{ "document": { "acknowledgments": [ { "organization": "CERT@VDE", "summary": "coordination", "urls": [ "https://certvde.com" ] }, { "names": [ "Security Researchers" ], "organization": "tenable", "summary": "reporting", "urls": [ "https://www.tenable.com" ] } ], "aggregate_severity": { "namespace": "https://www.first.org/cvss/v3.1/specification-document#Qualitative-Severity-Rating-Scale", "text": "Critical" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en-GB", "notes": [ { "category": "summary", "text": "A vulnerability has been identified in ibaPDA and ibaDatCoordinator. The affected applications do not properly restrict the .NET BinaryFormatter when deserializing client-server input. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected applications. This is the same issue that exists for the .NET BinaryFormatter: https://docs.microsoft.com/en-us/visualstudio/code-quality/ca2300.", "title": "Summary" }, { "category": "description", "text": "Remote Code Execution (RCE) running under the service user account, thereby allowing privilege escalation.", "title": "Impact" }, { "category": "description", "text": "Restrict connections to localhost \n- (Info: Applies only to ibaPDA. For ibaDatCoordinator, continue with the next step.) Go to I/O Manager → General and deactivate the option \"Automatically open necessary ports in Windows Firewall.\" (If this option remains active, after a restart of ibaPDA or a restart for data acquisition, the firewall will be reconfigured automatically.) \n- Then go to Advanced Windows Firewall settings and delete or deactivate all incoming rules for the ibaPDA / ibaDatCoordinator Client and Server. \n- Create manual firewall rules for the connection you use for ibaPDA or ibaDatCoordinator and verify that you have the correct ports configured. Help regarding which ports the ibaPDA or ibaDatCoordinator Service uses can be found in the iba Help Center. \n \nImportant: After the change, verify that all ibaPDA or ibaDatCoordinator services are working as expected and that the data acquisition is functioning correctly.", "title": "Mitigation" }, { "category": "description", "text": "Update to the fixed versions listed below:\n- ibaPDA v8.14.0\n- ibaDatCoordinator v4.0.7", "title": "Remediation" } ], "publisher": { "category": "vendor", "contact_details": "psirt@iba-ag.com", "name": "iba AG", "namespace": "https://www.iba-ag.com" }, "references": [ { "category": "external", "summary": "iba AG Product Security Advisories", "url": "https://www.iba-ag.com/en/security" }, { "category": "external", "summary": "CERT@VDE Security Advisories for iba AG", "url": "https://certvde.com/de/advisories/vendor/iba/" }, { "category": "self", "summary": "VDE-2026-051: iba: Deserialization vulnerability in ibaPDA and ibaDatCoordinator - HTML", "url": "https://certvde.com/en/advisories/VDE-2026-051" }, { "category": "self", "summary": "VDE-2026-051: iba: Deserialization vulnerability in ibaPDA and ibaDatCoordinator - CSAF", "url": "https://iba.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-051.json" } ], "title": "iba: Deserialization vulnerability in ibaPDA and ibaDatCoordinator", "tracking": { "aliases": [ "VDE-2026-051" ], "current_release_date": "2026-06-17T12:00:00.000Z", "generator": { "date": "2026-06-17T14:29:00.878Z", "engine": { "name": "Secvisogram", "version": "2.5.44" } }, "id": "VDE-2026-051", "initial_release_date": "2026-06-17T12:00:00.000Z", "revision_history": [ { "date": "2026-06-17T12:00:00.000Z", "number": "1.0.0", "summary": "Initial revision" } ], "status": "final", "version": "1.0.0" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:semver/>=1.0.0|<8.14.0", "product": { "name": "ibaPDA <8.14.0", "product_id": "CSAFPID-11001", "product_identification_helper": { "cpe": "cpe:2.3:a:iba_ag:ibapda:*:*:*:*:*:*:*:*" } } }, { "category": "product_version", "name": "8.14.0", "product": { "name": "ibaPDA 