Source: OJ L 2024/2847, 20.11.2024
ENRecital 66 Notification of actively exploited vulnerabilities
Manufacturers means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; should notify actively exploited vulnerabilities means a vulnerability for which there is reliable evidence that a malicious actor has exploited it in a system without permission of the system owner; to ensure that the CSIRTs designated as coordinators means a CSIRT designated as coordinator pursuant to Article 12(1) of Directive (EU) 2022/2555., and ENISA, have an adequate overview of such vulnerabilities means a weakness, susceptibility or flaw of a product with digital elements that can be exploited by a cyber threat; and are provided with the information necessary to fulfil their tasks as set out in Directive (EU) 2022/2555 and raise the overall level of cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; of essential and important entities means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; as referred to in Article 3 of that Directive, as well as to ensure the effective functioning of market surveillance authorities means a market surveillance authority as defined in Article 3, point (4), of Regulation (EU) 2019/1020;. As most products with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; are marketed across the entire internal market, any exploited vulnerability means a weakness, susceptibility or flaw of a product with digital elements that can be exploited by a cyber threat; in a product with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; should be considered to be a threat to the functioning of the internal market. ENISA should, in agreement with the manufacturer means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge;, disclose fixed vulnerabilities means a weakness, susceptibility or flaw of a product with digital elements that can be exploited by a cyber threat; to the European vulnerability means a weakness, susceptibility or flaw of a product with digital elements that can be exploited by a cyber threat; database established pursuant to Article 12(2) of Directive (EU) 2022/2555. The European vulnerability means a weakness, susceptibility or flaw of a product with digital elements that can be exploited by a cyber threat; database will assist manufacturers means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; in detecting known exploitable vulnerabilities means a vulnerability that has the potential to be effectively used by an adversary under practical operational conditions; in their products, in order to ensure that secure products are made available on the market.