PCD Firmware 1.28.16 or 1.24.69 fix the Ethernet frame padding information leakage

FAQ #102011

This Firmware do fix the issue CVE-2017-9628 related to Ethernet frame padding information leakage.
To avoid any problems in relation to this leakage we do recommend strongly to update to the latest Firmware
1.28.16 / 1.24.69 or newer as mentioned on the security upgrade section on this web-page.

Impact of the CVE-2017-9628
IEEE 802 specifies that packets have a minimum size of 56 bytes.
The Ethernet driver is expected to fill the data field with octets of zero for padding when packets are less than 56 bytes.
Resident memory and other data are used for padding in some implementations that could cause information leakage.
This attack is passive; the attacker can only see data that the affected devices sent out as part of a packet.

Vulnerability overview of the CVE-2017-9628
The previous implementation of firmware allowed other data from a known area of memory to be used in this field and could exfiltrate or leak data.

 

Categories

PCD1 / _Firmware Classic

PCD2 / _Firmware Classic

PCD3 / _Firmware Classic

Last update: 09.08.2017 16:02

First release: 09.08.2017 16:02

Views: 2

The requested software / document is no longer marketed by Saia-Burgess Controls AG and without technical support. It is an older software version which can be operated only on certain now no longer commercially available products.

Download