The Security Advisory lists identified risks and vulnerabilities in Hilscher products.
If you consider the actual impact of a particular vulnerability on your own product, please regard the overall context.
Security Advisory
| Security Advisory | Reporter | Affects | Not affected | Impact | CVSS | Severity | Last modified |
|---|---|---|---|---|---|---|---|
| 2021-12-17 Vulnerability of Log4j | CVE-2021-44228 | not affected | CIF, COM, cifX, comX, netX, netIC, netJACK, netRAPID, netTAP, netHOST, netSWITCH, netLINK MPI & Proxy, netFIELD Device, Smartwire Gateways netX/cifX toolkit and CIF / CifX device drivers Sycon32, Sycon.net, Communication Studio, DTM Library, DeviceLibrary, netHOST Tool, Ethernet Device Configuration, netX Configuration Tool, DeviceExplorer netANALYZER netFIELD.io / netFIELD CLOUD netFIELD Device Manager netFIELD App PROFINET / EtherCAT Tap netFIELD App PROFINET Device netFIELD App Platform Connector netFIELD App OPC UA Client netFIELD App Edge Monitor | None | 0 | NONE |
|
| 2020-12-03 Denial of Service vulnerability in PROFINET IO Device | Internal | Hilscher PROFINET IO Device prior V3.14.0.7 | - | Denial-Of-Service | 7.5 | HIGH |
|
| 2019-08-08 EtherNet/IP stack crash for specific CIP service | Internal | Hilscher EtherNet/IP Adapter V2 prior to V2.13.0.21 | - | denial-of-service, remote code execution | 7.5 | HIGH |
|
| 2019-04-15 Hilscher webserver memory corruption vulnerability | Internal | Hilscher servX Webserver component V1.3.8.0, V1.3.9.0, V1.3.10.0, V1.3.11.0, V1.4.0.0, V1.6.0.0 | denial-of-service, remote code execution | 7.4 | HIGH |
| |
| 2019-04-10 Wrong handling of the UDP checksum | Internal | All Hilscher rcX RTOS versions prior to V2.1.14.1 | rcX V2.1.14.1 | denial-of-service | 4.6 | MEDIUM |
|
| 2020-09-07 Ripple20 Impacts on LwIP / Hilscher TCP | CVE-2020-11896/CVE-2020-11898 | not affected | Hilscher TCP, LwIP | None | 0 | NONE |
|
| 2020-04-28 Side channel vulnerability of ECDSA key generation | CVE-2019-18222 | Hilscher mbedTLS prior to V1.2.0.0 | Hilscher mbedTLS V1.2.0.0 | Private Key Recovery, Forging | 4.7 | MEDIUM | |
| 2018-03-02 Vulnerability of Speculative Processors to Cache Timing Side-Channel Mechanism | netX4000, netX4100 | other | confidentiality loss | 4.7 | MEDIUM |
Overview
Content Tools