{ "document": { "acknowledgments": [ { "organization": "E.ON Pentesting", "summary": "discovering and reporting this vulnerability and providing a proof of concept." } ], "aggregate_severity": { "text": "High" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en-US", "notes": [ { "category": "summary", "text": "An attacker can exploit multiple vulnerabilities AvibiaLine devices to gain unauthorized access or execute a denial of service attack.", "title": "Summary" }, { "category": "description", "text": "The AvibiaLine devices are a condition monitoring solution for industrial applications", "title": "Product description" }, { "category": "legal_disclaimer", "text": "THIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. AVIBIA GMBH RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.", "title": "Legal Disclaimer" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to AVIBIA GmbH and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "AVIBIA GmbH\n\nAddress:\nBüchlerhausen 22\n51766 Engelskirchen\nGermany\n\nE-mail: info(at)avibia.de", "issuing_authority": "AVIBIA GmbH PSIRT is responsible for vulnerability handling across all AVIBIA GmbH products and services.", "name": "AVIBIA GmbH", "namespace": "https://www.avibia.de" }, "references": [ { "category": "self", "summary": "AVIBIA-2026-0001 - CSAF version", "url": "https://www.avibia.de/.well-known/csaf/white/2026/avibia-2026-0001.json" }, { "category": "self", "summary": "AVIBIA-2026-0001 - HTML version", "url": "https://www.avibia.de/.well-known/csaf/white/2026/avibia-2026-0001.html" }, { "category": "external", "summary": "BSI-2026-0001 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/bsi-2026-0001.json" } ], "title": "Unauthorized access affects AvibiaLine devices", "tracking": { "aliases": [ "BSI-2026-0001" ], "current_release_date": "2026-02-02T13:00:00.000Z", "generator": { "date": "2026-02-02T10:28:06.686Z", "engine": { "name": "Secvisogram", "version": "2.5.42" } }, "id": "AVIBIA-2026-0001", "initial_release_date": "2026-02-02T13:00:00.000Z", "revision_history": [ { "date": "2026-02-02T13:00:00.000Z", "number": "1", "summary": "Initial publication" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "AVLE2", "product": { "name": "AvibiaLine AVLE2", "product_id": "CSAFPID-0018", "product_identification_helper": { "skus": [ "AVIBIAline AVL2" ] } } }, { "category": "product_name", "name": "AVLE4", "product": { "name": "AvibiaLine AVLE4", "product_id": "CSAFPID-0019", "product_identification_helper": { "skus": [ "AVIBIAline AVL4" ] } } }, { "category": "product_name", "name": "AVLE8", "product": { "name": "AvibiaLine AVLE8", "product_id": "CSAFPID-0021", "product_identification_helper": { "skus": [ "AVIBIAline AVL8" ] } } } ], "category": "product_name", "name": "AVLE" }, { "branches": [ { "category": "product_name", "name": "AVLX2", "product": { "name": "AvibiaLine AVLX2", "product_id": "CSAFPID-0023", "product_identification_helper": { "skus": [ "AVIBIAline AVL-X2 V5.0" ] } } }, { "category": "product_name", "name": "AVLX4", "product": { "name": "AvibiaLine AVLX4", "product_id": "CSAFPID-0024", "product_identification_helper": { "skus": [ "AVIBIAline AVL-X4 V5.0" ] } } }, { "category": "product_name", "name": "AVLX8", "product": { "name": "AvibiaLine AVLX8", "product_id": "CSAFPID-0026", "product_identification_helper": { "skus": [ "AVIBIAline AVL-X8 V5.0" ] } } } ], "category": "product_name", "name": "AVLX" }, { "branches": [ { "category": "product_version_range", "name": "vers:intdot/>=2.1.1340|<=2.1.1387", "product": { "name": "AvibiaLine Firmware 2.1.1340 - 