VDE-2018-009
Vulnerability from csaf_pepperlfuchsse - Published: 2018-07-06 14:47 - Updated: 2018-10-23 10:00Summary
Pepperl+Fuchs: Security advisory for MELTDOWN and SPECTRE attacks in ecom mobile Devices
Notes
Summary: Critical vulnerabilities within several CPUs have been identified by security researchers. These hardware vulnerabilities allow programs to learn about the contents of a system's memory, using side-channel attacks. Potential attack vectors against these vulnerabilities have been published and dubbed Meltdown and Spectre.
While programs are typically not permitted to read data from the OS kernel or from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in kernel memory or the memory of other programs executed on the same CPU.
As a consequence, an exploit could allow attackers to get access to any sensitive data, including passwords or cryptographic keys.
Impact: Pepperl+Fuchs analyzed ecom Instruments devices in respect of Meltdown and Spectre attacks. To our current knowledge only i.roc Ci70-Ex, Cx70-Ex, CT50-Ex, Pad-Ex 01, Tab-Ex 01, Smart-Ex 01, Smart-Ex 201, Ex-Handy 09, Ex-Handy 209 are potentially affected by these vulnerabilities.
In order to exploit these vulnerabilities, an attacker needs to be able to execute arbitrary code on the CPU of the target system.
ecom mobile devices are normally used in the corporate network. This implies that outgoing connections and local software installations have to be configured by administrators. If these steps are taken, this greatly reduces the risk of unwittingly accessing malicious content and executing unknown code, e.g. by accessing a website that was prepared by an attacker.
However, if a malicious website is accessed, an attacker could gain knowledge of all data in the memory of the mobile device, including passwords.
Remediation: ### Android
**Pepperl+Fuchs** has released firmware updates for the following products:
| Product | Date | Update Source |
|---------------|--------------------------|----------------|
| Smart-Ex 01 | Available since 09/2018 | FOTA-Update |
| Smart-Ex 201 | Available since 10/2018 | FOTA-Update |
---
### Microsoft Windows
Customers using ecom mobile devices from the following product families:
- i.roc Ci70-Ex
- Cx70-Ex
- CT50-Ex
- Pad-Ex 01
should follow these guidelines:
- If preconfigured server connections or websites exist, **restrict them to secured and trusted servers**.
- **Use secure protocols** such as HTTPS.
- Restrict end users so that they can only use the system as configured by administrators.
- General access to web pages should be protected through:
- Kiosk mode
- Mobile Device Management (MDM)
- Additional security software
- Ensure that **whitelisted websites do not redirect to untrusted servers** or websites.
### Pad-Ex 01 with Microsoft Windows OS
- Microsoft offers security patches, downloadable directly from the [Microsoft website](https://www.microsoft.com).
### CT50-Ex
- Fix available in versions:
`68.01.15`, `69.01.15`, `70.01.15`, `71.01.15`
- Windows 10 IoT Mobile patch from Microsoft is available.
### i.roc Ci70-Ex and Cx70-Ex
- Mitigation via security controls — see additional resources:
[Windows Mobile 6.5 Network Security Guide (Honeywell)](https://www.honeywellaidc.com/en/-/media/en/files-public/security-notices/windows-mobile-6_5-network-security-guide-en.pdf)
**Please note:** Microsoft security patches directly affect **machine code execution on the CPU**. Installing these patches might impact **system performance** or **stability**.
---
This advisory will be updated as further details and/or software updates become available.
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
5.6 (Medium)
Vendor Fix
23.10.2018, Update A:
Firmware for Android based devices now available
Android:
Pepperl+Fuchs has released firmware updates for the following products
| Product | Date | Updatesource |
|---------------|----------------------|---------------|
| Smart-Ex 01 | Available since 09/2018 | FOTA-Update |
| Smart-Ex 201 | Available since 10/2018 | FOTA-Update |
Vendor Fix
For Pad-Ex 01 with Microsoft Windows Operating Systems, Microsoft offers security patches which can be directly downloaded from the Microsoft website.
Vendor Fix
For CT50-Ex
Fix Available in 68.01.15, 69.01.15, 70.01.15, 71.01.15
Windows 10 IoT Mobile Patch from Microsoft Available.
Vendor Fix
For i.roc Ci70-Ex and Cx70-Ex
Mitigate w/ Security Controls – See Additional Resources
https://www.honeywellaidc.com/en/-/media/en/files-public/security-notices/windows-mobile-6_5-network-security-guide-en.pdf
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
5.6 (Medium)
Vendor Fix
23.10.2018, Update A:
Firmware for Android based devices now available
Android:
Pepperl+Fuchs has released firmware updates for the following products
| Product | Date | Updatesource |
|---------------|----------------------|---------------|
| Smart-Ex 01 | Available since 09/2018 | FOTA-Update |
| Smart-Ex 201 | Available since 10/2018 | FOTA-Update |
Vendor Fix
For Pad-Ex 01 with Microsoft Windows Operating Systems, Microsoft offers security patches which can be directly downloaded from the Microsoft website.
Vendor Fix
For CT50-Ex
Fix Available in 68.01.15, 69.01.15, 70.01.15, 71.01.15
Windows 10 IoT Mobile Patch from Microsoft Available.
Vendor Fix
For i.roc Ci70-Ex and Cx70-Ex
Mitigate w/ Security Controls – See Additional Resources
https://www.honeywellaidc.com/en/-/media/en/files-public/security-notices/windows-mobile-6_5-network-security-guide-en.pdf
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
5.6 (Medium)
Vendor Fix
23.10.2018, Update A:
Firmware for Android based devices now available
Android:
Pepperl+Fuchs has released firmware updates for the following products
| Product | Date | Updatesource |
|---------------|----------------------|---------------|
| Smart-Ex 01 | Available since 09/2018 | FOTA-Update |
| Smart-Ex 201 | Available since 10/2018 | FOTA-Update |
Vendor Fix
For Pad-Ex 01 with Microsoft Windows Operating Systems, Microsoft offers security patches which can be directly downloaded from the Microsoft website.
Vendor Fix
For CT50-Ex
Fix Available in 68.01.15, 69.01.15, 70.01.15, 71.01.15
Windows 10 IoT Mobile Patch from Microsoft Available.
Vendor Fix
For i.roc Ci70-Ex and Cx70-Ex
Mitigate w/ Security Controls – See Additional Resources
https://www.honeywellaidc.com/en/-/media/en/files-public/security-notices/windows-mobile-6_5-network-security-guide-en.pdf
References
Acknowledgments
CERT@VDE
Google Project Zero
Jann Horn
Cyberus Technology
Werner Haas
Thomas Prescher
Graz University of Technology
Daniel Gruss
Moritz Lipp
Stefan Mangard
Michael Schwarz
University of Pennsylvania and University of Maryland
Paul Kocher
Daniel Genkin
Rambus
Mike Hamburg
University of Adelaide and Data61
Yuval Yarom
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination"
},
{
"names": [
"Jann Horn"
],
"organization": "Google Project Zero",
"summary": "discovery"
},
{
"names": [
"Werner Haas",
"Thomas Prescher"
],
"organization": "Cyberus Technology",
"summary": "discovery"
},
{
"names": [
"Daniel Gruss",
"Moritz Lipp",
"Stefan Mangard",
"Michael Schwarz"
],
"organization": "Graz University of Technology",
"summary": "discovery"
},
{
"names": [
"Paul Kocher",
"Daniel Genkin"
],
"organization": "University of Pennsylvania and University of Maryland",
"summary": "discovery"
},
{
"names": [
"Mike Hamburg"
],
"organization": "Rambus",
"summary": "discovery"
},
{
"names": [
"Yuval Yarom"
],
"organization": "University of Adelaide and Data61",
"summary": "discovery"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "Critical vulnerabilities within several CPUs have been identified by security researchers. These hardware vulnerabilities allow programs to learn about the contents of a system\u0027s memory, using side-channel attacks. Potential attack vectors against these vulnerabilities have been published and dubbed Meltdown and Spectre.\n\nWhile programs are typically not permitted to read data from the OS kernel or from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in kernel memory or the memory of other programs executed on the same CPU. \n\nAs a consequence, an exploit could allow attackers to get access to any sensitive data, including passwords or cryptographic keys.",
"title": "Summary"
},
{
"category": "description",
