Share: Email | Twitter

ID

VDE-2018-003

Published

2018-03-23 10:43 (CET)

Last update

2018-03-23 10:43 (CET)

Vendor(s)

PHOENIX CONTACT GmbH & Co. KG

Product(s)

Article No° Product Name Affected Version(s)
AXC 3051 <= current version
2404267 AXC F 2152 <= current version
BL2 BPC 1000 <= current version
BL2 BPC 2000 <= current version
BL2 BPC 7000 <= current version
BL2 PPC 1000 <= current version
BL2 PPC 2000 <= current version
BL2 PPC 7000 <= current version
BL BPC 2000 <= current version
BL BPC 2001 <= current version
BL BPC 3000 <= current version
BL BPC 3001 <= current version
BL BPC 7000 <= current version
BL BPC 7001 <= current version
BL PPC 1000 <= current version
BL PPC12 1000 <= current version
BL PPC15 1000 <= current version
BL PPC15 3000 <= current version
BL PPC15 7000 <= current version
BL PPC17 1000 <= current version
BL PPC17 3000 <= current version
BL PPC17 7000 <= current version
BL PPC 7000 <= current version
BL RACKMOUNT 2U <= current version
BL RACKMOUNT 4U <= current version
DL PPC15 1000 <= current version
DL PPC15M 7000 <= current version
DL PPC18.5M 7000 <= current version
DL PPC21.5M 7000 <= current version
EL PPC 1000 <= current version
EL PPC 1000/M <= current version
EL PPC 1000/WT <= current version
TP 3000 <= current version
TP 3000/P <= current version
TP 3000/WT <= current version
TPM 3000 <= current version
VALUELINE IPC <= current version
VL2 BPC 1000 <= current version
VL2 BPC 2000 <= current version
VL2 BPC 3000 <= current version
VL2 BPC 7000 <= current version
VL2 BPC 9000 <= current version
VL2 PPC 1000 <= current version
VL2 PPC12 1000 <= current version
VL2 PPC 2000 <= current version
VL2 PPC 3000 <= current version
VL2 PPC 7000 <= current version
VL2 PPC7 1000 <= current version
VL2 PPC 9000 <= current version
VL2 PPC9 1000 <= current version
VL BPC 1000 <= current version
VL BPC 2000 <= current version
VL BPC 3000 <= current version
VL IPC P7000 <= current version
VL PPC 2000 <= current version
VL PPC 3000 <= current version
WP 3000 <= current version

Summary

Several CPUs manufactured by Intel, AMD or based on ARM technology may leak information due to their internal operation if attacked by specifically written software executed on the affected systems.

The information in this advisory is based on the statements of respective manufacturers.

Vulnerabilities



Last Update
Sept. 22, 2019, 12:44 p.m.
Weakness
Information Exposure (CWE-200)
Summary
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
Last Update
Sept. 22, 2019, 12:44 p.m.
Weakness
Information Exposure (CWE-200)
Summary
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.
Last Update
Sept. 22, 2019, 12:44 p.m.
Weakness
Information Exposure (CWE-200)
Summary
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

Impact

Microprocessors from Intel and AMD using the x86 architecture and some microprocessors using the ARM, PowerPC, and MIPS architecture may be susceptible to a group of attacks named Meltdown and Spectre. These attacks may lead to a (complete) disclosure of information in the memory of systems. Integrity and availability are not affected, but information gained using these weaknesses may be used in further attacks.

Meltdown [CVE-2017-5754] allows reading the complete memory of the attacked system using a specifically crafted executable code.

Spectre [version 1: CVE-2017-5753, version 2: CVE-2017-5715] allows reading the memory of other processes using a specifically crafted executable code or dynamic code as used in web browsers.

Only those systems can be affected that allow the installation/execution of custom code or load dynamic contents from foreign/untrusted sources. If only the root/administrative user can install/execute custom code, no additional risk exists, as the root/administrative user can read the information without exploiting this vulnerability. If a web browser can be used to view foreign web pages, the Spectre attack must be considered.

Systems that do not allow installation/execution of custom code are not affected.

Solution

On Industrial PCs and HMIs that operate with user installable or upgradable operating systems (mainly Windows) the latest version or update may be installed if required in the use case. As the update may have a performance impact, the application should be tested accordingly.

Reported by

Jann Horn (Google Project Zero), Werner Haas, Thomas Prescher (Cyberus Technology), Daniel Gruss, Moritz Lipp, Stefan Mangard, Michael Schwarz (Graz University of Technology) published the Meltdown attack on https://meltdownattack.com/.

Jann Horn (Google Project Zero) and Paul Kocher, Daniel Genkin (University of Pennsylvania and University of Maryland), Mike Hamburg (Rambus), Moritz Lipp (Graz University of Technology), and Yuval Yarom (University of Adelaide and Data61) published the Spectre attack on https://meltdownattack.com/.

PHOENIX CONTACT reported this vulnerability to CERT@VDE.