2.1.1387", "product_id": "CSAFPID-0027" } }, { "category": "product_version", "name": "2.1.1866", "product": { "name": "AvibiaLine Firmware 2.1.1866", "product_id": "CSAFPID-0028", "product_identification_helper": { "hashes": [ { "file_hashes": [ { "algorithm": "sha256", "value": "67DE7F19D9CC41030C82D30817FD4B95EA9C183F8482A7F325571AC709DD715F" } ], "filename": "AVLX_HD_20260202.vlfw" } ] } } } ], "category": "product_name", "name": "AvibiaLine Firmware" }, { "branches": [ { "category": "product_version_range", "name": "vers:intdot/>=5.0.2416|<=5.0.2486", "product": { "name": "AvibiaLine Configurator 5.0.2416 - 5.0.2486", "product_id": "CSAFPID-0030" } }, { "category": "product_version", "name": "5.1.2732", "product": { "name": "AvibiaLine Configurator 5.1.2730", "product_id": "CSAFPID-0031", "product_identification_helper": { "hashes": [ { "file_hashes": [ { "algorithm": "sha256", "value": "0161933D64226AAA79306A387097E5F2843C234F0E71ADB7ECA659F34DBE9A1A" } ], "filename": "AvibiaLine_Setup_5.1.2732.exe" } ] } } } ], "category": "product_name", "name": "AvibiaLine Configurator" } ], "category": "product_family", "name": "AvibiaLine" } ], "category": "vendor", "name": "AVIBIA GmbH" } ], "relationships": [ { "category": "installed_on", "full_product_name": { "name": "AvibiaLine Firmware 2.1.1340 - 2.1.1387 installed on AvibiaLine AVLE2 HD 5.0", "product_id": "CSAFPID-0043" }, "product_reference": "CSAFPID-0027", "relates_to_product_reference": "CSAFPID-0018" }, { "category": "installed_on", "full_product_name": { "name": "AvibiaLine Firmware 2.1.1340 - 2.1.1387 installed on AvibiaLine AVLE4 HD 5.0", "product_id": "CSAFPID-0044" }, "product_reference": "CSAFPID-0027", "relates_to_product_reference": "CSAFPID-0019" }, { "category": "installed_on", "full_product_name": { "name": "AvibiaLine Firmware 2.1.1340 - 2.1.1387 installed on AvibiaLine AVLE8 HD 5.0", "product_id": "CSAFPID-0046" }, "product_reference": "CSAFPID-0027", "relates_to_product_reference": "CSAFPID-0021" }, { "category": "installed_on", "full_product_name": { "name": "AvibiaLine Firmware 2.1.1340 - 2.1.1387 installed on AvibiaLine AVLX2 HD 5.0", "product_id": "CSAFPID-0048" }, "product_reference": "CSAFPID-0027", "relates_to_product_reference": "CSAFPID-0023" }, { "category": "installed_on", "full_product_name": { "name": "AvibiaLine Firmware 2.1.1340 - 2.1.1387 installed on AvibiaLine AVLX4 HD 5.0", "product_id": "CSAFPID-0049" }, "product_reference": "CSAFPID-0027", "relates_to_product_reference": "CSAFPID-0024" }, { "category": "installed_on", "full_product_name": { "name": "AvibiaLine Firmware 2.1.1340 - 2.1.1387 installed on AvibiaLine AVLX8 HD 5.0", "product_id": "CSAFPID-0051" }, "product_reference": "CSAFPID-0027", "relates_to_product_reference": "CSAFPID-0026" }, { "category": "installed_on", "full_product_name": { "name": "AvibiaLine Firmware 2.1.1866 installed on AvibiaLine AVLE2 HD 5.0", "product_id": "CSAFPID-0063" }, "product_reference": "CSAFPID-0028", "relates_to_product_reference": "CSAFPID-0018" }, { "category": "installed_on", "full_product_name": { "name": "AvibiaLine Firmware 2.1.1866 installed on AvibiaLine AVLE4 HD 5.0", "product_id": "CSAFPID-0064" }, "product_reference": "CSAFPID-0028", "relates_to_product_reference": "CSAFPID-0019" }, { "category": "installed_on", "full_product_name": { "name": "AvibiaLine Firmware 2.1.1866 installed on AvibiaLine AVLE8 HD 5.0", "product_id": "CSAFPID-0066" }, "product_reference": "CSAFPID-0028", "relates_to_product_reference": "CSAFPID-0021" }, { "category": "installed_on", "full_product_name": { "name": "AvibiaLine Firmware 