You are here

CSIRT : Computer Security Incident Reponse Team

CSIRT : Computer Security Incident Reponse Team

How to contact the Panorama CSIRT

If you want to alert us or send a comment on this topic, please use this form.

Security Bulletins

Security Bulletins are documents designed to :

  • inform on best practices and news in Cybersecurity
  • alert users on vulnerabilities identified in our software and describe their solution.

When the solution requires a Panorama update, You will have to log on our technical website

26 Oct 18Pano/BS006-ENOPC UA security vulnerabilities
If the OPC-UA server function has been activated, in specific cases, then an attacking client can trigger a stack overflow in OPC UA server by sending malicious queries.
26 Oct 18Pano/BS005-ENOPC binding Basic128Rsa15 is deprecated
OPC UA Basic128Rsa15 cryptosuite relies on cryptographic algorithms that are not strong enough today to ensure privacy on encrypted communications between an OPC UA client and its server. It is therefore recommended to stop using this cryptosuite on UA bindings, and to use Basic256 and Basic256Sha256 instead.
26 Oct 18Pano/BS004-ENStrengthening machine identity control
Machine authentication was not guaranteed in the Active Directory domain, which could lead to identity theft for a server machine on an unsecured network. This possibility of spoofing would allow an attacker to compromise the confidentiality and integrity policies of the network flows from and to the functional servers.
26 Oct 18Pano/BS003-ENPanorama services configuration hardening (update)
This security update provides complements to the Panorama security recommendations in the Panorama Suite 2017 manual.
26 Oct 18Pano/BS002-ENComplements for SNMP-V3 mode TSM
This security update contains changes and fixes for SNMP-V3 in TSM mode (secured by the DTLS transport layer).
26 Oct 18Pano/BS001-ENUpdate of Panorama Suite online help and Network and Security tool
This security update provides additional guidelines on the security implementation for Panorama and a new version of the Network and Security tool in line with these new guidelines.