Grid Protection Alliance Vulnerabilities Responses
GPA's Definition of a Vulnerability
GPA's Approach to Coordinated Vulnerability Disclosure
Most Recent

A vulnerability has been identified in both openPDC and openHistorian, which allows an attacker to perform command execution by leveraging unsigned custom adapters. Based on typical deployments and mitigation available via the use of standard security practices, this has been classified as low.

Recently a third party has pointed out several potentialy critical vulnerability in the openPDC docker container published on Dockerhub. GPA does not recommend use of the docker image and has not does not provide patches or support for docker deployments of openPDC and openHistorian. These imagesare for development and testing purposes only and should not be deployed in production.

A critical vulnerability has been identified in both openPDC and openHistorian, which allows an attacker to perform Permanent Cross-Site-Scripting via configuration objects.
