Security Advisory

Vulnerabilities Handling

SOC-E is committed to ensuring the security of its products and services. To that end, SOC-E has formalized a process for handling reported security vulnerabilities in its product portfolio and IT infrastructure. The vulnerability handling process consists of the following three steps:

1. Report

To report a security vulnerability affecting a SOC-E product, please contact SOC-E support department  (support@soc-e.com) and provide the following information:

  • Description of vulnerability
  • How to replicate vulnerability
  • Affected product, including model and firmware version (if available)

SOC-E welcomes vulnerability reports from researchers, industry groups, CERTs, partners and any other source. SOC-E urges reporting parties to perform a coordinated disclosure, as immediate public disclosure causes a situation which puts SOC-E’s customer systems at unnecessary risk.

2. Analysis and handling

SOC-E verifies the existence of the vulnerability and analyze the changes needed to mitigate it. At this point SOC-E can provide customers with a temporary solution to the vulnerability, ranging from upgrading to a newer firmware version, to temporarily disabling the affected functionality until a permanent solution is available.

After the issue has been successfully analyzed, corresponding fixes will be developed and prepared for distribution. SOC-E will use existing customer notification processes to manage the release of patches.

3. Disclosure

SOC-E contacts with an agency participating in the CVE program to request CVE identifiers for the reported vulnerabilities. CVE is the de facto standard for uniquely identifying vulnerabilities. Once the information provided by SOC-E is processed by the agency participating in the CVE program and CVE IDs are obtained, SOC-E publishes a Security Advisory containing the following information:

  • Description of the vulnerability with CVE ID and additional information (type, impact, etc.)
  • Affected Product and software/hardware versions
  • Information on mitigating factors and workarounds
  • Credit for the discoverer of the vulnerability

Security Advisories

SOC-E’s available Security Advisories are listed below.

CVEAffected Product Code BaseDownload
CVE-2023-47574RELY-PCIe – 22.2.1, RELY-REC – 23.1.0.
CVE-2023-47573RELY-PCIe – 22.2.1.