Beta

Source: OJ L 2024/2847, 20.11.2024

EN

Recital 68 Actively exploited vulnerabilities

Actively exploited vulnerabilitiesmeans a vulnerability for which there is reliable evidence that a malicious actor has exploited it in a system without permission of the system owner; concern instances where a manufacturermeans a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; establishes that a security breach affecting its users or any other natural or legal persons has resulted from a malicious actor making use of a flaw in one of the products with digital elementsmeans a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; made available on the market by the manufacturermeans a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge;. Examples of such vulnerabilitiesmeans a weakness, susceptibility or flaw of a product with digital elements that can be exploited by a cyber threat; could be weaknesses in a product’s identification and authentication functions. Vulnerabilitiesmeans a weakness, susceptibility or flaw of a product with digital elements that can be exploited by a cyber threat; that are discovered with no malicious intent for purposes of good faith testing, investigation, correction or disclosure to promote the security or safety of the system owner and its users should not be subject to mandatory notification. Severe incidents having an impact on the security of the product with digital elementsmeans an incident that negatively affects or is capable of negatively affecting the ability of a product with digital elements to protect the availability, authenticity, integrity or confidentiality of data or functions;, on the other hand, refer to situations where a cybersecuritymeans cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; incidentmeans an incident as defined in Article 6, point (6), of Directive (EU) 2022/2555; affects the development, production or maintenance processes of the manufacturermeans a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; in such a way that it could result in an increased cybersecurity riskmeans the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident; for users or other persons. Such a severe incidentmeans an incident as defined in Article 6, point (6), of Directive (EU) 2022/2555; could include a situation where an attacker has successfully introduced malicious code into the release channel via which the manufacturermeans a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; releases security updates to users.

Table of contents

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Contact us:

springlex@springflod.se

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod