ICSA-26-055-03
Vulnerability from csaf_cisa - Published: 2026-02-24 06:00 - Updated: 2026-04-02 05:00Summary
Gardyn Home Kit (Update A)
Notes
Legal Notice and Terms of Use: This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).
Risk evaluation: Successful exploitation of these vulnerabilities could allow unauthenticated users to access and control edge devices, access cloud-based devices and user information without authentication, and pivot to other edge devices managed in the Gardyn cloud environment.
Critical infrastructure sectors: Food and Agriculture
Countries/areas deployed: United States
Company headquarters location: United States
Recommended Practices: CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities.
Recommended Practices: Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.
Recommended Practices: Locate control system networks and remote devices behind firewalls and isolating them from business networks.
Recommended Practices: When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.
Recommended Practices: Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
Recommended Practices: No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.
8.3 (High)
Mitigation
Gardyn states that the relevant fixes are included in the latest version of the Gardyn mobile application. Users are required to run a supported version of the Gardyn App on their phone in order to access Gardyn services and devices.
Mitigation
The current versions of the Gardyn App and the Gardyn Home firmware can be checked in the Gardyn App.
Mitigation
For all vulnerabilities, Gardyn recommends users ensure their home kit and studio devices are upgraded to firmware master.622 or later. Gardyn also recommends that users update their mobile application to the most recent version. Gardyn requests that users ensure their devices have network connectivity in order to automatically download needed firmware updates. Unconnected devices will automatically update when configured with a working Internet connection.
Mitigation
Further information on Gardyn security can be found here: https://mygardyn.com/security/
https://mygardyn.com/security/
Mitigation
Further customer support can be obtained from Gardyn at: support@mygardyn.com
mailto:support@mygardyn.com
8.3 (High)
Mitigation
Gardyn states that the relevant fixes are included in the latest version of the Gardyn mobile application. Users are required to run a supported version of the Gardyn App on their phone in order to access Gardyn services and devices.
Mitigation
The current versions of the Gardyn App and the Gardyn Home firmware can be checked in the Gardyn App.
Mitigation
For all vulnerabilities, Gardyn recommends users ensure their home kit and studio devices are upgraded to firmware master.622 or later. Gardyn also recommends that users update their mobile application to the most recent version. Gardyn requests that users ensure their devices have network connectivity in order to automatically download needed firmware updates. Unconnected devices will automatically update when configured with a working Internet connection.
Mitigation
Further information on Gardyn security can be found here: https://mygardyn.com/security/
https://mygardyn.com/security/
Mitigation
Further customer support can be obtained from Gardyn at: support@mygardyn.com
mailto:support@mygardyn.com
9.1 (Critical)
Mitigation
Gardyn states that the relevant fixes are included in the latest version of the Gardyn mobile application. Users are required to run a supported version of the Gardyn App on their phone in order to access Gardyn services and devices.
Mitigation
The current versions of the Gardyn App and the Gardyn Home firmware can be checked in the Gardyn App.
Mitigation
For all vulnerabilities, Gardyn recommends users ensure their home kit and studio devices are upgraded to firmware master.622 or later. Gardyn also recommends that users update their mobile application to the most recent version. Gardyn requests that users ensure their devices have network connectivity in order to automatically download needed firmware updates. Unconnected devices will automatically update when configured with a working Internet connection.
Mitigation
Further information on Gardyn security can be found here: https://mygardyn.com/security/
https://mygardyn.com/security/
Mitigation
Further customer support can be obtained from Gardyn at: support@mygardyn.com
mailto:support@mygardyn.com
9.1 (Critical)
Mitigation
Gardyn states that the relevant fixes are included in the latest version of the Gardyn mobile application. Users are required to run a supported version of the Gardyn App on their phone in order to access Gardyn services and devices.
Mitigation
The current versions of the Gardyn App and the Gardyn Home firmware can be checked in the Gardyn App.