2.1.1866 installed on AvibiaLine AVLX2 HD 5.0", "product_id": "CSAFPID-0068" }, "product_reference": "CSAFPID-0028", "relates_to_product_reference": "CSAFPID-0023" }, { "category": "installed_on", "full_product_name": { "name": "AvibiaLine Firmware 2.1.1866 installed on AvibiaLine AVLX4 HD 5.0", "product_id": "CSAFPID-0069" }, "product_reference": "CSAFPID-0028", "relates_to_product_reference": "CSAFPID-0024" }, { "category": "installed_on", "full_product_name": { "name": "AvibiaLine Firmware 2.1.1866 installed on AvibiaLine AVLX8 HD 5.0", "product_id": "CSAFPID-0071" }, "product_reference": "CSAFPID-0028", "relates_to_product_reference": "CSAFPID-0026" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-50975", "cwe": { "id": "CWE-346", "name": "Origin Validation Error" }, "notes": [ { "category": "summary", "text": "The ethernet and USB connections are not properly isolated allowing an attacker to configure and reset the device if configuration via ethernet is enabled and there is at least one legitimately authenticated connection active at the time of the attack.", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "CSAFPID-0068", "CSAFPID-0069", "CSAFPID-0071" ], "known_affected": [ "CSAFPID-0048", "CSAFPID-0049", "CSAFPID-0051" ], "known_not_affected": [ "CSAFPID-0043", "CSAFPID-0044", "CSAFPID-0046", "CSAFPID-0063", "CSAFPID-0064", "CSAFPID-0066" ] }, "remediations": [ { "category": "vendor_fix", "details": "Update AvibiaLine AVLX devices to firmware version 2.1.1866 or later which includes a fix for this vulnerability.", "product_ids": [ "CSAFPID-0048", "CSAFPID-0049", "CSAFPID-0051" ], "restart_required": { "category": "machine", "details": "AvibiaLine AVLX devices will be restarted during firmware update." }, "url": "https://www.avibia.de/info-center/download/" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "environmentalScore": 8.2, "environmentalSeverity": "HIGH", "exploitCodeMaturity": "FUNCTIONAL", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 8.2, "temporalSeverity": "HIGH", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0048", "CSAFPID-0049", "CSAFPID-0051" ] } ], "title": "Unauthenticated Access To Device Configuration" }, { "cve": "CVE-2022-50976", "cwe": { "id": "CWE-1288", "name": "Improper Validation of Consistency within Input" }, "notes": [ { "category": "summary", "text": "Resetting the device passwords using an invalid reset file causes a full device reset if the device is connected via USB.", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "CSAFPID-0031" ], "known_affected": [ "CSAFPID-0030" ] }, "remediations": [ { "category": "vendor_fix", "details": "Update AvibiaLine Configurator to version 5.1.2730 or later which includes a fix for this vulnerability.", "product_ids": [ "CSAFPID-0030" ], "url": "https://www.avibia.de/info-center/download/" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "environmentalScore": 7.1, "environmentalSeverity": "HIGH", "exploitCodeMaturity": "FUNCTIONAL", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 7.1, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H/E:F/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0030" ] } ], "title": "Unintended Device Reset" }, { "cve": "CVE-2022-50977", "cwe": { "id": "CWE-306", "name": "Missing Authentication for Critical Function" }, "notes": [ { "category": "summary", "text": "The function to switch between multiple configuration presets via HTTP does not require authentication. An attacker with access to the network could use this functionality to disrupt normal operations if there is more than one configuration preset.", "title": "Vulnerability summary" } ], "product_status": { "known_affected": [ "CSAFPID-0048", "CSAFPID-0049", "CSAFPID-0051", "CSAFPID-0068", "CSAFPID-0069", "CSAFPID-0071" ], "known_not_affected": [ "CSAFPID-0043", "CSAFPID-0044", "CSAFPID-0046", "CSAFPID-0063", "CSAFPID-0064", "CSAFPID-0066" ] }, "remediations": [ { "category": "no_fix_planned", "details": "Isolate the network from the public internet and limit access to trustworthy devices (see section \"Network Security\" in the manual).