8.14.0", "product_id": "CSAFPID-22001", "product_identification_helper": { "cpe": "cpe:2.3:a:iba_ag:ibapda:8.14.0:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "ibaPDA" }, { "branches": [ { "category": "product_version_range", "name": "vers:semver/>=1.0.0|<4.0.7", "product": { "name": "ibaDatCoordinator <4.0.7", "product_id": "CSAFPID-11002", "product_identification_helper": { "cpe": "cpe:2.3:a:iba_ag:ibadatcoordinator:*:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "4.0.7", "product": { "name": "ibaDatCoordinator 4.0.7", "product_id": "CSAFPID-21002", "product_identification_helper": { "cpe": "cpe:2.3:a:iba_ag:ibadatcoordinator:4.0.7:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "ibaDatCoordinator" } ], "category": "product_family", "name": "Software" } ], "category": "vendor", "name": "iba AG" } ], "product_groups": [ { "group_id": "CSAFGID-0001", "product_ids": [ "CSAFPID-11001", "CSAFPID-11002" ], "summary": "Affected products." }, { "group_id": "CSAFGID-0002", "product_ids": [ "CSAFPID-22001", "CSAFPID-21002" ], "summary": "Fixed products." } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Security Researchers" ], "organization": "tenable", "summary": "reporting", "urls": [ "https://www.tenable.com" ] } ], "cve": "CVE-2026-8024", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "notes": [ { "audience": "all", "category": "description", "text": "A remote, unauthenticated attacker may exploit a deserialization of untrusted data vulnerability in ibaPDA or ibaDatCoordinator to gain full access to the affected systems.", "title": "CVE Description" } ], "product_status": { "fixed": [ "CSAFPID-22001", "CSAFPID-21002" ], "known_affected": [ "CSAFPID-11001", "CSAFPID-11002" ] }, "references": [ { "category": "external", "summary": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N - 9.3 - Critical", "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" } ], "remediations": [ { "category": "mitigation", "details": "Restrict connections to localhost \n- Go to I/O Manager → General and deactivate the option \"Automatically open necessary ports in Windows Firewall.\" (If this option remains active, after a restart of ibaPDA or a restart for data acquisition, the firewall will be reconfigured automatically.) \n- Then go to Advanced Windows Firewall settings and delete or deactivate all incoming rules for the ibaPDA Client and Server. \n- Create manual firewall rules for the connection you use for ibaPDA and verify that you have the correct ports configured. Help regarding which ports the ibaPDA Service uses can be found in the iba Help Center.\n\nImportant: After the change, verify that all ibaPDA services are working as expected and that the data acquisition is functioning correctly.", "product_ids": [ "CSAFPID-11001" ] }, { "category": "mitigation", "details": "Restrict connections to localhost \n- Go to Advanced Windows Firewall settings and delete or deactivate all incoming rules for the ibaDatCoordinator Client and Server. \n- Create manual firewall rules for the connection you use for ibaDatCoordinator and verify that you have the correct ports configured. Help regarding which ports the ibaDatCoordinator Service uses can be found in the iba Help Center.\n\nImportant: After the change, verify that all ibaDatCoordinator services are working as expected and that the data acquisition is functioning correctly.", "product_ids": [ "CSAFPID-11002" ] }, { "category": "vendor_fix", "details": "Update to ibaPDA 8.14.0", "product_ids": [ "CSAFPID-11001" ] }, { "category": "vendor_fix", "details": "Update to ibaDatCoordinator 4.0.7", "product_ids": [ "CSAFPID-11002" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "environmentalScore": 9.8, "environmentalSeverity": "CRITICAL", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "temporalScore": 9.8, "temporalSeverity": "CRITICAL", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-11001", "CSAFPID-11002" ] } ], "title": "Deserialization vulnerability in ibaPDA and ibaDatCoordinator" } ] }