Meltdown and Spectre Vulnerability

Issue:

Meltdown and Spectre vulnerability that includes CVE-2017-5753, CVE-2017-5715, CVE-2017-5754, CVE-2018-3640 and CVE-2018-3639.
The Meltdown vulnerability allows an attacker to bypass the hardware barriers between memory and applications running on the computer, which can allow an attacker to access data, passwords and crypto-keys.
The Spectre vulnerability breaks the isolation between applications that otherwise would be deemed error-free programs. This induces a program to leak its secrets and data using other processes within the memory to access the application.

Solution:

To exploit any of these vulnerabilities, an attacker must be able to run crafted code on an affected device. Although the underlying CPU and operating system combination in a product may be affected by these vulnerabilities, the majority of Perle products are closed systems that do not allow customers to run custom code on the device, and thus are not vulnerable. There is no vector to exploit them.

Perle IOLAN Serial Terminal Servers are, by default, closed systems. However, they are considered potentially vulnerable if a user has written and installed their own custom code, using the Perle Software Development Kit, that allows an unprivileged local attacker to take advantage of speculative execution instructions on modern microprocessor architectures to perform side-channel information disclosure attacks.

Perle recommends customers review Device Plug-ins that they have written and installed, using the Perle SDK, for vulnerabilities. If you are using a Device Plug-in supplied by Perle the system is closed and therefore not vulnerable.

Products Vulnerable only if users install their own custom code:
IOLAN DS / DG IOLAN SDS / SDG
IOLAN TS / TG IOLAN STS / STG
IOLAN SCS

Products Confirmed Not Vulnerable:
Industrial Ethernet Switches
Fiber Media Converters
Ethernet Copper Extenders
Serial and Parallel PCI Cards
Industrial Power Supplies
SFP and XFP Optical Transceiver Modules
Remote Power Switches
PoE+ Injectors
Serial to Fiber Converters
PSI-MODEM-SHDSL/SERIAL to Copper Extenders
PSM-ME-RS232/RS232-P Serial Isolators
PSM-ME-RS232/RS485-P Serial Interface Converters
PSM-ME-RS485 Repeater
TC EXTENDER 2001 ETH-2S
Surge Protectors


Article ID:
635
Published:
6/7/2018 10:05:23 AM
Last Modified:
6/7/2018 10:22:13 AM
Keywords:
Meltdown, Spectre, Vulnerability, CVE-2017-5753, CVE-2017-5715, CVE-2017-5754, CVE-2018-3640, CVE-2018-3639