"text": "Pepperl+Fuchs analyzed ecom Instruments devices in respect of Meltdown and Spectre attacks. To our current knowledge only i.roc Ci70-Ex, Cx70-Ex, CT50-Ex, Pad-Ex 01, Tab-Ex 01, Smart-Ex 01, Smart-Ex 201, Ex-Handy 09, Ex-Handy 209 are potentially affected by these vulnerabilities.\n\nIn order to exploit these vulnerabilities, an attacker needs to be able to execute arbitrary code on the CPU of the target system.\n\necom mobile devices are normally used in the corporate network. This implies that outgoing connections and local software installations have to be configured by administrators. If these steps are taken, this greatly reduces the risk of unwittingly accessing malicious content and executing unknown code, e.g. by accessing a website that was prepared by an attacker.\n\nHowever, if a malicious website is accessed, an attacker could gain knowledge of all data in the memory of the mobile device, including passwords.",
"title": "Impact"
},
{
"category": "description",
"text": "### Android\n\n**Pepperl+Fuchs** has released firmware updates for the following products:\n\n| Product | Date | Update Source |\n|---------------|--------------------------|----------------|\n| Smart-Ex 01 | Available since 09/2018 | FOTA-Update |\n| Smart-Ex 201 | Available since 10/2018 | FOTA-Update |\n\n---\n\n### Microsoft Windows\n\nCustomers using ecom mobile devices from the following product families:\n\n- i.roc Ci70-Ex \n- Cx70-Ex \n- CT50-Ex \n- Pad-Ex 01 \n\nshould follow these guidelines:\n\n- If preconfigured server connections or websites exist, **restrict them to secured and trusted servers**.\n- **Use secure protocols** such as HTTPS.\n- Restrict end users so that they can only use the system as configured by administrators.\n- General access to web pages should be protected through:\n - Kiosk mode\n - Mobile Device Management (MDM)\n - Additional security software\n- Ensure that **whitelisted websites do not redirect to untrusted servers** or websites.\n\n### Pad-Ex 01 with Microsoft Windows OS\n\n- Microsoft offers security patches, downloadable directly from the [Microsoft website](https://www.microsoft.com).\n\n### CT50-Ex\n\n- Fix available in versions: \n `68.01.15`, `69.01.15`, `70.01.15`, `71.01.15`\n- Windows 10 IoT Mobile patch from Microsoft is available.\n\n### i.roc Ci70-Ex and Cx70-Ex\n\n- Mitigation via security controls \u2014 see additional resources: \n [Windows Mobile 6.5 Network Security Guide (Honeywell)](https://www.honeywellaidc.com/en/-/media/en/files-public/security-notices/windows-mobile-6_5-network-security-guide-en.pdf)\n\n**Please note:** Microsoft security patches directly affect **machine code execution on the CPU**. Installing these patches might impact **system performance** or **stability**.\n\n---\n\nThis advisory will be updated as further details and/or software updates become available.",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "cert@pepperl-fuchs.com",
"name": "Pepperl+Fuchs SE",
"namespace": "https://www.pepperl-fuchs.com"
},
"references": [
{
"category": "external",
"summary": "CERT@VDE Security Advisories for Pepperl+Fuchs SE",
"url": "https://certvde.com/en/advisories/vendor/pepperl-fuchs/"
},
{
"category": "self",
"summary": "VDE-2018-009: Pepperl+Fuchs: Security advisory for MELTDOWN and SPECTRE attacks in ecom mobile Devices - HTML",
"url": "https://certvde.com/en/advisories/VDE-2018-009/"
},
{
"category": "self",
"summary": "VDE-2018-009: Pepperl+Fuchs: Security advisory for MELTDOWN and SPECTRE attacks in ecom mobile Devices - CSAF",
"url": "https://pepperl-fuchs.csaf-tp.certvde.com/.well-known/csaf/white/2018/vde-2018-009.json"
},
{
"summary": "Vendor PSIRT",
"url": "https://www.pepperl-fuchs.com"
}
],
"title": "Pepperl+Fuchs: Security advisory for MELTDOWN and SPECTRE attacks in ecom mobile Devices",
"tracking": {
"aliases": [
"VDE-2018-009"
],
"current_release_date": "2018-10-23T10:00:00.000Z",
"generator": {
"date": "2025-06-12T12:48:15.868Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.27"
}
},
"id": "VDE-2018-009",
"initial_release_date": "2018-07-06T14:47:00.000Z",
"revision_history": [
{
"date": "2018-07-06T14:47:00.000Z",
"number": "1.0.0",
"summary": "Initial revision."
