diff --git a/modules/test/base/base.Dockerfile b/modules/test/base/base.Dockerfile
index 6a13b42e0..bc0357d10 100644
--- a/modules/test/base/base.Dockerfile
+++ b/modules/test/base/base.Dockerfile
@@ -14,7 +14,7 @@
 
 # Builder stage
 # Image name: testrun/base-test
-FROM python:3.10-slim AS builder
+FROM python:3.13-slim AS builder
 
 ARG MODULE_NAME=base
 ARG MODULE_DIR=modules/test/$MODULE_NAME
@@ -65,7 +65,7 @@ COPY $MODULE_DIR/usr/local/etc/oui.txt /usr/local/etc/oui.txt
 RUN wget https://standards-oui.ieee.org/oui.txt -O /usr/local/etc/oui.txt || echo "Unable to update the MAC OUI database"
 
 # Operational stage
-FROM python:3.10-slim
+FROM python:3.13-slim
 
 # Install common software
 RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install -yq net-tools iputils-ping tzdata tcpdump iproute2 jq dos2unix nmap wget procps --fix-missing
diff --git a/modules/test/conn/python/requirements.txt b/modules/test/conn/python/requirements.txt
index 0eaca2e07..25c6c5d1c 100644
--- a/modules/test/conn/python/requirements.txt
+++ b/modules/test/conn/python/requirements.txt
@@ -2,11 +2,11 @@
 # Package dependencies should always be defined before the user defined
 # packages to prevent auto-upgrades of stable dependencies
 cffi==2.0.0
-cryptography==46.0.6
-pycparser==2.22
-six==1.16.0
+cryptography==48.0.1
+pycparser==3.0
+six==1.17.0
 
 # User defined packages
-pyOpenSSL==25.3.0
+pyOpenSSL==26.2.0
 scapy==2.7.0
 python-dateutil==2.9.0.post0
diff --git a/modules/test/ntp/python/requirements.txt b/modules/test/ntp/python/requirements.txt
index dc5c39f2f..c9b5d21f4 100644
--- a/modules/test/ntp/python/requirements.txt
+++ b/modules/test/ntp/python/requirements.txt
@@ -5,5 +5,5 @@
 # User defined packages
 scapy==2.7.0
 pyshark==0.6
-aiohttp==3.13.5
+aiohttp==3.14.1
 ntplib==0.4.0
\ No newline at end of file
diff --git a/modules/test/protocol/python/requirements.txt b/modules/test/protocol/python/requirements.txt
index 4d9dc64b9..01f066d18 100644
--- a/modules/test/protocol/python/requirements.txt
+++ b/modules/test/protocol/python/requirements.txt
@@ -1,7 +1,7 @@
 # Dependencies to user defined packages
 # Package dependencies should always be defined before the user defined
 # packages to prevent auto-upgrades of stable dependencies
-bacpypes3==0.0.104
+bacpypes3==0.0.106
 colorama==0.4.6
 
