Topkapi - Security bulletins

Security bulletins

Discover the full list of security bulletins concerning the Topkapi SCADA software.

Security : a major concern

AREAL makes security a priority. Our commitment to cybersecurity means that you will be kept informed of any vulnerabilities detected and solutions to remedy them (updates to be carried out or suggested workarounds). 

If you detect a vulnerability, we invite you to contact our technical support via the contact form below.

Vulnerability information

Flux RSS
Title Releases Description Last update Additional Information
CVE-2024-1104
Topkapi Webserv2 up to version 6.2.4776
Vulnerability CVE-2024-1104 was found in Topkapi Webserv2 Web Server.
Brute force login attacks can cause a temporary denial of service of the web site.
A problem was found in the brute force prevention mecanism, this can make the web site unavailable for a short period of time for all users, including already logged-in users. Possible workaround is to throttle requests with a reverse-proxy.
Affects Topkapi Webserv2 up to version 6.2.4776, last affected version. Fixed in version 6.2.4777. Please update the Webserv2 component.

n/a

CVE-2023-50356
versions up to 6.2.4718 included
Vulnerability CVE-2023-50356 was foud in the LDAPS component, exclusively in mode NOVELL or SYNOLOGY. Connections to LDAPS in mode NOVELL and SYNOLOGY are vulnerable to a Man-in-the-middle attack, because of improper certificate validation.

Active Directory mode is NOT affected. Affects Areal Topkapi Vision Server versions up to 6.2.4718 included. First unaffected fixed release 6.2.4719. This vulnerability could result in disclosure of user names and passwords. Please update if using a Novell/Synology LDAP.

n/a

CVE-2023-50357
All version of "Webserv1" <= 6.1
Component "Webserv1" is possibly affected of cross site scripting vulnerabilities through unchecked parameters in web site. This affect all version of "Webserv1" <= 6.1 ; Vulnerability was reported as CVE-2023-50357 (https://cert.vde.com/en/advisories/weakness/CVE-2023-50357/).

This vulnerability theorically offers the possibility to inject malicious data in the web site. A low privileged user, because of unsufficiently check parameters, could attack the system via other users's access rights.
This vulnerability could result in disclosure or modification of process information via privilege gain.

Product "Webserv1" is END-OF-LIFE. This component is replaced by "Webserv2" web server, which is not affected by the CVE, and is available with scada since version 6.0. Please upgrade to replacement product.

n/a

Want to report a vulnerability ?
contact us