Summary
Several CPUs manufactured by Intel, AMD or based on ARM technology may leak information due to their internal operation if attacked by specifically written software executed on the affected systems.
The information in this advisory is based on the statements of respective manufacturers.
Impact
Microprocessors from Intel and AMD using the x86 architecture and some microprocessors using the ARM, PowerPC, and MIPS architecture may be susceptible to a group of attacks named Meltdown and Spectre. These attacks may lead to a (complete) disclosure of information in the memory of systems. Integrity and availability are not affected, but information gained using these weaknesses may be used in further attacks.
Meltdown [CVE-2017-5754] allows reading the complete memory of the attacked system using a specifically crafted executable code.
Spectre [version 1: CVE-2017-5753, version 2: CVE-2017-5715] allows reading the memory of other processes using a specifically crafted executable code or dynamic code as used in web browsers.
Only those systems can be affected that allow the installation/execution of custom code or load dynamic contents from foreign/untrusted sources. If only the root/administrative user can install/execute custom code, no additional risk exists, as the root/administrative user can read the information without exploiting this vulnerability. If a web browser can be used to view foreign web pages, the Spectre attack must be considered.
Systems that do not allow installation/execution of custom code are not affected.
Affected Product(s)
| Model no. | Product name | Affected versions |
|---|---|---|
| AXC 3051 | Firmware <= current version | |
| 2404267 | AXC F 2152 | Firmware <= current version |
| BL BPC 2000 | Firmware <= current version | |
| BL BPC 2001 | Firmware <= current version | |
| BL BPC 3000 | Firmware <= current version | |
| BL BPC 3001 | Firmware <= current version | |
| BL BPC 7000 | Firmware <= current version | |
| BL BPC 7001 | Firmware <= current version | |
| BL PPC 1000 | Firmware <= current version | |
| BL PPC 7000 | Firmware <= current version | |
| BL PPC12 1000 | Firmware <= current version | |
| BL PPC15 1000 | Firmware <= current version | |
| BL PPC15 3000 | Firmware <= current version | |
| BL PPC15 7000 | Firmware <= current version | |
| BL PPC17 1000 | Firmware <= current version | |
| BL PPC17 3000 | Firmware <= current version | |
| BL PPC17 7000 | Firmware <= current version | |
| BL RACKMOUNT 2U | Firmware <= current version | |
| BL RACKMOUNT 4U | Firmware <= current version | |
| BL2 BPC 1000 | Firmware <= current version | |
| BL2 BPC 2000 | Firmware <= current version | |
| BL2 BPC 7000 | Firmware <= current version | |
| BL2 PPC 1000 | Firmware <= current version | |
| BL2 PPC 2000 | Firmware <= current version | |
| BL2 PPC 7000 | Firmware <= current version | |
| DL PPC15 1000 | Firmware <= current version | |
| DL PPC15M 7000 | Firmware <= current version | |
| DL PPC18.5M 7000 | Firmware <= current version | |
| DL PPC21.5M 7000 | Firmware <= current version | |
| EL PPC 1000 | Firmware <= current version | |
| EL PPC 1000/M | Firmware <= current version | |
| EL PPC 1000/WT | Firmware <= current version | |
| TP 3000 | Firmware <= current version | |
| TP 3000/P | Firmware <= current version | |
| TP 3000/WT | Firmware <= current version | |
| TPM 3000 | Firmware <= current version | |
| VALUELINE IPC | Firmware <= current version | |
| VL BPC 1000 | Firmware <= current version | |
| VL BPC 2000 | Firmware <= current version | |
| VL BPC 3000 | Firmware <= current version | |
| VL IPC P7000 | Firmware <= current version | |
| VL PPC 2000 | Firmware <= current version | |
| VL PPC 3000 | Firmware <= current version | |
| VL2 BPC 1000 | Firmware <= current version | |
| VL2 BPC 2000 | Firmware <= current version | |
| VL2 BPC 3000 | Firmware <= current version | |
| VL2 BPC 7000 | Firmware <= current version | |
| VL2 BPC 9000 | Firmware <= current version | |
| VL2 PPC 1000 | Firmware <= current version | |
| VL2 PPC 2000 | Firmware <= current version | |
| VL2 PPC 3000 | Firmware <= current version | |
| VL2 PPC 7000 | Firmware <= current version | |
| VL2 PPC 9000 | Firmware <= current version | |
| VL2 PPC12 1000 | Firmware <= current version | |
| VL2 PPC7 1000 | Firmware <= current version | |
| VL2 PPC9 1000 | Firmware <= current version | |
| WP 3000 | Firmware <= current version |
Vulnerabilities
Expand / Collapse allSystems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
Remediation
On Industrial PCs and HMIs that operate with user installable or upgradable operating systems (mainly Windows) the latest version or update may be installed if required in the use case. As the update may have a performance impact, the application should be tested accordingly.
Acknowledgments
Phoenix Contact GmbH & Co. KG thanks the following parties for their efforts:
- CERT@VDE for coordination (see https://certvde.com )
- Jann Horn from Google Project Zero for publishing the Meltdown attack & Spectre attack on https://meltdownattack.com/
- Werner Haas, Thomas Prescher from Cyberus Technology for publishing the Meltdown attack on https://meltdownattack.com/
- Daniel Gruss, Moritz Lipp, Stefan Mangard, Michael Schwarz from Graz University of Technology for publishing the Meltdown attack on https://meltdownattack.com/
- Paul Kocher, Daniel Genkin from University of Pennsylvania and University of Maryland for publishing the Spectre attack on https://meltdownattack.com/
- Mike Hamburg from Rambus for publishing the Spectre attack on https://meltdownattack.com/
- Moritz Lipp from Graz University of Technology for publishing the Spectre attack on https://meltdownattack.com/
- Yuval Yarom from University of Adelaide and Data61 for publishing the Spectre attack on https://meltdownattack.com/
Revision History
| Version | Date | Summary |
|---|---|---|
| 1.0.0 | 23.03.2018 10:43 | Initial revision. |
| 2.0.0 | 14.05.2025 15:00 | Fix: added distribution |
| 2.0.1 | 01.10.2025 10:00 | Expressions errors were corrected in the acknowledgements. |