Notice Important Notice

Important announcement to customers who are using Pro-face Industrial PC products and Smart portal SP5000 Series Open BOX module

Posted: May 28, 2019

Thank you very much for your continuous use of Pro-face products.

We are aware of a security vulnerability in a wide range of Intel CPUs that may allow information disclosure. If exploited, the Microarchitectural Data Sampling (MDS) vulnerability, also named ZombieLoad, FallOut, and RIDL, would allow a malicious user who can locally execute code on a system to collect and analyze large amounts of protected data. Pro-face continues to assess the MDS vulnerability impact on our offers. In the meantime, we advise customers to refer immediately to Intel's security updates webpage for further information and guidance.

Description of the Issue

Desktop, laptop, and virtual computers could be affected by the MDS vulnerability.

Please refer to Intel's MDS table in the Deep Dive: CPUID Enumeration and Architectural MSRs (link is external) for a list of Intel processors that might be affected by MDS. Proof of concept exploit code has already been made public by the researchers who discovered this issue.

CVE-2018-12126, CVE-2018-12130, CVE-2018-12127, CVE-2019-11091 are the official vulnerability references for the MDS vulnerabilities.

Products Affected

Smart Portal

Product Name SP5000 Series
Product Module Open BOX Module (SP-5B40, SP-5B41)
 

Industrial Personal Computer (IPC)

Product Name PS5000 Series, PS4000 Series

Recommended Mitigations

Please note that as of the date of this publication, it is unclear whether the initial mitigations proposed by Intel will affect systems performance. Therefore, we recommend proceeding with caution if customers decide to apply patches to critical and/or performance-constrained systems. If customers elect to apply recommended patches and/or mitigations, we strongly recommend evaluating the impact of those measures in a Test and Development environment or on an offline infrastructure.

Pro-face continues to monitor and track vendor research into this vulnerability to determine appropriate actions to be taken. We advise customers to refer immediately to Intel’s Security Center webpage for further information and guidance:

More References:

Questions

If you have any questions, please contact Technical Support.