Vulnerability in the applications SOMED and KS of the Federal Statistical Office FSO

A vulnerability in the authentication process on the Federal Statistical Office's SOMED and KS applications, which are used to collect statistical data in the healthcare sector, allowed unauthorised access to the platforms.

In accordance with NTC Vulnerability Disclosure Policy, no technical details about this vulnerability will be publicly disclosed. Further details may be provided on a case by case basis. Please use the contact form and provide an explanation for your request.

The Federal Statistical Office (FSO) immediately acknowledged the vulnerability and fixed it. Users do not need to take any further action.
According to the FSO there is no indication that the vulnerability has been exploited by malicious actors.

Users have been informed about the vulnerability and the measures taken in a public announcement:
https://www.bfs.admin.ch/bfs/de/home/statistiken/gesundheit/erhebungen/somed/applikation-hilfe-benutzer.assetdetail.28945989.html