 # User defined packages
@@ -11,4 +11,4 @@ BAC0==2025.9.15
 pytz==2024.2
 
 # Required for Modbus protocol tests
-pymodbus==3.7.4
+pymodbus==3.13.0
diff --git a/modules/test/protocol/python/src/protocol_modbus.py b/modules/test/protocol/python/src/protocol_modbus.py
index a722f928e..714bc79c2 100644
--- a/modules/test/protocol/python/src/protocol_modbus.py
+++ b/modules/test/protocol/python/src/protocol_modbus.py
@@ -129,8 +129,8 @@ def read_holding_registers(self,
     LOGGER.info(f'Reading holding registers: {address}:{count}')
     try:
       response = self.client.read_holding_registers(address,
-                                                    count,
-                                                    slave=device_id)
+                                                    count=count,
+                                                    device_id=device_id)
       if response.isError():
         LOGGER.error(f'Failed to read holding registers: {address}:{count}')
         LOGGER.error('Read Response: ' + str(response))
@@ -149,9 +149,9 @@ def read_input_registers(self,
     registers = None
     LOGGER.info(f'Reading input registers: {address}:{count}')
     try:
-      response = self.client.read_input_registers(address,
-                                                  count,
-                                                  slave=device_id)
+      response = self.client.read_input_registers(address=address,
+                                                  count=count,
+                                                  device_id=device_id)
       if response.isError():
         LOGGER.error(f'Failed to read input registers: {address}:{count}')
         LOGGER.error('Read Response: ' + str(response))
@@ -170,7 +170,11 @@ def read_coils(self,
     coils = None
     LOGGER.info(f'Reading coil registers: {address}:{count}')
     try:
-      response = self.client.read_coils(address, count, slave=device_id)
+      response = self.client.read_coils(
+        address=address,
+        count=count,
+        device_id=device_id
+      )
       if response.isError():
         LOGGER.error(f'Failed to read coil registers: {address}:{count}')
         LOGGER.error('Read Response: ' + str(response))
@@ -189,9 +193,9 @@ def read_discrete_inputs(self,
     inputs = None
     LOGGER.info(f'Reading discrete inputs: {address}:{count}')
     try:
-      response = self.client.read_discrete_inputs(address,
-                                                  count,
-                                                  slave=device_id)
+      response = self.client.read_discrete_inputs(address=address,
+                                                  count=count,
+                                                  device_id=device_id)
       if response.isError():
         LOGGER.error(f'Failed to read discrete inputs: {address}:{count}')
         LOGGER.error('Read Response: ' + str(response))
diff --git a/modules/test/services/python/requirements.txt b/modules/test/services/python/requirements.txt
index 02acc1e19..8e523682f 100644
--- a/modules/test/services/python/requirements.txt
+++ b/modules/test/services/python/requirements.txt
@@ -3,4 +3,4 @@
 # packages to prevent auto-upgrades of stable dependencies
 
 # User defined packages
-xmltodict==0.14.2
+xmltodict==1.0.4
diff --git a/modules/test/tls/python/requirements.txt b/modules/test/tls/python/requirements.txt
index 9d0578d6e..d45d59d12 100644
--- a/modules/test/tls/python/requirements.txt
+++ b/modules/test/tls/python/requirements.txt
@@ -2,20 +2,20 @@
 # Package dependencies should always be defined before the user defined
 # packages to prevent auto-upgrades of stable dependencies
 appdirs==1.4.4
-certifi==2024.8.30
+certifi==2026.5.20
 cffi==2.0.0
-charset-normalizer==3.3.2
-idna==3.8
-packaging==24.1
-pycparser==2.22
+charset-normalizer==3.4.7
+idna==3.18
+packaging==26.2
+pycparser==3.0
 pyshark==0.6
-termcolor==2.4.0
-urllib3==2.6.3
+termcolor==3.3.0
+urllib3==2.7.0
 
 # User defined packages
-cryptography==46.0.6
-pyOpenSSL==25.3.0
-lxml==5.1.0 # Requirement of pyshark but if upgraded automatically above 5.1 will cause a
-requests==2.33.0
+cryptography==48.0.1
+pyOpenSSL==26.2.0
+lxml==6.1.1
+requests==2.34.2
 python-nmap==0.7.1
 
diff --git a/test_vm/create_certificate.sh b/test_vm/create_certificate.sh
index 229c10a7b..9a61e8f0a 100755
--- a/test_vm/create_certificate.sh
+++ b/test_vm/create_certificate.sh
@@ -6,35 +6,42 @@ if [ -z "$1" ]; then
   exit 1
 fi
 
+if [ "$EUID" -eq 0 ]; then
+  echo "Please run this script as a normal user, not with sudo."
+  echo "The script uses Vagrant SSH and only escalates the necessary host operations when required."
+  exit 1
+fi
+
 # Save the initial working directory
 WORKDIR="$(pwd)"
 