Mitigation
For all vulnerabilities, Gardyn recommends users ensure their home kit and studio devices are upgraded to firmware master.622 or later. Gardyn also recommends that users update their mobile application to the most recent version. Gardyn requests that users ensure their devices have network connectivity in order to automatically download needed firmware updates. Unconnected devices will automatically update when configured with a working Internet connection.
Mitigation
Further information on Gardyn security can be found here: https://mygardyn.com/security/
https://mygardyn.com/security/
Mitigation
Further customer support can be obtained from Gardyn at: support@mygardyn.com
mailto:support@mygardyn.com
8.6 (High)
Mitigation
Gardyn states that the relevant fixes are included in the latest version of the Gardyn mobile application. Users are required to run a supported version of the Gardyn App on their phone in order to access Gardyn services and devices.
Mitigation
The current versions of the Gardyn App and the Gardyn Home firmware can be checked in the Gardyn App.
Mitigation
For all vulnerabilities, Gardyn recommends users ensure their home kit and studio devices are upgraded to firmware master.622 or later. Gardyn also recommends that users update their mobile application to the most recent version. Gardyn requests that users ensure their devices have network connectivity in order to automatically download needed firmware updates. Unconnected devices will automatically update when configured with a working Internet connection.
Mitigation
Further information on Gardyn security can be found here: https://mygardyn.com/security/
https://mygardyn.com/security/
Mitigation
Further customer support can be obtained from Gardyn at: support@mygardyn.com
mailto:support@mygardyn.com
9.3 (Critical)
Mitigation
Gardyn states that the relevant fixes are included in the latest version of the Gardyn mobile application. Users are required to run a supported version of the Gardyn App on their phone in order to access Gardyn services and devices.
Mitigation
The current versions of the Gardyn App and the Gardyn Home firmware can be checked in the Gardyn App.
Mitigation
For all vulnerabilities, Gardyn recommends users ensure their home kit and studio devices are upgraded to firmware master.622 or later. Gardyn also recommends that users update their mobile application to the most recent version. Gardyn requests that users ensure their devices have network connectivity in order to automatically download needed firmware updates. Unconnected devices will automatically update when configured with a working Internet connection.
Mitigation
Further information on Gardyn security can be found here: https://mygardyn.com/security/
https://mygardyn.com/security/
Mitigation
Further customer support can be obtained from Gardyn at: support@mygardyn.com
mailto:support@mygardyn.com
9.1 (Critical)
Mitigation
Gardyn states that the relevant fixes are included in the latest version of the Gardyn mobile application. Users are required to run a supported version of the Gardyn App on their phone in order to access Gardyn services and devices.
Mitigation
The current versions of the Gardyn App and the Gardyn Home firmware can be checked in the Gardyn App.
Mitigation
For all vulnerabilities, Gardyn recommends users ensure their home kit and studio devices are upgraded to firmware master.622 or later. Gardyn also recommends that users update their mobile application to the most recent version. Gardyn requests that users ensure their devices have network connectivity in order to automatically download needed firmware updates. Unconnected devices will automatically update when configured with a working Internet connection.
Mitigation
Further information on Gardyn security can be found here: https://mygardyn.com/security/
https://mygardyn.com/security/
Mitigation
Further customer support can be obtained from Gardyn at: support@mygardyn.com
mailto:support@mygardyn.com
7.5 (High)
Mitigation
Gardyn states that the relevant fixes are included in the latest version of the Gardyn mobile application. Users are required to run a supported version of the Gardyn App on their phone in order to access Gardyn services and devices.
Mitigation
The current versions of the Gardyn App and the Gardyn Home firmware can be checked in the Gardyn App.
Mitigation
For all vulnerabilities, Gardyn recommends users ensure their home kit and studio devices are upgraded to firmware master.622 or later. Gardyn also recommends that users update their mobile application to the most recent version. Gardyn requests that users ensure their devices have network connectivity in order to automatically download needed firmware updates. Unconnected devices will automatically update when configured with a working Internet connection.
Mitigation
Further information on Gardyn security can be found here: https://mygardyn.com/security/
https://mygardyn.com/security/
Mitigation
Further customer support can be obtained from Gardyn at: support@mygardyn.com
mailto:support@mygardyn.com
5.3 (Medium)
Mitigation
Gardyn states that the relevant fixes are included in the latest version of the Gardyn mobile application. Users are required to run a supported version of the Gardyn App on their phone in order to access Gardyn services and devices.
Mitigation
The current versions of the Gardyn App and the Gardyn Home firmware can be checked in the Gardyn App.
Mitigation
For all vulnerabilities, Gardyn recommends users ensure their home kit and studio devices are upgraded to firmware master.622 or later. Gardyn also recommends that users update their mobile application to the most recent version. Gardyn requests that users ensure their devices have network connectivity in order to automatically download needed firmware updates. Unconnected devices will automatically update when configured with a working Internet connection.
Mitigation
Further information on Gardyn security can be found here: https://mygardyn.com/security/
https://mygardyn.com/security/
Mitigation
Further customer support can be obtained from Gardyn at: support@mygardyn.com
mailto:support@mygardyn.com
5.3 (Medium)
Mitigation
Gardyn states that the relevant fixes are included in the latest version of the Gardyn mobile application. Users are required to run a supported version of the Gardyn App on their phone in order to access Gardyn services and devices.
Mitigation
The current versions of the Gardyn App and the Gardyn Home firmware can be checked in the Gardyn App.
Mitigation
For all vulnerabilities, Gardyn recommends users ensure their home kit and studio devices are upgraded to firmware master.622 or later. Gardyn also recommends that users update their mobile application to the most recent version. Gardyn requests that users ensure their devices have network connectivity in order to automatically download needed firmware updates. Unconnected devices will automatically update when configured with a working Internet connection.
Mitigation
Further information on Gardyn security can be found here: https://mygardyn.com/security/
https://mygardyn.com/security/
Mitigation
Further customer support can be obtained from Gardyn at: support@mygardyn.com
mailto:support@mygardyn.com
References
Acknowledgments
Michael Groberman
{
"document": {
"acknowledgments": [
{
"names": [
"Michael Groberman"
],
"summary": "reported these vulnerabilities to CISA"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://www.cisa.gov/news-events/news/traffic-light-protocol-tlp-definitions-and-usage"
}
},
"lang": "en-US",
"notes": [
{
"category": "legal_disclaimer",
"text": "This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy \u0026 Use policy (https://www.cisa.gov/privacy-policy).",
"title": "Legal Notice and Terms of Use"
},
{
"category": "summary",
"text": "Successful exploitation of these vulnerabilities could allow unauthenticated users to access and control edge devices, access cloud-based devices and user information without authentication, and pivot to other edge devices managed in the Gardyn cloud environment.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Food and Agriculture",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "United States",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "United States",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolating them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-26-055-03 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2026/icsa-26-055-03.json"
},
{
"category": "self",
"summary": "ICSA Advisory ICSA-26-055-03 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-055-03"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/ics-alerts/ics-alert-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/news/targeted-cyber-intrusion-detection-and-mitigation-strategies-update-b"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/secure-our-world/teach-employees-avoid-phishing"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/news/avoiding-social-engineering-and-phishing-attacks"
}
],
"title": "Gardyn Home Kit (Update A)",
"tracking": {
"current_release_date": "2026-04-02T05:00:00.000000Z",
"generator": {
"date": "2026-03-31T21:03:23.115463Z",
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-26-055-03",
"initial_release_date": "2026-02-24T06:00:00.000000Z",
"revision_history": [
{
"date": "2026-02-24T06:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "Initial Publication"
},
{
"date": "2026-04-02T05:00:00.000000Z",
"legacy_version": "Update A",
"number": "2",
"summary": "Update A - Added vulnerabilities (CVE-2025-10681, CVE-2026-28766, CVE-2026-25197, CVE-2026-32646, CVE-2026-28767, CVE-2026-32662), modified mitigations as recommended by Gardyn, associated affected products with relevant vulnerabilities, updated product version numbers."
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cmaster.619",
"product": {
"name": "Gardyn Gardyn Home Firmware: \u003cmaster.619",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "Gardyn Home Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cmaster.619",
"product": {
"name": "Gardyn Gardyn Studio Firmware: \u003cmaster.619",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "Gardyn Studio Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2.11.0",
"product": {
"name": "Gardyn Gardyn Mobile Application: \u003c2.11.0",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "Gardyn Mobile Application"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2.12.2026",
"product": {
"name": "Gardyn Gardyn Cloud API: \u003c2.12.2026",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "Gardyn Cloud API"
}
],
"category": "vendor",
"name": "Gardyn"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-29628",
"cwe": {
"id": "CWE-319",
"name": "Cleartext Transmission of Sensitive Information"
},
"notes": [
{
"category": "summary",
"text": "A Gardyn Azure IoT Hub connection string is downloaded over an insecure HTTP connection leaving the string vulnerable to interception and modification through a Man-in-the-Middle attack. This may result in the attacker capturing device credentials or taking control of vulnerable home kits.",
"title": "Vulnerability Summary"
},
{
"category": "details",
"text": "SSVCv2/E:P/A:N/2026-03-31T05:00:00.000000Z",
"title": "SSVC"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/319.html"
},
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29628"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Gardyn states that the relevant fixes are included in the latest version of the Gardyn mobile application. Users are required to run a supported version of the Gardyn App on their phone in order to access Gardyn services and devices.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "The current versions of the Gardyn App and the Gardyn Home firmware can be checked in the Gardyn App.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "For all vulnerabilities, Gardyn recommends users ensure their home kit and studio devices are upgraded to firmware master.622 or later. Gardyn also recommends that users update their mobile application to the most recent version. Gardyn requests that users ensure their devices have network connectivity in order to automatically download needed firmware updates. Unconnected devices will automatically update when configured with a working Internet connection.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Further information on Gardyn security can be found here: https://mygardyn.com/security/",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://mygardyn.com/security/"
},
{
"category": "mitigation",
"details": "Further customer support can be obtained from Gardyn at: support@mygardyn.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "mailto:support@mygardyn.com"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2025-29629",
"cwe": {
"id": "CWE-1392",
"name": "Use of Default Credentials"
},
"notes": [
{
"category": "summary",
"text": "The Gardyn Home Kit uses weak default credentials for secure shell access. This may result in attackers gaining access to exposed Gardyn Home Kits.",
"title": "Vulnerability Summary"
},
{
"category": "details",
"text": "SSVCv2/E:P/A:N/2026-03-31T05:00:00.000000Z",
"title": "SSVC"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/1392.html"
},
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29629"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Gardyn states that the relevant fixes are included in the latest version of the Gardyn mobile application. Users are required to run a supported version of the Gardyn App on their phone in order to access Gardyn services and devices.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "The current versions of the Gardyn App and the Gardyn Home firmware can be checked in the Gardyn App.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "For all vulnerabilities, Gardyn recommends users ensure their home kit and studio devices are upgraded to firmware master.622 or later. Gardyn also recommends that users update their mobile application to the most recent version. Gardyn requests that users ensure their devices have network connectivity in order to automatically download needed firmware updates. Unconnected devices will automatically update when configured with a working Internet connection.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Further information on Gardyn security can be found here: https://mygardyn.com/security/",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://mygardyn.com/security/"
},
{
"category": "mitigation",
"details": "Further customer support can be obtained from Gardyn at: support@mygardyn.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "mailto:support@mygardyn.com"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2025-29631",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "The Gardyn Home Kit is vulnerable to command injection through vulnerable methods that do not sanitize input before passing content to the operating system for execution. The vulnerability may allow an attacker to execute arbitrary operating system commands on a target Home Kit.",
"title": "Vulnerability Summary"
},
{
"category": "details",
"text": "SSVCv2/E:P/A:Y/2026-03-31T05:00:00.000000Z",
"title": "SSVC"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29631"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Gardyn states that the relevant fixes are included in the latest version of the Gardyn mobile application. Users are required to run a supported version of the Gardyn App on their phone in order to access Gardyn services and devices.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "The current versions of the Gardyn App and the Gardyn Home firmware can be checked in the Gardyn App.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "For all vulnerabilities, Gardyn recommends users ensure their home kit and studio devices are upgraded to firmware master.622 or later. Gardyn also recommends that users update their mobile application to the most recent version. Gardyn requests that users ensure their devices have network connectivity in order to automatically download needed firmware updates. Unconnected devices will automatically update when configured with a working Internet connection.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Further information on Gardyn security can be found here: https://mygardyn.com/security/",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://mygardyn.com/security/"
},
{
"category": "mitigation",
"details": "Further customer support can be obtained from Gardyn at: support@mygardyn.com",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "mailto:support@mygardyn.com"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2025-1242",
"cwe": {
"id": "CWE-798",
"name": "Use of Hard-coded Credentials"
},
"notes": [
{
"category": "summary",
"text": "The administrative credentials can be extracted through application API responses, mobile application reverse engineering, and device firmware reverse engineering. The exposure may result in an attacker gaining full administrative access to the Gardyn IoT Hub exposing connected devices to malicious control.",
"title": "Vulnerability Summary"
},
{
"category": "details",
"text": "SSVCv2/E:N/A:Y/2026-03-31T05:00:00.000000Z",
"title": "SSVC"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/798.html"
},
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1242"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Gardyn states that the relevant fixes are included in the latest version of the Gardyn mobile application. Users are required to run a supported version of the Gardyn App on their phone in order to access Gardyn services and devices.",
"product_ids": [
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "The current versions of the Gardyn App and the Gardyn Home firmware can be checked in the Gardyn App.",
"product_ids": [
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "For all vulnerabilities, Gardyn recommends users ensure their home kit and studio devices are upgraded to firmware master.622 or later. Gardyn also recommends that users update their mobile application to the most recent version. Gardyn requests that users ensure their devices have network connectivity in order to automatically download needed firmware updates. Unconnected devices will automatically update when configured with a working Internet connection.",
"product_ids": [
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "Further information on Gardyn security can be found here: https://mygardyn.com/security/",
"product_ids": [
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://mygardyn.com/security/"
},
{
"category": "mitigation",
"details": "Further customer support can be obtained from Gardyn at: support@mygardyn.com",
"product_ids": [
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "mailto:support@mygardyn.com"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0003",
"CSAFPID-0004"
]
}
]
},
{
"cve": "CVE-2025-10681",
"cwe": {
"id": "CWE-798",
"name": "Use of Hard-coded Credentials"
},
"notes": [
{
"category": "summary",
"text": "Storage credentials are hardcoded in the mobile app and device firmware. These credentials do not adequately limit end user permissions and do not expire within a reasonable amount of time. This vulnerability may grant unauthorized access to production storage containers.",
"title": "Vulnerability Summary"
},
{
"category": "details",
"text": "SSVCv2/E:N/A:Y/2026-03-31T05:00:00.000000Z",
"title": "SSVC"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/798.html"
},
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10681"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Gardyn states that the relevant fixes are included in the latest version of the Gardyn mobile application. Users are required to run a supported version of the Gardyn App on their phone in order to access Gardyn services and devices.",
"product_ids": [
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "The current versions of the Gardyn App and the Gardyn Home firmware can be checked in the Gardyn App.",
"product_ids": [
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "For all vulnerabilities, Gardyn recommends users ensure their home kit and studio devices are upgraded to firmware master.622 or later. Gardyn also recommends that users update their mobile application to the most recent version. Gardyn requests that users ensure their devices have network connectivity in order to automatically download needed firmware updates. Unconnected devices will automatically update when configured with a working Internet connection.",
