https://www.jsof-tech.com/ripple20/
What a mess.
More to come...
Ripple20 crap show
Re: Ripple20 crap show
Schneider Electric
IP VFD anyone? Should be a treat to firmware upgrade those...
Andover Continuum for bonus points!
EcoStruxure Building SmartX IP Controllers. Double word score!
UPSs, PDUs, protocol gateways, it just goes on and on with most listed as "All Versions". Aka we haven't fixed this yet.
https://download.schneider-electric.com ... 020-175-01
Eaton
Bunch of power grid stuff. Get your generator before they become impossible to find???
https://www.eaton.com/content/dam/eaton ... pple20.pdf
Digi International
https://www.digi.com/resources/security
Cisco
Anyone surprised at this point?
https://tools.cisco.com/security/center ... k-JyBQ5GyC
Dell
https://www.dell.com/support/article/en ... es?lang=en
Caterpillar
Mums the word over there, but I would have to think generators possibly.
https://www.cat.com/en_US/support/techn ... isory.html
Intel
Because they couldn't write their own?
https://www.intel.com/content/www/us/en ... 00295.html
Sounds like some of this code is buried in silicon, might be no fixing that. Intel seems to be the management crap built into motherboards that cannot be turned off in many cases. Part of the Dell issue as well. Yea!
Just the tip of the ice burg I suspect. This is just a hand picked group that hit me as players in our space. No means a complete list as of today.
Wondering if Honeywell can top the number of affected BMSish devices over SE. Thinking of all their wifi resi gear, several product lines, might be able to do it. Will be interesting to watch.
Nice to see SE at least has announced what's affected. Not a small feat from the looks of it. How long it takes to fix is another story.
There are certainly RnD teams in our space working over time right now. Seeing how quickly this gets addressed will speak volumes IMO.
IP VFD anyone? Should be a treat to firmware upgrade those...
Andover Continuum for bonus points!
EcoStruxure Building SmartX IP Controllers. Double word score!
UPSs, PDUs, protocol gateways, it just goes on and on with most listed as "All Versions". Aka we haven't fixed this yet.
https://download.schneider-electric.com ... 020-175-01
Eaton
Bunch of power grid stuff. Get your generator before they become impossible to find???
https://www.eaton.com/content/dam/eaton ... pple20.pdf
Digi International
https://www.digi.com/resources/security
Cisco
Anyone surprised at this point?
https://tools.cisco.com/security/center ... k-JyBQ5GyC
Dell
https://www.dell.com/support/article/en ... es?lang=en
Caterpillar
Mums the word over there, but I would have to think generators possibly.
https://www.cat.com/en_US/support/techn ... isory.html
Intel
Because they couldn't write their own?
https://www.intel.com/content/www/us/en ... 00295.html
Sounds like some of this code is buried in silicon, might be no fixing that. Intel seems to be the management crap built into motherboards that cannot be turned off in many cases. Part of the Dell issue as well. Yea!
Just the tip of the ice burg I suspect. This is just a hand picked group that hit me as players in our space. No means a complete list as of today.
Wondering if Honeywell can top the number of affected BMSish devices over SE. Thinking of all their wifi resi gear, several product lines, might be able to do it. Will be interesting to watch.
Nice to see SE at least has announced what's affected. Not a small feat from the looks of it. How long it takes to fix is another story.
There are certainly RnD teams in our space working over time right now. Seeing how quickly this gets addressed will speak volumes IMO.
Re: Ripple20 crap show
Far as intel goes I was recently shocked when I learned you could not only not get an intel branded motherboard any more but they also recently dropped all support for the ones they made in the past. Seems to be an apple move, they are cutting off edge products and focusing on core business. This was probably more of the same, why do it if we can just buy it. I'm also vaguely unsettled in what's going on with intel management engine, that seems like a potential minefield. Something that's on all the time, even when the computers off.
I used to work at datacenters, I've never seen anything CAT that had a network jack on it. Not even their modbus registers have changed in a decade. Maybe they have a genset aggregator panel that they can throw in as a value add?
Looking at what these chip sets and software do they seem a little too intelligent for most BMS controls. I bet we don't find many of them out there.
I used to work at datacenters, I've never seen anything CAT that had a network jack on it. Not even their modbus registers have changed in a decade. Maybe they have a genset aggregator panel that they can throw in as a value add?
Looking at what these chip sets and software do they seem a little too intelligent for most BMS controls. I bet we don't find many of them out there.
Re: Ripple20 crap show
Yep and this is the second or third major round with their management crap. Been a real PITA to get these patches from 3rd party vendors as well once the system is a few years old.Maxburn wrote: ↑Mon Jul 06, 2020 2:27 pm Far as intel goes I was recently shocked when I learned you could not only not get an intel branded motherboard any more but they also recently dropped all support for the ones they made in the past. Seems to be an apple move, they are cutting off edge products and focusing on core business. This was probably more of the same, why do it if we can just buy it. I'm also vaguely unsettled in what's going on with intel management engine, that seems like a potential minefield. Something that's on all the time, even when the computers off.
Something CAT must have an Ethernet or wifi port on it. Gensets where the first that came to mind. Maybe engine management on large ships or equipment. Could see ships/etc having a service plan that the engine OEM has some service package offering with remote monitoring. Seen some pretty fancy large generators but don't remember all the deets on the available interfaces. Even if it had IP, would have to have some compelling reason to use that over 485. This kind of BS being a large portion of not wanting it. Getting answers from CAT in a timely fashion as the controls outfit? Muhaha! Have enough of a handful dealing with our control products and keeping current with the issue of the day. Now I want to add all the other crazy crap that might have an IP port?!? #2 pencil in the eye till it hits the back of my skull. Has Belimo commented on their valves with IP yet? Its getting more important to keep everything current and the number of IP devices coming to market is skyrocketing. Perfect storm, just a matter of time.
Use rack mounted servers? I know we had stuff out there that ended up with the prior round of crap. Its built down in an secondary unheard of processor that basically gets the main Intel processor started at turn on. Its always running, it has access to everything with God like privilege. It was pretty prevalent among the typical machines that would end up in commercial settings. Last I knew, it cannot be disabled either. Security now covered the last round. Off memory one good work around SG mentioned is this management BS only listens on the primary Ethernet port if there is more than one. So just don't use it.
BIOS upgrades on these isn't something I like. Last time I had one hang on a system that needed to be back up. Got lunch came back an hour later...no change. Pulled power and rebooted. It failed back to its prior BIOS and fired back up as luck would have it. Swallowed it on the second attempt. Had a second identical machine onsite. Still, this is not the excitement I really want to deal with on a regular basis for every random device we tie into our system.