[Solved] Impact of ‘Meltdown’ and ‘Spectre’ vulnerabilities on Barco Operator Experience systems

Article number: [5864] - Legacy code: [6310]

Applicable to

New security vulnerabilities have been published recently, concerning processors of most current hardware devices. These processors use optimization techniques in code execution, which can lead to leakage of sensitive information.

 

The vulnerabilities are identified as

  • CVE-2017-5754 ('Meltdown') affecting Intel processors
  • CVE-2017-5753 / -5715 ('Spectre') affecting most modern processors

More in depth information can be found on https://meltdownattack.com/.

 

Affected devices / systems

Controllers used in OpSpace and TFN / NG-X11 systems use current Intel processors and so are affected by this vulnerabilities.Severity of these vulnerabilities is rated ‘Medium’, due to the fact that an attacker needs local access or gain access by exploiting other vulnerabilities.

 OpSpace controllers

NGP-100Linuxaffected
NGP-200Linuxaffected
NGP-210Linuxaffected
R320Linuxaffected
R330Linuxaffected

TransForm N controllers

IBM-x3550Linuxaffected
R320Linuxaffected
R320Linuxaffected
NGP-124Linuxaffected
NGP-224Linuxaffected
NGP-324Windowsaffected
NGP-400Windowsaffected
NGP-410Windowsaffected
NGP-200Linux/Windowsaffected
NGP-210Linux/Windowsaffected
ECU-100Windowsaffected
ECU-110Windowsaffected
ECU-200Windowsaffected

NG-X11 controllers

NGX-200Linuxaffected
NGX-210Linuxaffected
NGX-400Linuxaffected
NGX-410Linuxaffected

 

Mitigations

Hardware/Firmware
Processor suppliers are working on firmware updates to mitigate the issues. These have to be integrated into BIOS updates by the suppliers of the respective mainboards. Or they can be distributed as OS kernel updates.

Operating SystemsOS suppliers are working to prevent the issues by updates in the execution of processes. Such updates will be distributed as security patches within product Patch Management.

Mitigating actions may impact performance of the systems. Updates on OS or BIOS have to be checked for any performance degradation.

Attacks based on this issues require installation of malicious code on the respective devices. Care should be taken to prevent any illegal access to systems e.g. by using strong passwords or changing passwords frequently.

Meanwhile these issues have been patched in the various security patches of the affected product lines. Please make sure to always have the latest security release installed.

Properties

Last updated Jun 14, 2022