Security advisories
Managing and minimizing security risks to our and customers’ business

At Valmet, we consider the security of our products, systems and services a top priority. Vulnerability management is one essential part of managing and minimizing security risks to our and customers’ business.
Security advisories
Advisory |
Description |
Valmet DNA Remote Code Execution CVE-2021-26726 |
Remote code execution vulnerability in Valmet DNA. The vulnerability has been fixed and the fix is available from Valmet Automation Customer Service. |
Valmet DNA local privilege escalation through insecure DCOM configuration |
It is possible to gain SYSTEM privileges as any local user via a permission issue in the DCOM object. |
An arbitrary number of login attempts can be made via the Valmet DNA operator user interface without the user being blocked. |
|
Passwords of Valmet DNA users are stored in plain text within the Valmet DNA function blocks. |
For more information please contact your local Valmet Customer Service.