New security vulnerabilities have been published recently, concerning processors of most current hardware devices. These processors use optimization techniques in code execution, which can lead to leakage of sensitive information.
The vulnerabilities are identified as
- CVE-2017-5754 ('Meltdown') affecting Intel processors
- CVE-2017-5753 / -5715 ('Spectre') affecting most modern processors
More in depth information can be found on https://meltdownattack.com/.
Affected devices / systems
Controllers used in OpSpace and TFN / NG-X11 systems use current Intel processors and so are affected by this vulnerabilities.Severity of these vulnerabilities is rated ‘Medium’, due to the fact that an attacker needs local access or gain access by exploiting other vulnerabilities.
OpSpace controllers
NGP-100 | Linux | affected |
NGP-200 | Linux | affected |
NGP-210 | Linux | affected |
R320 | Linux | affected |
R330 | Linux | affected |
TransForm N controllers
IBM-x3550 | Linux | affected |
R320 | Linux | affected |
R320 | Linux | affected |
NGP-124 | Linux | affected |
NGP-224 | Linux | affected |
NGP-324 | Windows | affected |
NGP-400 | Windows | affected |
NGP-410 | Windows | affected |
NGP-200 | Linux/Windows | affected |
NGP-210 | Linux/Windows | affected |
ECU-100 | Windows | affected |
ECU-110 | Windows | affected |
ECU-200 | Windows | affected |
NG-X11 controllers
NGX-200 | Linux | affected |
NGX-210 | Linux | affected |
NGX-400 | Linux | affected |
NGX-410 | Linux | affected |
Mitigations
Hardware/Firmware
Processor suppliers are working on firmware updates to mitigate the issues. These have to be integrated into BIOS updates by the suppliers of the respective mainboards. Or they can be distributed as OS kernel updates.
Operating SystemsOS suppliers are working to prevent the issues by updates in the execution of processes. Such updates will be distributed as security patches within product Patch Management.
Mitigating actions may impact performance of the systems. Updates on OS or BIOS have to be checked for any performance degradation.
Attacks based on this issues require installation of malicious code on the respective devices. Care should be taken to prevent any illegal access to systems e.g. by using strong passwords or changing passwords frequently.
Meanwhile these issues have been patched in the various security patches of the affected product lines. Please make sure to always have the latest security release installed.