Important announcement to customers who are using Pro-face Industrial PC products and Smart portal SP5000 Series Open BOX module
Thank you very much for your continuous use of Pro-face products.
We are aware of a security vulnerability in a wide range of Intel CPUs that may allow information disclosure. If exploited, the Microarchitectural Data Sampling (MDS) vulnerability, also named ZombieLoad, FallOut, and RIDL, would allow a malicious user who can locally execute code on a system to collect and analyze large amounts of protected data.
Pro-face continues to assess the MDS vulnerability impact on our offers. In the meantime, we advise customers to refer immediately to Intel's security updates webpage for further information and guidance.
Description of the Issue
Desktop, laptop, and virtual computers could be affected by the MDS vulnerability.
Please refer to Intel's MDS table in the Deep Dive: CPUID Enumeration and Architectural MSRs (link is external) for a list of Intel processors that might be affected by MDS. Proof of concept exploit code has already been made public by the researchers who discovered this issue.
CVE-2018-12126, CVE-2018-12130, CVE-2018-12127, CVE-2019-11091 are the official vulnerability references for the MDS vulnerabilities.
Products Affected
Smart Portal
Product Name | SP5000 Series |
---|---|
Product Module | Open BOX Module (SP-5B40, SP-5B41) |
Industrial Personal Computer (IPC)
Product Name | PS5000 Series, PS4000 Series |
---|
Recommended Mitigations
Please note that as of the date of this publication, it is unclear whether the initial mitigations proposed by Intel will affect systems performance. Therefore, we recommend proceeding with caution if customers decide to apply patches to critical and/or performance-constrained systems. If customers elect to apply recommended patches and/or mitigations, we strongly recommend evaluating the impact of those measures in a Test and Development environment or on an offline infrastructure.
Pro-face continues to monitor and track vendor research into this vulnerability to determine appropriate actions to be taken. We advise customers to refer immediately to Intel’s Security Center webpage for further information and guidance:
- Microarchitectural Data Sampling Advisory
- Deep Dive: Intel Analysis of Microarchitectural Data Sampling
More References:
Questions
If you have any questions, please contact Technical Support.