PT-2026-44162

Summary A Server-Side Code Injection vulnerability exists in the Yamcs script evaluation engine for Python algorithms. The application dynamically compiles and evaluates user-controlled algorithm text using Jython via the JSR-223 ScriptEngine API without enforcing a secure sandbox. An authenticat...

Siemens SIMATIC S7-1500 Incorrect Type Conversion or Cast (CVE-2020-10735)

A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using inttext, a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits float, decimal, int.frombytes, and int for binary bases 2, 4, 8, 16, and 32 are not...

GHSA-5M22-CFQ9-86X6 Pickle serialization vulnerable to Deserialization of Untrusted Data

What We are using pickle as default serialization module but that has known security issues see e.g. https://medium.com/ochrona/python-pickle-is-notoriously-insecure-d6651f1974c9. In summary, it is not advisable to open Pickles that you create yourself locally. In vantage6, algorithms use pickles...