},
{
"date": "2018-10-23T10:00:00.000Z",
"number": "1.1.0",
"summary": "Firmware for Android based devices now available."
}
],
"status": "final",
"version": "1.1.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": " 68.01.15",
"product": {
"name": "Windows 10 IoT Mobile 68.01.15",
"product_id": "CSAFPID-90001"
}
},
{
"category": "product_name",
"name": "69.01.15",
"product": {
"name": "Windows 10 IoT Mobile 69.01.15",
"product_id": "CSAFPID-90002"
}
},
{
"category": "product_name",
"name": "70.01.15",
"product": {
"name": "Windows 10 IoT Mobile 70.01.15",
"product_id": "CSAFPID-90003"
}
},
{
"category": "product_name",
"name": "71.01.15",
"product": {
"name": "Windows 10 IoT Mobile 71.01.15",
"product_id": "CSAFPID-90004"
}
},
{
"category": "product_version_range",
"name": "\u003c68.01.15",
"product": {
"name": "Windows 10 IoT Mobile \u003c68.01.15",
"product_id": "CSAFPID-90014"
}
}
],
"category": "product_name",
"name": "10 IoT Mobile"
},
{
"category": "product_name",
"name": "Operating Systems",
"product": {
"name": "Windows Operating Systems",
"product_id": "CSAFPID-90005"
}
},
{
"category": "product_name",
"name": "Embedded Handheld",
"product": {
"name": "Windows Embedded Handheld",
"product_id": "CSAFPID-90006"
}
}
],
"category": "product_name",
"name": "Windows"
}
],
"category": "product_family",
"name": "OS"
}
],
"category": "vendor",
"name": "Microsoft"
},
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c09/2018 FOTA-Update",
"product": {
"name": "Android \u003c09/2018 FOTA-Update",
"product_id": "CSAFPID-90010"
}
},
{
"category": "product_version_range",
"name": "\u003c10/2018 FOTA-Update",
"product": {
"name": "Android \u003c10/2018 FOTA-Update",
"product_id": "CSAFPID-90011"
}
},
{
"category": "product_version",
"name": "09/2018 FOTA-Update",
"product": {
"name": "Android 09/2018 FOTA-Update",
"product_id": "CSAFPID-90012"
}
},
{
"category": "product_version",
"name": "10/2018 FOTA-Update",
"product": {
"name": "Android 10/2018 FOTA-Update",
"product_id": "CSAFPID-90013"
}
}
],
"category": "product_name",
"name": "Android"
}
],
"category": "product_family",
"name": "OS"
}
],
"category": "vendor",
"name": "Linux"
},
{
"branches": [
{
"branches": [
{
"category": "product_family",
"name": "CT50-Ex",
"product": {
"name": "CT50-Ex",
"product_id": "CSAFPID-11001"
}
},
{
"category": "product_name",
"name": "Cx70-Ex",
"product": {
"name": "Cx70-Ex",
"product_id": "CSAFPID-11002"
}
},
{
"category": "product_name",
"name": "Ex-Handy 09",
"product": {
"name": "Ex-Handy 09",
"product_id": "CSAFPID-11003"
}
},
{
"category": "product_name",
"name": "Ex-Handy 209",
"product": {
"name": "Ex-Handy 209",
"product_id": "CSAFPID-11004"
}
},
{
"category": "product_name",
"name": "i.roc Ci70-Ex",
"product": {
"name": "i.roc Ci70-Ex",
"product_id": "CSAFPID-11005"
}
},
{
"category": "product_name",
"name": "Pad-Ex 01",
"product": {
"name": "Pad-Ex 01",
"product_id": "CSAFPID-11006"
}
},
{
"category": "product_name",
"name": "Smart-Ex 01",
"product": {
"name": "Smart-Ex 01",
"product_id": "CSAFPID-11007"
}
},
{
"category": "product_name",
"name": "Smart-Ex 201",
"product": {
"name": "Smart-Ex 201",
