Added thread descriptions (23fdf66f) · Commits · STAN4CRA / EN 304 621 Network Management Systems

EN-304-621.md

+11 −0

Original line number	Diff line number	Diff line
		@@ -619,6 +619,16 @@ The manufacturer shall follow the CRAs pricibles of implementing high level of c

		> Example threats can be found in the same documents suggested in the section on security requirements.

		[Recital 58] <a href="#_ref_i.1">[i.1]</a>

		- economic espionage
		- irresponsible state behaviour in cyberspace and its legislation allows
		- arbitrary access to any kind of company operations or data
		- commercially sensitive data
		- impose obligations for intelligence purposes without democratic checks and balances
		- oversight mechanisms
		- due process or the right to appeal

		\| What \| How? \| More? \|
		\| ---------------------------------------------------------------------------------------------------------------- \| ------------------------------------------------------------- \| -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- \|
		\| [CVE-2025-6763](https://www.cve.org/CVERecord?id=CVE-2025-6763) \| Unauthorized configration modification \| The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. \|
		@@ -633,6 +643,7 @@ The manufacturer shall follow the CRAs pricibles of implementing high level of c
		- [Nokia's advisories](https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/)
		- [Ericsson's security bulletins](https://www.ericsson.com/en/about-us/security/security-bulletins)
		- [Huawei's vulns](https://www.huawei.com/en/psirt/all-bulletins/)
		- Samsung: no publicly avaible vulnerability database.

		## C.3 Assumptions