Summary
A data breach happened at MyProductSecurity’s headquarters that lead to a loss of stored private keys used for device certificates of Product Line X. Users of affected products are recommended to provision own / new key material to their devices and remove potentially leaked manufacturer certificates.
Technical Details
Affected Products: Product Line X
Serial Numbers: 435245 – 94523
Risk: Installed device certificates are used for communication encryption, e.g. the HTTPS web interface. Attackers that possess potentially stolen private keys might successfully implement man-in-the-middle attacks on the HTTPS links.
Recommended Actions
Default manufacturer certificates installed on these devices need to be considered insecure / leaked. It is recommended to replace the installed certificates be own ones generated from the customer’s PKI. A list of potentially leaked certificates will be provided upon request in CRL format.