"product_ids": [
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "Further information on Gardyn security can be found here: https://mygardyn.com/security/",
"product_ids": [
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://mygardyn.com/security/"
},
{
"category": "mitigation",
"details": "Further customer support can be obtained from Gardyn at: support@mygardyn.com",
"product_ids": [
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "mailto:support@mygardyn.com"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0003",
"CSAFPID-0004"
]
}
]
},
{
"cve": "CVE-2026-28766",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"category": "summary",
"text": "A specific endpoint exposes all user account information for registered Gardyn users without requiring authentication.",
"title": "Vulnerability Summary"
},
{
"category": "details",
"text": "SSVCv2/E:N/A:Y/2026-03-31T05:00:00.000000Z",
"title": "SSVC"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0004"
]
},
"references": [
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/306.html"
},
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28766"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Gardyn states that the relevant fixes are included in the latest version of the Gardyn mobile application. Users are required to run a supported version of the Gardyn App on their phone in order to access Gardyn services and devices.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "The current versions of the Gardyn App and the Gardyn Home firmware can be checked in the Gardyn App.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "For all vulnerabilities, Gardyn recommends users ensure their home kit and studio devices are upgraded to firmware master.622 or later. Gardyn also recommends that users update their mobile application to the most recent version. Gardyn requests that users ensure their devices have network connectivity in order to automatically download needed firmware updates. Unconnected devices will automatically update when configured with a working Internet connection.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "Further information on Gardyn security can be found here: https://mygardyn.com/security/",
"product_ids": [
"CSAFPID-0004"
],
"url": "https://mygardyn.com/security/"
},
{
"category": "mitigation",
"details": "Further customer support can be obtained from Gardyn at: support@mygardyn.com",
"product_ids": [
"CSAFPID-0004"
],
"url": "mailto:support@mygardyn.com"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0004"
]
}
]
},
{
"cve": "CVE-2026-25197",
"cwe": {
"id": "CWE-639",
"name": "Authorization Bypass Through User-Controlled Key"
},
"notes": [
{
"category": "summary",
"text": "A specific endpoint allows authenticated users to pivot to other user profiles by modifying the id number in the API call.",
"title": "Vulnerability Summary"
},
{
"category": "details",
"text": "SSVCv2/E:N/A:Y/2026-03-31T05:00:00.000000Z",
"title": "SSVC"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0004"
]
},
"references": [
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/639.html"
},
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25197"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Gardyn states that the relevant fixes are included in the latest version of the Gardyn mobile application. Users are required to run a supported version of the Gardyn App on their phone in order to access Gardyn services and devices.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "The current versions of the Gardyn App and the Gardyn Home firmware can be checked in the Gardyn App.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "For all vulnerabilities, Gardyn recommends users ensure their home kit and studio devices are upgraded to firmware master.622 or later. Gardyn also recommends that users update their mobile application to the most recent version. Gardyn requests that users ensure their devices have network connectivity in order to automatically download needed firmware updates. Unconnected devices will automatically update when configured with a working Internet connection.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "Further information on Gardyn security can be found here: https://mygardyn.com/security/",
"product_ids": [
"CSAFPID-0004"
],
"url": "https://mygardyn.com/security/"
},
{
"category": "mitigation",
"details": "Further customer support can be obtained from Gardyn at: support@mygardyn.com",
"product_ids": [
"CSAFPID-0004"
],
"url": "mailto:support@mygardyn.com"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0004"
]
}
]
},
{
"cve": "CVE-2026-32646",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"category": "summary",
"text": "A specific administrative endpoint is accessible without proper authentication, exposing device management functions.",
"title": "Vulnerability Summary"
},
{
"category": "details",
"text": "SSVCv2/E:N/A:Y/2026-03-31T05:00:00.000000Z",
"title": "SSVC"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0004"
]
},
"references": [
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/306.html"
},
