| Article No° | Product Name | Affected Version(s) |
|---|---|---|
| DVG-IRF1401, DVG-IRF1421 | IRF1000 | <= 1.6.9 |
| DVG-IRF3401, DVG-IRF3421, DVG-IRF3801. DVG-IRF3821 | IRF3000 | <= 1.3.9 |
The affected products and versions present a vulnerability due to a vulnerable integrated software component the docker runc <= 1.1.11. In the worst-case scenario, the integrated Docker container environment could be compromised, potentially enabling the execution of arbitrary code within the Docker environment or neighboring Docker containers if dockerfiles or Docker images from untrusted sources are utilized.
It's crucial to emphasize that while the Docker environment is vulnerable, the host operating system remains
unharmed due to its isolation from the Docker environment within the ads-tec products.
Using Docker images or Dockerfiles from untrusted sources poses a risk. This advice is especially pertinent for Docker use in productive operational technology (OT) environments, and it's our expectation that our customers adhere strictly to this guidance anyway.
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 includes patches for this issue.
In ads-tec products, Docker is integrated using a rootless mode, altering the impact of vulnerabilities. A potential attacker's ability to compromise the Docker environment is confined to the Docker user level and the writable, isolated ("chrooted") filesystem environment. As a result, while the attacker may affect all Docker containers on the system and potentially cause a denial of service (DoS) on the main operating system, they cannot directly compromise the main operating system's integrity.
Mitigation
Follow the suggestions of the Docker project:
If you are unable to update to an unaffected version promptly after it is released, follow these best practices to mitigate risk:
For users who wish to ensure their device remains secure and there is an indication that the device may have
been compromised, we recommend updating the device firmware and reinstalling all Docker images. The update process for the device will clear and reset the writable parts of the chroot filesystem environment, ensuring no remnants are left behind. This precautionary measure is advised only if there's evidence suggesting that the docker environment on the device might be compromised.
Remediation
The issue is resolved with IRF1000 version 1.6.10 and IRF3000 version 1.3.10
CERT@VDE coordinated with ADS-TEC Industrial IT