CVE-2024-55959 - Insecure permissions on private key file generated by the Mender Client
A customer recently notified us of a security issue in Mender. On some versions, mender-auth generates private key files with non-strict file permissions.
Categories
Recent posts
View all
Challenges in complying with the EU Cyber Resilience Act (CRA)
Discover how manufacturers can achieve Cyber Resilience Act (CRA) compliance by tackling secure updates, SBOM management, and vulnerability tracking with robust OTA solutions.
An overview of EU Cyber Resilience Act (CRA) compliance
Learn how the EU Cyber Resilience Act (CRA) enforces stringent cybersecurity requirements for PDEs. Explore compliance essentials in part 1 of a 4-part series.
The scope of EU Cyber Resilience Act (CRA) compliance
Explore the scope of the EU Cyber Resilience Act (CRA). Learn about the CRA's scope, and why secure OTA updates are essential for compliance.
Proactive strategies to overcome EU CRA compliance challenges
Discover proactive strategies to navigate EU Cyber Resilience Act (CRA) compliance. Learn how to ensure long-term success.
Mender versioning: New releases by component
Explore Mender's shift to independent component releases and versioning, designed to enhance update speed and user clarity.
Driving secure innovation: ISO/SAE 21434 & UNECE compliance
ISO/SAE 21434 and UNECE R155/R156 standards reshape cybersecurity in software-defined vehicles. Compliance with these frameworks is essential for protecting consumers, ensuring vehicle safety, and driving innovation in the automotive industry.
Recent posts in IOT & OTA
View all
Why is a robust over-the-air (OTA) update process critical in today’s digital age?
Lessons learned from Crowdstrike: organizations must embed digital resilience throughout their device management lifecycle.
How to leverage over-the-air (OTA) updates with NVIDIA Microservices for Jetson
Mender, in collaboration with NVIDIA, published two critical use cases, providing a step-by-step guide to over-the-air (OTA) updates with NVIDIA Jetson.
Software-defined vehicles: an ecosystem approach & OTA strategy
Learn how the automotive industry is shifting towards software-defined vehicles with an ecosystem approach and OTA strategy, embracing open source solutions for innovation and efficiency.
4 challenges to ensure seamless OTA updates across smart vehicle fleets
Explore the challenges faced by automakers in ensuring seamless OTA updates across smart vehicle fleets. Learn how to overcome safety, cybersecurity, compliance, and bandwidth issues effectively.
Driving Towards the Future: The Role of OTA Updates in Autonomous Vehicles
With the rise of autonomous vehicles, the automotive industry is experiencing a monumental transformation. As stated on Forbes, “Embarking on this industri
Monitoring a Fleet of IoT Devices: Key Areas of Focus
With the widespread adoption of IoT devices and their integration into critical infrastructure, safeguarding the security of these devices has become a par
Recent posts in customer story
View all
Enhancing maritime security and connectivity: The critical role of OTA updates in fleet management
Explore the critical role of OTA updates in maritime fleet management, ensuring enhanced security, performance, and continuous connectivity across vessels.
Enhancing sustainability in oil & gas: Tackling methane emissions with cutting edge solutions
Discover how Kuva Systems overcame challenges in managing methane emission monitoring cameras in the oil & gas industry with advanced OTA updates and remote troubleshooting.
How over-the-air (OTA) updates help emergency response teams
Discover how over-the-air (OTA) updates revolutionize emergency response teams, ensuring secure and seamless device maintenance and functionality in critical situations.
Enhancing mobility and safety for citizens: a smarter power wheelchair can increase the user's independence and real-world technology inclusion
Users of conventional power wheelchairs can face some significant challenges, including avoiding collisions, drop-offs, and tips. Kevin Lannen, Senior Embe
Revolutionizing agriculture with autonomous robots & OTA software updates
Explore how Agrointelli pioneers autonomous farming with their versatile robots like the ROBOTTI, using Mender OTA updates to future proof and keep embedded systems online.
Autonomous guided vehicles, embedded & OTA software updates
Christoph Tietz, Manager, Connectivity, ZF on the role of OTA software updates in autonomous guided vehicles
Recent posts in product news
View all
Mender versioning: New releases by component
Explore Mender's shift to independent component releases and versioning, designed to enhance update speed and user clarity.
What’s New in Mender 3.7: Introducing the C++ Client for portability
Mender 3.7 includes all the features published on hosted Mender over the last few months as part of our continuous development and rolling release process.
Mender 3.6: Auto-generation of delta updates
Mender 3.6 is released, including all the features published on Hosted Mender in the last few months as part of our continuous development and rolling rele
Mender 2022: a year in numbers
Over-the-air (OTA) software updates continue to play a crucial role as technology continues to innovate and more devices are added to the connected, smart
Mender announces new partnership with Unikie
We are pleased to announce a new partnership with Unikie. This partnership will enable key parts of secure device lifecycle management for Unikie's end cus
Mender 3.4 on-prem release: integrate Mender with AWS IoT Core and other backend services
Today Mender 3.4 is released, including all the features we published on Hosted Mender in the last few months as part of our continuous development and rol
Recent posts in engineering
View all
How to leverage over-the-air (OTA) updates for NVIDIA Jetson Platform Services
To enable software installation, updates, management, and support across the Jetson device fleet and at scale – Mender, in collaboration with NVIDIA, published three critical use cases for NVIDIA developers.
First alpha version of Mender C++ client released
We have reached the first milestone of the Mender client rewrite to C++: the first alpha version is now available! There are still a lot of features missin
Mender OTA on the ESP32, Part 2
In the second of a two-part blog series, Josef Holzmayr, Head of Developer Relations, examines how community member Joël Guittet developed an integration f
Over-the-air (OTA) integration: Variscite VAR-SOM-MX8M-MINI and Yocto Kirkstone
The VAR-SOM-MX8M-MINI offers the latest video and audio experience, combining state-of-the-art media-specific features with high-performance processing opt
Over-the-air (OTA) integration: Renesas RZ/G2L and Yocto 3.1 Dunfell
A guide for embedded hardware designers and developers to deploy and manage OTA software updates to a fleet of devices, using Renesas RZ/G2L and Yocto 3.1 Dunfell integrations.
Mender OTA on the ESP32, Part 1
The “DNA” of Mender has two core ingredients: first, care about connected device security and second, care for the users responsible for device management.
Recent posts in cybersecurity
View all
Driving secure innovation: ISO/SAE 21434 & UNECE compliance
ISO/SAE 21434 and UNECE R155/R156 standards reshape cybersecurity in software-defined vehicles. Compliance with these frameworks is essential for protecting consumers, ensuring vehicle safety, and driving innovation in the automotive industry.
Understanding the EU Cyber Resilience Act (CRA): Why it matters and how to comply
The EU Cyber Resilience Act (CRA) was enacted in October 2024 and has impacted products with digital elements on the European market. Learn why CRA compliance is essential for manufacturers, the penalties for noncompliance, and how to meet the Act's cybersecurity standards.
Recent posts in events
View all
Key takeaways from embedded world North America 2024
The Mender team attended the first embedded world in North America to connect with industry leaders and discuss insights on IoT compliance, the CRA, RTOS vs. Linux for IoT, and the importance of secure OTA update orchestration.
What’s hot in the open source and embedded community?
AI, robotics, IoT, AVs, and more – 2024 is proving to be an exciting year for technology. And the open source and embedded tech community is no exception.
Transforming business: It’s “All On” for the future of IoT
Insights from CES 2024 Billed as “the most powerful tech event in the world,” CES 2024 brought together more than 135 thousand attendees and four thousand
Full speed ahead: The software-defined vehicle of the future
Distinguished panelists discuss infotainment and entertainment services for the software-defined vehicle. Automotive OEMs must innovate to move towards a s
The Future of the Embedded Linux Ecosystem
Insights from the Linux Plumbers Conference 2023 The global Linux market is forecasted to reach $15.64 trillion by 2027, and commands usage among nearly ha
The Power of Embedded Open Source: EOSS 2023 Takeaways
Last week, Northern.tech, the company behind Mender, participated in the Embedded Open Source Summit (EOSS) in Prague, connecting with attendees and presen
Recent posts in CVE
View all
CVE-2024-55959 - Insecure permissions on private key file generated by the Mender Client
A customer recently notified us of a security issue in Mender. On some versions, mender-auth generates private key files with non-strict file permissions.
CVE-2024-46947 & CVE-2024-47190 - SSRF issues in Mender Enterprise Server
Recently discovered security vulnerabilities in Mender Server have been fixed.
CVE-2024-46948 - Missing filtering based on RBAC device groups
A customer recently notified us of a security issue in Mender. For users of RBAC and device groups, one specific API did not filter devices correctly.
CVE-2024-37019 - Account takeover using SAML
CVE-2024-37019 is an account-takeover vulnerability in Mender Enterprise which was fixed in versions 3.6.4 and 3.7.4.
CVE-2022-45929 & CVE-2022-41324 — Improper access control for low-privileged users
We recently discovered vulnerabilities in Mender Enterprise which relate to access control. Low-privileged read-only users had access to editing settings they were not supposed to edit and see potentially sensitive information which was not necessary.
CVE-2022-32290 - Mender Client listening on all the interfaces
We recently discovered a vulnerability in the Mender Client versions 3.2.0, 3.2.1, and 3.2.2. The client listens on a random, unprivileged TCP port and exp
Learn more about Mender
Explore our Resource Center to discover more about how Mender empowers both you and your customers with secure and reliable over-the-air updates for IoT devices.
