Security advisories

Managing and minimizing security risks to our and customers’ business

cybersecurity.jpg

At Valmet, we consider the security of our products, systems and services a top priority. Vulnerability management is one essential part of managing and minimizing security risks to our and customers’ business.

Security advisories

Advisory

Description

Valmet DNA Remote Code Execution

CVE-2021-26726

Remote code execution vulnerability in Valmet DNA. The vulnerability has been fixed and the fix is available from Valmet Automation Customer Service.

Valmet DNA local privilege escalation through insecure DCOM configuration

CVE-2025-0416

It is possible to gain SYSTEM privileges as any local user via a permission issue in the DCOM object.

Valmet DNA Lack of protection against brute force attacks 

CVE-2025-0417

An arbitrary number of login attempts can be made via the Valmet DNA operator user interface without the user being blocked.

Valmet DNA user passwords in plain text 

CVE-2025-0418

Passwords of Valmet DNA users are stored in plain text within the Valmet DNA function blocks.

For more information please contact your local Valmet Customer Service.