"product_id": "CSAFPID-11008"
}
},
{
"category": "product_name",
"name": "Tab-Ex 01",
"product": {
"name": "Tab-Ex 01",
"product_id": "CSAFPID-11009"
}
}
],
"category": "product_family",
"name": "Hardware"
}
],
"category": "vendor",
"name": "Pepperl+Fuchs"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31013"
],
"summary": "Affected Windows Products"
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-31006",
"CSAFPID-31008"
],
"summary": "Affected Android Products"
},
{
"group_id": "CSAFGID-0003",
"product_ids": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004"
],
"summary": "Fixed Windows Products"
},
{
"group_id": "CSAFGID-0004",
"product_ids": [
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-31006",
"CSAFPID-31008"
],
"summary": "Fixed Android Products"
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Windows 10 IoT Mobile 68.01.15 installed on CT50-Ex",
"product_id": "CSAFPID-32001"
},
"product_reference": "CSAFPID-90001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Windows 10 IoT Mobile 69.01.15 installed on CT50-Ex",
"product_id": "CSAFPID-32002"
},
"product_reference": "CSAFPID-90002",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Windows 10 IoT Mobile 70.01.15 installed on CT50-Ex",
"product_id": "CSAFPID-32003"
},
"product_reference": "CSAFPID-90003",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Windows 10 IoT Mobile 71.01.15 installed on CT50-Ex",
"product_id": "CSAFPID-32004"
},
"product_reference": "CSAFPID-90004",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Android 09/2018 FOTA-Update installed on Smart-Ex 01",
"product_id": "CSAFPID-32005"
},
"product_reference": "CSAFPID-90012",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Android \u003c09/2018 FOTA-Update installed on Smart-Ex 01",
"product_id": "CSAFPID-31006"
},
"product_reference": "CSAFPID-90010",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Android 10/2018 FOTA-Update installed on Smart-Ex 201",
"product_id": "CSAFPID-32007"
},
"product_reference": "CSAFPID-90013",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Android \u003c10/2018 FOTA-Update installed on Smart-Ex 201",
"product_id": "CSAFPID-31008"
},
"product_reference": "CSAFPID-90011",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Windows Operating Systems installed on Pad-Ex 01",
"product_id": "CSAFPID-31009"
},
"product_reference": "CSAFPID-90005",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Windows Embedded Handheld installed on i.roc Ci70-Ex",
"product_id": "CSAFPID-31010"
},
"product_reference": "CSAFPID-90006",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Windows Embedded Handheld installed on Cx70-Ex",
"product_id": "CSAFPID-31011"
},
"product_reference": "CSAFPID-90006",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Windows 10 IoT Mobile \u003c68.01.15 installed on CT50-Ex",
"product_id": "CSAFPID-31013"
},
"product_reference": "CSAFPID-90014",
"relates_to_product_reference": "CSAFPID-11001"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-5753",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "description",
"text": "Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis."
