-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Multiple 3rd Party Denial-of-Service Vulnerabilities in StationGuard and StationScout < 2.0 - ------------------------------------------------------------------------------------------- Security Advisory ID: OSA-2 Release Date: 2021-12-15 Revision: 1.0 OMICRON Product Security Team | security@omicronenergy.com Summary - ----------------------------------------------------------------- StationGuard and StationScout < 2.0 are affected by vulnerabilities in 3rd party components that may allow a remote attacker to cause a denial-of-service of the device. Specially crafted input (e.g., files, network packets, ...) could crash a process that will be automatically restarted. This can affect the reliable operation of the device while the attack persists. The affected services could for example prevent communication from/to StationGuard and StationScout and StationGuard could miss alerts during that time. OMICRON has released a new software version of StationGuard and StationScout (version 2.0), which corrects this vulnerability. Affected OMICRON Products - ----------------------------------------------------------------- > StationGuard <2.0 on all platforms > StationScout <2.0 on all platforms Vulnerability Classification - ----------------------------------------------------------------- > Base Score: 7.5 > Risk Class: High > Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Security Advisory - ----------------------------------------------------------------- Mitigation: OMICRON has released a new software version of StationGuard and StationScout - version 2.0 - which corrects these vulnerabilities. Customers that are using the affected versions are recommended to install the latest update that is available in the customer portal (registration required). More information about StationGuard and StationScout, including the link to download them, can be found on https://www.omicronenergy.com/en/products/stationguard/ and https://www.omicronenergy.com/en/products/stationscout/ Workaround: Always use the latest version of StationGuard and StationScout. Furthermore, it is recommended to protect the TCP port 20499 against unauthorized access via firewall rules and/or VPN solutions. Only import files from trusted sources into StationScout and StationGuard. Acknowledgments - ----------------------------------------------------------------- None. -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEkPJvkWGGIuqv8Qag8BT0uMcuyBgFAmG5/6YACgkQ8BT0uMcu yBiCBBAAjbd2PUkkuNdSyl974yTnNgD9U6hw5gJeyB0HOX/hV4Zn05FBgDApoHBn WA90XleThbzkz8ArTO9i1fue2LBCxAXyn6ZSIFqQCobNNcVo5Uifo+bC39/c+RLz jLuykdZNUOZky3suk8/XkN7SaSQGhuUQbbQiWBZ7HDBADlglPK8MJHogNI9D7mrk NvhWfNxYU8v2snNB5FRbbx1l5RDgtaoXkJzzKti1MaMKqDilmai5870iQZlv+c/M yjjtqWWRxfJ68Oj0SZKuKxBE7OZItZJPmZQ7FF/qGtFB6cBotjtKaLPbEGsVXZfY h79NxG3kr6skGIRYHacoX+v5bRHU7iVfLTx6GaE7rhhIu9C05wiSBAUNrQFNOiXt mC2gGAiO7ZVIGzo1pNnSKgdy3wbkyS7JwO/Mf2l8fjOnqO6c9hsFN4dLNH9ofHRp PByTHe7E9GuBh/BDhceDTDJyInGDYrLpzc1rSlZcySyXfM+PzhA+w+2Vh8sVPIO+ jJQdkud9fh3Vq6Dnh7wkmfI8CjXpriunMlWjrk4T5VC4QpphRnYW6QvQ/NM9sJny /blnyv3a+8wvFQBdolTNNDGyDVXKm0RJeckvv/WmJiVmbmYEdKtzAWuPYSx7H/tw lKPmpHAqg7k7f1zZvBX3KdHbcK3WH4NDy8rnIM9Ixm9WiOjQX4E= =kjnf -----END PGP SIGNATURE-----