-# Check and install sshpass if not present
-if ! command -v sshpass &> /dev/null; then
-  echo "sshpass not found. Installing..."
-  if [ -x "$(command -v apt)" ]; then
-    sudo apt update
-    sudo apt install -y sshpass
-  elif [ -x "$(command -v yum)" ]; then
-    sudo yum install -y epel-release
-    sudo yum install -y sshpass
-  elif [ -x "$(command -v brew)" ]; then
-    brew install hudochenkov/sshpass/sshpass
-  else
-    echo "Please install sshpass manually."
-    exit 1
-  fi
+if ! command -v vagrant >/dev/null 2>&1; then
+  echo "Error: vagrant command not found. Please install Vagrant and run this script from the test_vm folder."
+  exit 1
 fi
 
-VM_USER=vagrant
-VM_PASS=vagrant
 VM_IP="$1"
 CA_DIR=~/myCA
 
-SSHPASS="sshpass -p $VM_PASS"
+SSH_CONFIG_FILE="$(mktemp)"
+trap 'rm -f "$SSH_CONFIG_FILE"' EXIT
+
+if ! vagrant ssh-config > "$SSH_CONFIG_FILE" 2>/dev/null; then
+  echo "Error: failed to generate Vagrant SSH config. Run this script in a valid Vagrant VM directory."
+  exit 1
+fi
+
+SSH_HOST="$(grep -E '^Host ' "$SSH_CONFIG_FILE" | awk '{print $2}' | head -n1)"
+if [ -z "$SSH_HOST" ]; then
+  echo "Error: could not determine Vagrant SSH host from ssh-config."
+  exit 1
+fi
+
+SSH_CMD=(ssh -F "$SSH_CONFIG_FILE" -o StrictHostKeyChecking=no)
+SCP_CMD=(scp -F "$SSH_CONFIG_FILE" -o StrictHostKeyChecking=no)
 
-# 1. Generate key and CSR on VM via ssh
-$SSHPASS ssh -o StrictHostKeyChecking=no ${VM_USER}@${VM_IP} "cat > /home/vagrant/openssl_ip.cnf" <<EOF
+# 1. Generate key and CSR on VM via Vagrant SSH
+"${SSH_CMD[@]}" "$SSH_HOST" "cat > /home/vagrant/openssl_ip.cnf" <<EOF
 [ req ]
 default_bits       = 2048
 prompt             = no
@@ -54,11 +61,11 @@ subjectAltName = @alt_names
 IP.1 = ${VM_IP}
 EOF
 
-$SSHPASS ssh -o StrictHostKeyChecking=no ${VM_USER}@${VM_IP} "openssl req -new -nodes -out /home/vagrant/nginx_ip.csr -newkey rsa:2048 -keyout /home/vagrant/nginx_ip.key -config /home/vagrant/openssl_ip.cnf"
+"${SSH_CMD[@]}" "$SSH_HOST" "openssl req -new -nodes -out /home/vagrant/nginx_ip.csr -newkey rsa:2048 -keyout /home/vagrant/nginx_ip.key -config /home/vagrant/openssl_ip.cnf"
 
 # 2. Copy CSR and config from VM to host (current directory)
-$SSHPASS scp -o StrictHostKeyChecking=no ${VM_USER}@${VM_IP}:/home/vagrant/nginx_ip.csr "$WORKDIR/"
-$SSHPASS scp -o StrictHostKeyChecking=no ${VM_USER}@${VM_IP}:/home/vagrant/openssl_ip.cnf "$WORKDIR/"
+"${SCP_CMD[@]}" "$SSH_HOST":/home/vagrant/nginx_ip.csr "$WORKDIR/"
+"${SCP_CMD[@]}" "$SSH_HOST":/home/vagrant/openssl_ip.cnf "$WORKDIR/"
 
 CSR_PATH="$WORKDIR/nginx_ip.csr"
 CONF_PATH="$WORKDIR/openssl_ip.cnf"
@@ -77,8 +84,8 @@ fi
 openssl x509 -req -in "$CSR_PATH" -CA myorgca.pem -CAkey myorgca.key -CAcreateserial -out nginx_ip.crt -days 365 -sha256 -extfile "$CONF_PATH" -extensions req_ext
 
