 2022-06-08 CVE Reference: CVE-2022-28382 Author of Advisory:Matthias Deeg (SySS

[FD] [SYSS-2022-014]: Verbatim Fingerprint Secure Portable Hard Drive - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28387)

Implementation (CWE-1240) Risk Level:High Solution Status: Open Manufacturer Notification: 2022-02-03 Solution Date: - Public Disclosure: 2022-06-08 CVE Reference: CVE-2022-28387 Author of Advisory:Matthias Deeg (SySS

[FD] [SYSS-2022-013]: Verbatim Executive Fingerprint Secure SSD - Insufficient Verification of Data Authenticity (CWE-345) (CVE-2022-28385)

of Data Authenticity (CWE-345) Risk Level:Low Solution Status: Open Manufacturer Notification: 2022-02-03 Solution Date: - Public Disclosure: 2022-06-08 CVE Reference: CVE-2022-28385 Author of Advisory:Matthias Deeg (SySS GmbH

[FD] [SYSS-2022-011]: Verbatim Executive Fingerprint Secure SSD - Missing Immutable Root of Trust in Hardware (CWE-1326) (CVE-2022-28383)

of Trust in Hardware (CWE-1326) Risk Level:Medium Solution Status: Open Manufacturer Notification: 2022-02-03 Solution Date: - Public Disclosure: 2022-06-08 CVE Reference: CVE-2022-28383 Author of Advisory:Matthias Deeg (SySS GmbH

[FD] [SYSS-2022-010]: Verbatim Executive Fingerprint Secure SSD - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28382)

:Matthias Deeg (SySS GmbH) Overview: The Verbatim Executive Fingerprint Secure SSD is a USB drive with AES 256-bit hardware encryption and a built-in fingerprint sensor for unlocking the device with previously

[FD] [SYSS-2022-009]: Verbatim Executive Fingerprint Secure SSD - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28387)

of Advisory:Matthias Deeg (SySS GmbH) Overview: The Verbatim Executive Fingerprint Secure SSD is a USB drive with AES 256-bit hardware encryption and a built-in fingerprint sensor for unlocking the device with previously

[FD] [SYSS-2022-008]: Verbatim Store 'n' Go Secure Portable HDD - Expected Behavior Violation (CWE-440) (CVE-2022-28386)

-440) Risk Level:Low Solution Status: Open Manufacturer Notification: 2022-01-31 Solution Date: - Public Disclosure: 2022-06-08 CVE Reference: CVE-2022-28386 Author of Advisory:Matthias Deeg (SySS GmbH

[FD] [SYSS-2022-007]: Verbatim Store 'n' Go Secure Portable HDD - Missing Immutable Root of Trust in Hardware (CWE-1326) (CVE-2022-28383)

in Hardware (CWE-1326) Risk Level:Medium Solution Status: Open Manufacturer Notification: 2022-01-31 Solution Date: - Public Disclosure: 2022-06-08 CVE Reference: CVE-2022-28383 Author of Advisory:Matthias Deeg (SySS GmbH

[FD] [SYSS-2022-006]: Verbatim Store 'n' Go Secure Portable HDD - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28382)

:Matthias Deeg (SySS GmbH) Overview: The Verbatim Store 'n' Go Secure Portable HDD is a portable USB drive with AES 256-bit hardware encryption and a built-in keypad for passcode entry. The manufacturer describes

[FD] [SYSS-2022-005]: Verbatim Store 'n' Go Secure Portable HDD - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28384)

:Matthias Deeg (SySS GmbH) Overview: The Verbatim Store 'n' Go Secure Portable HDD is a portable USB drive with AES 256-bit hardware encryption and a built-in keypad for passcode entry. The manufacturer describes

[FD] [SYSS-2022-004]: Verbatim Keypad Secure USB 3.2 Gen 1 Drive - Expected Behavior Violation (CWE-440) (CVE-2022-28386)

) Risk Level:Low Solution Status: Open Manufacturer Notification: 2022-01-27 Solution Date: - Public Disclosure: 2022-06-08 CVE Reference: CVE-2022-28386 Author of Advisory: Matthias Deeg (SySS GmbH

[FD] [SYSS-2022-003]: Verbatim Keypad Secure USB 3.2 Gen 1 Drive - Missing Immutable Root of Trust in Hardware (CWE-1326) (CVE-2022-28383)

in Hardware (CWE-1326) Risk Level:Medium Solution Status: Open Manufacturer Notification: 2022-01-27 Solution Date: - Public Disclosure: 2022-06-08 CVE Reference: CVE-2022-28383 Author of Advisory:Matthias Deeg (SySS GmbH

[FD] [SYSS-2022-002]: Verbatim Keypad Secure USB 3.2 Gen 1 Drive - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28382)

:Matthias Deeg (SySS GmbH) Overview: The Verbatim Keypad Secure is a USB drive with AES 256-bit hardware encryption and a built-in keypad for passcode entry. The manufacturer describes the product as follows: "The AES 25

[FD] [SYSS-2022-001]: Verbatim Keypad Secure USB 3.2 Gen 1 Drive - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28384)

:Matthias Deeg (SySS GmbH) Overview: The Verbatim Keypad Secure is a USB drive with AES 256-bit hardware encryption and a built-in keypad for passcode entry. The manufacturer describes the product as follows: "The AES 25

[FD] [SYSS-2021-007]: Protectimus SLIM NFC - External Control of System or Configuration Setting (CWE-15) (CVE-2021-32033)

) "Time Traveler Attack" Risk Level: Medium Solution Status: Open Manufacturer Notification: 2021-02-04 Solution Date: - Public Disclosure: 2021-06-16 CVE Reference: CVE-2021-32033 Author of Advisory: Matthias Deeg

[FD] [SYSS-2020-044]: Zoom - Exposure of Resource to Wrong Sphere (CWE-668) (CVE-2021-28133)

Sphere (CWE-668) Risk Level: Medium Solution Status: Open Manufacturer Notification: 2020-12-02 Solution Date: - Public Disclosure: 2021-03-18 CVE Reference: CVE-2021-28133 Authors of Advisory: Michael Strametz, Matthias Deeg

[FD] [SYSS-2020-015]: ABUS Secvest Hybrid module (FUMO50110) - Authentication Bypass Using an Alternate Path or Channel (CWE-288) (CVE-2020-14158)

Manufacturer Notification: 2020-04-03 Solution Date: - Public Disclosure: 2020-07-30 CVE Reference: CVE-2020-14158 Authors of Advisory: Michael Rüttgers, Thomas Detert, Matthias Deeg (SySS GmbH) Overview: The ABUS

[FD] [SYSS_2020-014]: ABUS Secvest Wireless Control Device (FUBE50001) - Missing Encryption of Sensitive Data (CWE-311) (CVE-2020-14157)

Solution Date: - Public Disclosure: 2020-06-17 CVE Reference: CVE-2020-14157 Authors of Advisory: Michael Rüttgers, Thomas Detert, Matthias Deeg (SySS GmbH) Overview: ABUS Secvest Wireless Control Device

[FD] [SYSS-2019-027]: Inateck BCST-60 Barcode Scanner - Keystroke Injection Vulnerability (CVE-2019-12503)

Notification: 2019-05-22 Solution Date: - Public Disclosure: 2019-11-28 CVE Reference: CVE-2019-12503 Author of Advisory: Matthias Deeg (SySS GmbH) Overview: Inateck BCST-60 is a barcode scanner that can be either used

[FD] [SYSS-2019-035]: Microsoft Surface Mouse - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key)

) Risk Level: Medium Solution Status: Open Manufacturer Notification: 2019-07-31 Solution Date: - Public Disclosure: 2019-10-10 CVE Reference: Not assigned yet Author of Advisory: Matthias Deeg (SySS GmbH) Overview: Microsoft

[FD] [SYSS-2019-034]: Microsoft Surface Keyboard - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key)

) Risk Level: Medium Solution Status: Open Manufacturer Notification: 2019-07-31 Solution Date: - Public Disclosure: 2019-10-10 CVE Reference: Not assigned yet Author of Advisory: Matthias Deeg (SySS GmbH) Overview: Microsoft

[FD] [SYSS-2019-033]: Microsoft Designer Bluetooth Desktop - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key)

) Risk Level: Medium Solution Status: Open Manufacturer Notification: 2019-07-31 Solution Date: - Public Disclosure: 2019-10-10 CVE Reference: Not assigned yet Author of Advisory: Matthias Deeg (SySS GmbH) Overview: Microsoft

[FD] [SYSS-2019-004]: ABUS Secvest (FUAA50000) - Message Transmission - Unchecked Error Condition (CWE-391) (CVE-2019-14261)

Solution Date: - Public Disclosure: 2019-07-26 CVE Reference: CVE-2019-14261 Authors of Advisory: Matthias Deeg (SySS GmbH), Thomas Detert Overview: ABUS Secvest (FUAA5) is a wireless alarm system with different features

[FD] UPDATE: [SYSS-2019-021]: WolfVision Cynap - Use of Hard-coded Cryptographic Key (CWE-321) [CVE-2019-13352]

Advisory ID: SYSS-2019-021 Product: Cynap Manufacturer: WolfVision Affected Version(s): 1.18g, 1.28j Tested Version(s): 1.18g, 1.28j Vulnerability Type: Use of Hard-coded Cryptographic Key (CWE-321) Risk Level: High Solution Status: Fixed Manufacturer Notification: 2019-05-03 Solution Date:

[FD] [SYSS-2019-021]: WolfVision Cynap - Use of Hard-coded Cryptographic Key (CWE-321)

Advisory ID: SYSS-2019-021 Product: Cynap Manufacturer: WolfVision Affected Version(s): 1.18g, 1.28j Tested Version(s): 1.18g, 1.28j Vulnerability Type: Use of Hard-coded Cryptographic Key (CWE-321) Risk Level: High Solution Status: Fixed Manufacturer Notification: 2019-05-03 Solution

[FD] [SYSS-2019-015]: Logitech R700 Laser Presentation Remote - Keystroke Injection Vulnerability

) Keystroke Injection Vulnerability Risk Level: High Solution Status: Open Manufacturer Notification: 2019-04-12 Solution Date: - Public Disclosure: 2019-06-04 CVE Reference: CVE-2019-12506 Author of Advisory: Matthias Deeg (SySS GmbH

[FD] [SYSS-2019-008]: Inateck 2.4 GHz Wearable Wireless Presenter WP2002 - Keystroke Injection Vulnerability

Solution Status: Open Manufacturer Notification: 2019-03-22 Solution Date: - Public Disclosure: 2019-06-04 CVE Reference: CVE-2019-12504 Author of Advisory: Matthias Deeg (SySS GmbH) Overview: Inateck WP2002 is a ring-shaped

[FD] [SYSS-2019-007]: Inateck 2.4 GHz Wireless Presenter WP1001 - Keystroke Injection Vulnerability

: High Solution Status: Open Manufacturer Notification: 2019-03-22 Solution Date: - Public Disclosure: 2019-06-04 CVE Reference: CVE-2019-12505 Author of Advisory: Matthias Deeg (SySS GmbH) Overview: Inateck WP1001

[FD] [SYSS-2019-014]: Siemens LOGO! 8 - Storing Passwords in a Recoverable Format (CWE-257)

Manufacturer Notification: 2019-04-04 Solution Date: 2019-05-14 (recommended mitigation by manufacturer) Public Disclosure: 2019-05-29 CVE Reference: CVE-2019-10921 Authors of Advisory: Manuel Stotz (SySS GmbH), Matthias Deeg (SySS GmbH

[FD] [SYSS-2019-012]: Siemens LOGO! 8 - Use of Hard-coded Cryptographic Key (CWE-321)

Manufacturer Notification: 2019-04-04 Solution Date: 2019-05-14 (recommended mitigation by manufacturer) Public Disclosure: 2019-05-29 CVE Reference: CVE-2019-10920 Authors of Advisory: Manuel Stotz, Matthias Deeg (SySS GmbH

[FD] [SYSS-2019-005]: ABUS Secvest - Proximity Key - Cryptographic Issues (CWE-310)

Disclosure: 2019-05-02 CVE Reference: CVE-2019-9861 Authors of Advisory: Matthias Deeg, Gerhard Klostermeier (SySS GmbH) Overview: ABUS Secvest (FUAA5) is a wireless alarm system with different features. Some of the supported

[FD] [SYSS-2018-036]: ABUS Secvest Remote Control - Denial of Service - Uncontrolled Resource Consumption (CWE-400)

Notification: 2018-11-21 Solution Date: - Public Disclosure: 2019-03-25 CVE Reference: CVE-2019-9860 Authors of Advisory: Matthias Deeg (SySS GmbH), Thomas Detert Overview: ABUS Secvest FUBE50014 and FUBE50015 are wireless remote

[FD] [SYSS-2018-035]: ABUS Secvest Remote Control - Missing Encryption of Sensitive Data (CWE-311)

Solution Date: - Public Disclosure: 2019-03-25 CVE Reference: CVE-2019-9862 Authors of Advisory: Matthias Deeg (SySS GmbH), Thomas Detert Overview: ABUS Secvest FUBE50014 and FUBE50015 are wireless remote controls

[FD] [SYSS-2018-034]: ABUS Secvest - Rolling Code - Predictable from Observable State (CWE-341)

Solution Date: - Public Disclosure: 2019-03-25 CVE Reference: CVE-2019-9863 Authors of Advisory: Matthias Deeg (SySS GmbH), Thomas Detert Overview: ABUS Secvest (FUAA5) is a wireless alarm system with different features

[FD] [SYSS-2017-026] Microsoft Surface Hub Keyboard - Cryptographic Issues (CWE-310), Insufficient Protection against Replay Attacks

Attacks Risk Level: Medium Solution Status: Open Manufacturer Notification: 2017-10-20 Solution Date: - Public Disclosure: 2018-01-29 CVE Reference: Not yet assigned Authors of Advisory: Matthias Deeg (SySS GmbH) Overview

[FD] [SYSS-2017-027] Microsoft Windows Hello Face Authentication - Authentication Bypass by Spoofing (CWE-290)

so [9] SySS Security Advisory SYSS-2017-027 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2017-027.txt [10] SySS Responsible Disclosure Policy https://www.syss.de/en/responsible-disclosure-policy/ ~~~~

[FD] [SYSS-2015-036] Password Safe and Repository Enterprise v7.4.4 - Violation of Secure Design Principles (CWE-657)

) Violation of Secure Design Principles (CWE-657) Risk Level: High Solution Status: Fixed Manufacturer Notification: 2015-07-09 Solution Date: 2016-10-18 Public Disclosure: 2017-04-10 CVE Reference: Not yet assigned Author of Advisory: Matthias Deeg (SySS GmbH

[FD] [SYSS-2015-035] Password Safe and Repository Enterprise v7.4.4 - SQL Injection (CWE-89)

) SQL Injection (CWE-89) Risk Level: High Solution Status: Fixed Manufacturer Notification: 2015-07-09 Solution Date: 2016-10-18 Public Disclosure: 2017-04-10 CVE Reference: Not yet assigned Author of Advisory: Matthias Deeg (SySS GmbH

[FD] [SYSS-2016-117] ABUS Secvest (FUAA50000) - Missing Protection against Replay Attacks

Manufacturer Notification: 2016-11-28 Solution Date: - Public Disclosure: 2017-02-20 CVE Reference: Not yet assigned Author of Advisory: Matthias Deeg (SySS GmbH) Overview: ABUS Secvest (FUAA5) is a wireless alarm system

[FD] [SYSS-2016-107] EASY HOME Alarmanlagen-Set - Cryptographic Issues (CWE-310)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Advisory ID: SYSS-2016-107 Product: EASY HOME Alarmanlagen-Set Manufacturer: monolith GmbH Affected Version(s): Model No. MAS-S01-09 Tested Version(s): Model No. MAS-S01-09 Vulnerability Type: Cryptographic Issues (CWE-310) Risk Level: Low Solution

[FD] [SYSS-2016-106] EASY HOME Alarmanlagen-Set - Missing Protection against Replay Attacks

: Medium Solution Status: Open Manufacturer Notification: 2016-09-26 Solution Date: - Public Disclosure: 2016-11-23 CVE Reference: Not yet assigned Author of Advisory: Matthias Deeg (SySS GmbH) Overview: The EASY HOME MAS-S01-09

[FD] [SYSS-2016-072] Olypmia Protect 9061 - Missing Protection against Replay Attacks

Status: Fixed Manufacturer Notification: 2016-07-21 Solution Date: 2016-11-14 Public Disclosure: 2016-11-23 CVE Reference: Not yet assigned Author of Advisory: Matthias Deeg (SySS GmbH) Overview: The Olympia Protect 9061

[FD] [SYSS-2016-071] Blaupunkt Smart GSM Alarm SA 2500 Kit - Missing Protection against Replay Attacks

Manufacturer Notification: 2016-07-14 Solution Date: - Public Disclosure: 2016-11-23 CVE Reference: Not yet assigned Author of Advisory: Matthias Deeg (SySS GmbH) Overview: The Blaupunkt Smart GSM Alarm SA 2500 Kit is a wireless

[FD] [SYSS-2016-066] Multi Kon Trade M2B GSM Wireless Alarm System - Missing Protection against Replay Attacks

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Advisory ID: SYSS-2016-066 Product: M2B GSM Wireless Alarm System Manufacturer: Multi Kon Trade Affected Version(s): Unspecified Tested Version(s): Unspecified Vulnerability Type: Missing Protection against Replay Attacks Risk Level: Medium Solution

[FD] [SYSS-2016-064] Multi Kon Trade M2B GSM Wireless Alarm System - Improper Restriction of Excessive Authentication Attempts (CWE-307)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Advisory ID: SYSS-2016-064 Product: M2B GSM Wireless Alarm System Manufacturer: Multi Kon Trade Affected Version(s): Unspecified Tested Version(s): Unspecified Vulnerability Type: Improper Restriction of Excessive Authentication

[FD] [SYSS-2016-075] Targus Multimedia Presentation Remote - Insufficient Verification of Data Authenticity (CWE-345), Mouse Spoofing Attack

) Mouse Spoofing Attack Risk Level: Medium Solution Status: Open Manufacturer Notification: 2016-08-16 Solution Date: - Public Disclosure: 2016-10-12 CVE Reference: Not yet assigned Authors of Advisory: Matthias Deeg (SySS GmbH

[FD] [SYSS-2016-074] Logitech Wireless Presenter R400 - Insufficient Verification of Data Authenticity (CWE-345), Keystroke Injection Vulnerability

) Keystroke Injection Vulnerability Risk Level: High Solution Status: Open Manufacturer Notification: 2016-08-12 Solution Date: - Public Disclosure: 2016-10-12 CVE Reference: Not yet assigned Authors of Advisory: Matthias Deeg (SySS GmbH

[FD] [SYSS-2016-043] Microsoft Wireless Desktop 2000 - Cryptographic Issues (CWE-310), Insufficient Protection against Replay Attacks

: Open Manufacturer Notification: 2016-05-19 Solution Date: - Public Disclosure: 2016-10-05 CVE Reference: Not yet assigned Authors of Advisory: Matthias Deeg and Gerhard Klostermeier (SySS GmbH) Overview: Microsoft Wireless

[FD] [SYSS-2016-068] Fujitsu Wireless Keyboard Set LX901 - Cryptographic Issues (CWE-310), Missing Protection against Replay Attacks

Status: Open Manufacturer Notification: 2016-07-07 Solution Date: - Public Disclosure: 2016-10-05 CVE Reference: Not yet assigned Authors of Advisory: Matthias Deeg and Gerhard Klostermeier (SySS GmbH) Overview: Fujitsu

[FD] [SYSS-2016-043] Microsoft Wireless Desktop 2000 - Cryptographic Issues (CWE-310), Insufficient Protection against Replay Attacks

Replay Attacks Risk Level: Medium Solution Status: Open Manufacturer Notification: 2016-05-19 Solution Date: - Public Disclosure: 2016-10-05 CVE Reference: Not yet assigned Authors of Advisory: Matthias Deeg and Gerhard Klostermeier (SySS GmbH

[FD] [SYSS-2016-033] Microsoft Wireless Desktop 2000 - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key)

(Cryptographic Key) Risk Level: Medium Solution Status: Open Manufacturer Notification: 2016-04-22 Solution Date: - Public Disclosure: 2016-10-05 CVE Reference: Not yet assigned Authors of Advisory: Gerhard Klostermeier and Matthias Deeg (SySS GmbH

[FD] Radioactive Mouse States the Obvious: Exploiting unencrypted and unauthenticated data communication of wireless mice

project about modern wireless desktop sets using AES encryption, Expert IT Security consultant Matthias Deeg and IT Security Consultant Gerhard Klostermeier noticed that the radio communication of all tested wireless mice so far was unencrypted and unauthenticated. The insight that radio

[FD] [SYSS-2016-060] Logitech M520 - Insufficient Verification of Data Authenticity (CWE-345)

) Mouse Spoofing Attack Risk Level: Medium Solution Status: Open Manufacturer Notification: 2016-06-28 Solution Date: - Public Disclosure: 2016-09-30 CVE Reference: Not yet assigned Authors of Advisory: Matthias Deeg and Gerhard Klostermeier (SySS GmbH

[FD] [SYSS-2016-058] CHERRY B.UNLIMITED AES - Insufficient Verification of Data Authenticity (CWE-345)

) Mouse Spoofing Attack Risk Level: Medium Solution Status: Open Manufacturer Notification: 2016-06-28 Solution Date: - Public Disclosure: 2016-09-30 CVE Reference: Not yet assigned Authors of Advisory: Matthias Deeg and Gerhard Klostermeier (SySS GmbH

[FD] [SYSS-2016-063] VMware ESXi 6 - Improper Input Validation (CWE-20)

build 3380124 (Update 1) Vulnerability Type: Improper Input Validation (CWE-20) Risk Level: Medium Solution Status: Fixed Manufacturer Notification: 2016-07-01 Solution Date: 2016-08-04 Public Disclosure: 2016-08-05 CVE Reference: CVE-2016-5331 Authors of Advisory: Matthias Deeg (SySS GmbH