Beta

Source: OJ L 2024/2847, 20.11.2024

EN

Recital 68 Actively exploited vulnerabilities

Actively exploited vulnerabilities means a vulnerability for which there is reliable evidence that a malicious actor has exploited it in a system without permission of the system owner; concern instances where a manufacturer means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; establishes that a security breach affecting its users or any other natural or legal persons has resulted from a malicious actor making use of a flaw in one of the products with digital elements means a software or hardware product and its remote data processing solutions, including software or hardware components being placed on the market separately; made available on the market by the manufacturer means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge;. Examples of such vulnerabilities means a weakness, susceptibility or flaw of a product with digital elements that can be exploited by a cyber threat; could be weaknesses in a product’s identification and authentication functions. Vulnerabilities means a weakness, susceptibility or flaw of a product with digital elements that can be exploited by a cyber threat; that are discovered with no malicious intent for purposes of good faith testing, investigation, correction or disclosure to promote the security or safety of the system owner and its users should not be subject to mandatory notification. Severe incidents having an impact on the security of the product with digital elements means an incident that negatively affects or is capable of negatively affecting the ability of a product with digital elements to protect the availability, authenticity, integrity or confidentiality of data or functions;, on the other hand, refer to situations where a cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; incident means an incident as defined in Article 6, point (6), of Directive (EU) 2022/2555; affects the development, production or maintenance processes of the manufacturer means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; in such a way that it could result in an increased cybersecurity risk means the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident; for users or other persons. Such a severe incident means an incident as defined in Article 6, point (6), of Directive (EU) 2022/2555; could include a situation where an attacker has successfully introduced malicious code into the release channel via which the manufacturer means a natural or legal person who develops or manufactures products with digital elements or has products with digital elements designed, developed or manufactured, and markets them under its name or trademark, whether for payment, monetisation or free of charge; releases security updates to users.

Table of contents

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Contact us:

dora@springflod.se

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod