Eclipse Cyclone DDS Vulnerabilities have no impact on SICK picoScan150 & SICK picoScan120 products

Eclipse Cyclone DDS has known vulnerabilities and is used in SICK picoScan150 and SICK picoScan120 products starting with version 2.2.0. A current analysis confirms that the identified vulnerabilities CVE-2025-67109 and CVE-2023-24011 do not affect SICK picoScan150 and SICK picoScan120. Both...

CVE-2025-67109

Improper verification of the time certificate in Eclipse Cyclone DDS before v0.10.5 allows attackers to bypass certificate checks and execute commands with System privileges...

CVE-2025-67109

Improper verification of the time certificate in Eclipse Cyclone DDS before v0.10.5 allows attackers to bypass certificate checks and execute commands with System privileges...

CVE-2025-67109

Improper verification of the time certificate in Eclipse Cyclone DDS before v0.10.5 allows attackers to bypass certificate checks and execute commands with System privileges...

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation via the ddstime function due to insufficient validation in the time certificate verification. An attacker can gain elevated privileges and execute arbitrary commands by bypassing certificate checks...

CVE-2025-67109

Improper verification of the time certificate in Eclipse Cyclone DDS before v0.10.5 allows attackers to bypass certificate checks and execute commands with System privileges...

CVE-2025-67109

The CVE-2025-67109 entry concerns Eclipse Cyclone DDS prior to version 0.10.5, with a root cause described as improper verification of the time certificate. This weakness allows an attacker to bypass certificate checks and execute commands with System privileges. Multiple sources corroborate the ...

Eclipse Cyclone DDS 安全漏洞

Eclipse Cyclone DDS is a very high performance and robust open source DDS implementation from the Eclipse Foundation. A security vulnerability exists in Eclipse Cyclone DDS versions prior to 0.10.5 that stems from improper validation of time certificates, which could lead to elevation of privileg...

CVE-2025-67109

Improper verification of the time certificate in Eclipse Cyclone DDS before v0.10.5 allows attackers to bypass certificate checks and execute commands with System privileges...

PT-2025-52762

Name of the Vulnerable Software and Affected Versions Eclipse Cyclone DDS versions prior to 0.10.5 Description A flaw exists in Eclipse Cyclone DDS that involves improper verification of the time certificate. This allows attackers to bypass certificate checks and potentially execute commands with...

CVE-2025-64518 CycloneDX Core (Java): BOM validation is vulnerable to XML External Entity injection

The CycloneDX core module provides a model representation of the SBOM along with utilities to assist in creating, validating, and parsing SBOMs. Starting in version 2.1.0 and prior to version 11.0.1, the XML Validator used by cyclonedx-core-java was not configured securely, making the library...

EUVD-2020-10652

Malware in sbrugna...

EUVD-2020-10651

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2020-18735

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap buffer overflow in /src/ddsstream.c of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash. CVE-2020-18735 Note that Nessus...

CVE-2025-6030

Use of fixed learning codes, one code to lock the car and the other code to unlock it, in the Key Fob Transmitter in Cyclone Matrix TRF Smart Keyless Entry System, which allows a replay attack. Research was completed on the 2024 KIA Soluto. Attack confirmed on other KIA Models in Ecuador...

CVE-2025-6030

Use of fixed learning codes, one code to lock the car and the other code to unlock it, in the Key Fob Transmitter in Cyclone Matrix TRF Smart Keyless Entry System, which allows a replay attack. Research was completed on the 2024 KIA Soluto. Attack confirmed on other KIA Models in Ecuador...

CVE-2025-6030

CVE-2025-6030 concerns the Cyclone Matrix TRF Smart Keyless Entry System’s Key Fob Transmitter, where the use of fixed learning codes enables a replay attack. The issue affects Cyclone Matrix TRF-based keyless systems and was demonstrated on a 2024 Kia Soluto, with reports of attacks on other Kia...

CVE-2025-6030 Autoeastern Smart Keyless Entry System Replay Attack

Use of fixed learning codes, one code to lock the car and the other code to unlock it, in the Key Fob Transmitter in Cyclone Matrix TRF Smart Keyless Entry System, which allows a replay attack. Research was completed on the 2024 KIA Soluto. Attack confirmed on other KIA Models in Ecuador...

Autoeastern Cyclone Matrix TRF 安全漏洞

Autoeastern Cyclone Matrix TRF is an automotive smart door lock system from Autoeastern Ecuador. A security vulnerability exists in the Autoeastern Cyclone Matrix TRF that stems from the use of fixed learning code that could lead to replay attacks...

PT-2025-25421 · Unknown · Cyclone Matrix Trf Smart Keyless Entry System

Name of the Vulnerable Software and Affected Versions: Cyclone Matrix TRF Smart Keyless Entry System versions affected versions not specified Description: The issue concerns the use of fixed learning codes in the Key Fob Transmitter, which allows a replay attack. Research was completed on the 202...