\n\nIf only one configuration preset is required remove any other presets.", "product_ids": [ "CSAFPID-0048", "CSAFPID-0049", "CSAFPID-0051", "CSAFPID-0068", "CSAFPID-0069", "CSAFPID-0071" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "environmentalScore": 7.1, "environmentalSeverity": "HIGH", "exploitCodeMaturity": "PROOF_OF_CONCEPT", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "UNAVAILABLE", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 7.1, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0048", "CSAFPID-0049", "CSAFPID-0051", "CSAFPID-0068", "CSAFPID-0069", "CSAFPID-0071" ] } ], "title": "Unauthenticated Configuration Switch Via HTTP" }, { "cve": "CVE-2022-50978", "cwe": { "id": "CWE-306", "name": "Missing Authentication for Critical Function" }, "notes": [ { "category": "summary", "text": "The function to switch between multiple configuration presets via Modbus (TCP) does not require authentication. An attacker with access to the network could use this functionality to disrupt normal operations if there is more than one configuration preset.", "title": "Vulnerability summary" } ], "product_status": { "known_affected": [ "CSAFPID-0048", "CSAFPID-0049", "CSAFPID-0051", "CSAFPID-0068", "CSAFPID-0069", "CSAFPID-0071" ], "known_not_affected": [ "CSAFPID-0043", "CSAFPID-0044", "CSAFPID-0046", "CSAFPID-0063", "CSAFPID-0064", "CSAFPID-0066" ] }, "remediations": [ { "category": "no_fix_planned", "details": "Isolate the network from the public internet and limit access to trustworthy devices (see section \"Network Security\" in the manual).\n\nIf only one configuration preset is required remove any other presets.", "product_ids": [ "CSAFPID-0048", "CSAFPID-0049", "CSAFPID-0051", "CSAFPID-0068", "CSAFPID-0069", "CSAFPID-0071" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "environmentalScore": 7.1, "environmentalSeverity": "HIGH", "exploitCodeMaturity": "PROOF_OF_CONCEPT", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "UNAVAILABLE", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 7.1, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0048", "CSAFPID-0049", "CSAFPID-0051", "CSAFPID-0068", "CSAFPID-0069", "CSAFPID-0071" ] } ], "title": "Unauthenticated Configuration Switch Via Modbus (TCP)" }, { "cve": "CVE-2022-50979", "cwe": { "id": "CWE-306", "name": "Missing Authentication for Critical Function" }, "notes": [ { "category": "summary", "text": "The function to switch between multiple configuration presets via Modbus (RS485) does not require authentication. An attacker with access to the RS485 bus could use this functionality to disrupt normal operations if there is more than one configuration preset.", "title": "Vulnerability summary" } ], "product_status": { "known_affected": [ "CSAFPID-0048", "CSAFPID-0049", "CSAFPID-0051", "CSAFPID-0068", "CSAFPID-0069", "CSAFPID-0071" ], "known_not_affected": [ "CSAFPID-0043", "CSAFPID-0044", "CSAFPID-0046", "CSAFPID-0063", "CSAFPID-0064", "CSAFPID-0066" ] }, "remediations": [ { "category": "no_fix_planned", "details": "Limit access to the RS485 bus to trustworthy devices.