This security advisory provides customers with an update on how Nedap Identification products and services are affected by the OPENSSL 3.0. vulnerability
What is this vulnerability?
A critical vulnerability has been found in OpenSSL 3.0. The OpenSSL development team has announced that they will release version 3.0.7 on Tuesday, Nov. 1, 2022. This new version will fix the vulnerability. The vulnerability is not present in versions lower than 3.0. Versions 1.1.1 and 1.0.2 are therefore not affected by this problem.
How does this vulnerability affect Nedap Identification Systems?
Nedap Identification Systems does not utilize the OPENSSL 3.0 software in its hardware products (e.g., uPASS, TRANSIT, NVITE and ANPR).
OPENSSL 3.0 is also not implemented in our software services MOOV (Basic, Multi-Tenant, City Access, Leisure) and SENSIT.
What actions should I take?
- Users of our services do not need to take any action
- We recommend partners who developed integrations with our platform API's, to evaluate their own software for this vulnerability.
Where can I find more information?
Additional information on this vulnerability can be found here:
- OpenSSL website: OpenSSL
- National Vulnerability Database: OPENSSL on NCSC