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007"
],
"known_affected": [
"CSAFPID-31006",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31013"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "23.10.2018, Update A: \nFirmware for Android based devices now available\u00a0\nAndroid:\nPepperl+Fuchs\u00a0has released firmware updates for the following products\n| Product | Date | Updatesource |\n|---------------|----------------------|---------------|\n| Smart-Ex 01 | Available since 09/2018 | FOTA-Update |\n| Smart-Ex 201 | Available since 10/2018 | FOTA-Update |",
"group_ids": [
"CSAFGID-0002"
]
},
{
"category": "vendor_fix",
"details": "For Pad-Ex 01 with Microsoft Windows Operating Systems, Microsoft offers security patches which can be directly downloaded from the Microsoft website.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "For CT50-Ex\nFix Available in 68.01.15, 69.01.15, 70.01.15, 71.01.15\nWindows 10 IoT Mobile Patch from Microsoft Available.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "For i.roc Ci70-Ex and Cx70-Ex\nMitigate w/ Security Controls \u2013 See Additional Resources\nhttps://www.honeywellaidc.com/en/-/media/en/files-public/security-notices/windows-mobile-6_5-network-security-guide-en.pdf",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 5.6,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"temporalScore": 5.6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-31006",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31013"
]
}
],
"title": "CVE-2017-5753"
},
{
"cve": "CVE-2017-5754",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "description",
"text": "Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis."
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007"
],
"known_affected": [
"CSAFPID-31006",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31013"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "23.10.2018, Update A: \nFirmware for Android based devices now available\u00a0\nAndroid:\nPepperl+Fuchs\u00a0has released firmware updates for the following products\n| Product | Date | Updatesource |\n|---------------|----------------------|---------------|\n| Smart-Ex 01 | Available since 09/2018 | FOTA-Update |\n| Smart-Ex 201 | Available since 10/2018 | FOTA-Update |",
"group_ids": [
"CSAFGID-0002"
]
},
{
"category": "vendor_fix",
"details": "For Pad-Ex 01 with Microsoft Windows Operating Systems, Microsoft offers security patches which can be directly downloaded from the Microsoft website.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "For CT50-Ex\nFix Available in 68.01.15, 69.01.15, 70.01.15, 71.01.15\nWindows 10 IoT Mobile Patch from Microsoft Available.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "For i.roc Ci70-Ex and Cx70-Ex\nMitigate w/ Security Controls \u2013 See Additional Resources\nhttps://www.honeywellaidc.com/en/-/media/en/files-public/security-notices/windows-mobile-6_5-network-security-guide-en.pdf",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 5.6,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"temporalScore": 5.6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-31006",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31013"
]
}
],
"title": "CVE-2017-5754"
},
{
"cve": "CVE-2017-5715",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "description",
"text": "Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis."
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007"
],
"known_affected": [
"CSAFPID-31006",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31013"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "23.10.2018, Update A: \nFirmware for Android based devices now available\u00a0\nAndroid:\nPepperl+Fuchs\u00a0has released firmware updates for the following products\n| Product | Date | Updatesource |\n|---------------|----------------------|---------------|\n| Smart-Ex 01 | Available since 09/2018 | FOTA-Update |\n| Smart-Ex 201 | Available since 10/2018 | FOTA-Update |",
"group_ids": [
"CSAFGID-0002"
]
},
{
"category": "vendor_fix",
"details": "For Pad-Ex 01 with Microsoft Windows Operating Systems, Microsoft offers security patches which can be directly downloaded from the Microsoft website.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "For CT50-Ex\nFix Available in 68.01.15, 69.01.15, 70.01.15, 71.01.15\nWindows 10 IoT Mobile Patch from Microsoft Available.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "For i.roc Ci70-Ex and Cx70-Ex\nMitigate w/ Security Controls \u2013 See Additional Resources\nhttps://www.honeywellaidc.com/en/-/media/en/files-public/security-notices/windows-mobile-6_5-network-security-guide-en.pdf",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 5.6,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"temporalScore": 5.6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-31006",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31013"
]
}
],
"title": "CVE-2017-5715"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…