\n\nIf only one configuration preset is required remove any other presets.", "product_ids": [ "CSAFPID-0048", "CSAFPID-0049", "CSAFPID-0051", "CSAFPID-0068", "CSAFPID-0069", "CSAFPID-0071" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "environmentalScore": 6.2, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "PROOF_OF_CONCEPT", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "UNAVAILABLE", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 6.2, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0048", "CSAFPID-0049", "CSAFPID-0051", "CSAFPID-0068", "CSAFPID-0069", "CSAFPID-0071" ] } ], "title": "Unauthenticated Configuration Switch Via Modbus (RS485)" }, { "cve": "CVE-2022-50980", "cwe": { "id": "CWE-306", "name": "Missing Authentication for Critical Function" }, "notes": [ { "category": "summary", "text": "The function to switch between multiple configuration presets via CAN does not require authentication. An attacker with access to the RS485 bus could use this functionality to disrupt normal operations if there is more than one configuration preset.", "title": "Vulnerability summary" } ], "product_status": { "known_affected": [ "CSAFPID-0048", "CSAFPID-0049", "CSAFPID-0051", "CSAFPID-0068", "CSAFPID-0069", "CSAFPID-0071" ], "known_not_affected": [ "CSAFPID-0043", "CSAFPID-0044", "CSAFPID-0046", "CSAFPID-0063", "CSAFPID-0064", "CSAFPID-0066" ] }, "remediations": [ { "category": "no_fix_planned", "details": "Limit access to the CAN bus to trustworthy devices.\n\nIf only one configuration preset is required remove any other presets.", "product_ids": [ "CSAFPID-0048", "CSAFPID-0049", "CSAFPID-0051", "CSAFPID-0068", "CSAFPID-0069", "CSAFPID-0071" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "environmentalScore": 6.2, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "PROOF_OF_CONCEPT", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "UNAVAILABLE", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 6.2, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0048", "CSAFPID-0049", "CSAFPID-0051", "CSAFPID-0068", "CSAFPID-0069", "CSAFPID-0071" ] } ], "title": "Unauthenticated Configuration Switch Via CAN" }, { "cve": "CVE-2022-50981", "cwe": { "id": "CWE-521", "name": "Weak Password Requirements" }, "notes": [ { "category": "summary", "text": "Devices are shipped without a password by default and setting a password is not enforced.", "title": "Vulnerability summary" } ], "product_status": { "known_affected": [ "CSAFPID-0043", "CSAFPID-0044", "CSAFPID-0046", "CSAFPID-0048", "CSAFPID-0049", "CSAFPID-0051", "CSAFPID-0063", "CSAFPID-0064", "CSAFPID-0066", "CSAFPID-0068", "CSAFPID-0069", "CSAFPID-0071" ] }, "remediations": [ { "category": "no_fix_planned", "details": "Assign a password to the device on first use.", "product_ids": [ "CSAFPID-0043", "CSAFPID-0044", "CSAFPID-0046", "CSAFPID-0048", "CSAFPID-0049", "CSAFPID-0051", "CSAFPID-0063", "CSAFPID-0064", "CSAFPID-0066", "CSAFPID-0068", "CSAFPID-0069", "CSAFPID-0071" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "environmentalScore": 9, "environmentalSeverity": "CRITICAL", "exploitCodeMaturity": "PROOF_OF_CONCEPT", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "remediationLevel": "WORKAROUND", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 9, "temporalSeverity": "CRITICAL", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0043", "CSAFPID-0044", "CSAFPID-0046", "CSAFPID-0048", "CSAFPID-0049", "CSAFPID-0051", "CSAFPID-0063", "CSAFPID-0064", "CSAFPID-0066", "CSAFPID-0068", "CSAFPID-0069", "CSAFPID-0071" ] } ], "title": "No Password By Default" } ] }