 # 5. Copy certificate and CA back to VM
-$SSHPASS scp -o StrictHostKeyChecking=no nginx_ip.crt ${VM_USER}@${VM_IP}:/home/vagrant/
-$SSHPASS scp -o StrictHostKeyChecking=no myorgca.pem ${VM_USER}@${VM_IP}:/home/vagrant/
+"${SCP_CMD[@]}" nginx_ip.crt "$SSH_HOST":/home/vagrant/
+"${SCP_CMD[@]}" myorgca.pem "$SSH_HOST":/home/vagrant/
 
 # 6. Copy myorgca.pem to initial working directory on host (if not already there)
 if [ "$WORKDIR" != "$CA_DIR" ]; then
@@ -86,11 +93,11 @@ if [ "$WORKDIR" != "$CA_DIR" ]; then
 fi
 
 # 7. Move certificates and configure nginx for SSL on VM
-$SSHPASS ssh -o StrictHostKeyChecking=no ${VM_USER}@${VM_IP} "sudo mv /home/vagrant/nginx_ip.crt /etc/ssl/certs/nginx_ip.crt"
-$SSHPASS ssh -o StrictHostKeyChecking=no ${VM_USER}@${VM_IP} "sudo mv /home/vagrant/nginx_ip.key /etc/ssl/private/nginx_ip.key"
-$SSHPASS ssh -o StrictHostKeyChecking=no ${VM_USER}@${VM_IP} "sudo mv /home/vagrant/myorgca.pem /etc/ssl/certs/myorgca.pem"
+"${SSH_CMD[@]}" "$SSH_HOST" "sudo mv /home/vagrant/nginx_ip.crt /etc/ssl/certs/nginx_ip.crt"
+"${SSH_CMD[@]}" "$SSH_HOST" "sudo mv /home/vagrant/nginx_ip.key /etc/ssl/private/nginx_ip.key"
+"${SSH_CMD[@]}" "$SSH_HOST" "sudo mv /home/vagrant/myorgca.pem /etc/ssl/certs/myorgca.pem"
 
-$SSHPASS ssh -o StrictHostKeyChecking=no ${VM_USER}@${VM_IP} "sudo bash -c 'cat > /etc/nginx/sites-available/default <<EOF
+"${SSH_CMD[@]}" "$SSH_HOST" "sudo bash -c 'cat > /etc/nginx/sites-available/default <<EOF
 server {
     listen 443 ssl;
     server_name ${VM_IP};
@@ -107,8 +114,8 @@ server {
 EOF
 '"
 
-$SSHPASS ssh -o StrictHostKeyChecking=no ${VM_USER}@${VM_IP} "sudo nginx -t"
-$SSHPASS ssh -o StrictHostKeyChecking=no ${VM_USER}@${VM_IP} "sudo systemctl restart nginx"
+"${SSH_CMD[@]}" "$SSH_HOST" "sudo nginx -t"
+"${SSH_CMD[@]}" "$SSH_HOST" "sudo systemctl restart nginx"
 
 echo "SSL certificate installed and nginx restarted on ${VM_IP}"
 if [ "$WORKDIR" != "$CA_DIR" ]; then
@@ -120,8 +127,8 @@ fi
 # 8. Copy nginx_ip.crt from VM to certs subdirectory in initial working directory
 CERTS_DIR="$WORKDIR/certs"
 mkdir -p "$CERTS_DIR"
-$SSHPASS scp -o StrictHostKeyChecking=no ${VM_USER}@${VM_IP}:/etc/ssl/certs/myorgca.pem "$CERTS_DIR/myorgca.pem"
-echo "nginx_ip.crt copied from VM to $CERTS_DIR/nginx_ip.crt"
+"${SCP_CMD[@]}" "$SSH_HOST":/etc/ssl/certs/myorgca.pem "$CERTS_DIR/myorgca.pem"
+echo "myorgca.pem copied from VM to $CERTS_DIR/myorgca.pem"
 
 # 9. Add myorgca.pem to trusted store on the client (Ubuntu/Debian)
 if [ -f "$CERTS_DIR/myorgca.pem" ]; then