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32646"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Gardyn states that the relevant fixes are included in the latest version of the Gardyn mobile application. Users are required to run a supported version of the Gardyn App on their phone in order to access Gardyn services and devices.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "The current versions of the Gardyn App and the Gardyn Home firmware can be checked in the Gardyn App.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "For all vulnerabilities, Gardyn recommends users ensure their home kit and studio devices are upgraded to firmware master.622 or later. Gardyn also recommends that users update their mobile application to the most recent version. Gardyn requests that users ensure their devices have network connectivity in order to automatically download needed firmware updates. Unconnected devices will automatically update when configured with a working Internet connection.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "Further information on Gardyn security can be found here: https://mygardyn.com/security/",
"product_ids": [
"CSAFPID-0004"
],
"url": "https://mygardyn.com/security/"
},
{
"category": "mitigation",
"details": "Further customer support can be obtained from Gardyn at: support@mygardyn.com",
"product_ids": [
"CSAFPID-0004"
],
"url": "mailto:support@mygardyn.com"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0004"
]
}
]
},
{
"cve": "CVE-2026-28767",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"category": "summary",
"text": "A specific administrative endpoint notifications is accessible without proper authentication.",
"title": "Vulnerability Summary"
},
{
"category": "details",
"text": "SSVCv2/E:N/A:Y/2026-03-31T05:00:00.000000Z",
"title": "SSVC"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0004"
]
},
"references": [
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/306.html"
},
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28767"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Gardyn states that the relevant fixes are included in the latest version of the Gardyn mobile application. Users are required to run a supported version of the Gardyn App on their phone in order to access Gardyn services and devices.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "The current versions of the Gardyn App and the Gardyn Home firmware can be checked in the Gardyn App.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "For all vulnerabilities, Gardyn recommends users ensure their home kit and studio devices are upgraded to firmware master.622 or later. Gardyn also recommends that users update their mobile application to the most recent version. Gardyn requests that users ensure their devices have network connectivity in order to automatically download needed firmware updates. Unconnected devices will automatically update when configured with a working Internet connection.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "Further information on Gardyn security can be found here: https://mygardyn.com/security/",
"product_ids": [
"CSAFPID-0004"
],
"url": "https://mygardyn.com/security/"
},
{
"category": "mitigation",
"details": "Further customer support can be obtained from Gardyn at: support@mygardyn.com",
"product_ids": [
"CSAFPID-0004"
],
"url": "mailto:support@mygardyn.com"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0004"
]
}
]
},
{
"cve": "CVE-2026-32662",
"cwe": {
"id": "CWE-489",
"name": "Active Debug Code"
},
"notes": [
{
"category": "summary",
"text": "Development and test API endpoints are present that mirror production functionality.",
"title": "Vulnerability Summary"
},
{
"category": "details",
"text": "SSVCv2/E:N/A:Y/2026-03-31T05:00:00.000000Z",
"title": "SSVC"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0004"
]
},
"references": [
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/489.html"
},
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32662"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Gardyn states that the relevant fixes are included in the latest version of the Gardyn mobile application. Users are required to run a supported version of the Gardyn App on their phone in order to access Gardyn services and devices.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "The current versions of the Gardyn App and the Gardyn Home firmware can be checked in the Gardyn App.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "For all vulnerabilities, Gardyn recommends users ensure their home kit and studio devices are upgraded to firmware master.622 or later. Gardyn also recommends that users update their mobile application to the most recent version. Gardyn requests that users ensure their devices have network connectivity in order to automatically download needed firmware updates. Unconnected devices will automatically update when configured with a working Internet connection.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "Further information on Gardyn security can be found here: https://mygardyn.com/security/",
"product_ids": [
"CSAFPID-0004"
],
"url": "https://mygardyn.com/security/"
},
{
"category": "mitigation",
"details": "Further customer support can be obtained from Gardyn at: support@mygardyn.com",
"product_ids": [
"CSAFPID-0004"
],
"url": "mailto:support@mygardyn.com"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0004"
]
}
]
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…