| Article No° | Product Name | Affected Version(s) |
|---|---|---|
| WEG500100170 | EG500Mk2-A11001-000101 | <= v1.5.3 |
| WEG500100290 | EG500Mk2-A11001-000201 | <= v1.5.3 |
| WEG500100160 | EG500Mk2-A11101-000101 | <= v1.5.3 |
| WEG500100280 | EG500Mk2-A12011-000101 | <= v1.5.3 |
| WEG500100190 | EG500Mk2-B11001-000101 | <= v1.5.3 |
| WEG500100180 | EG500Mk2-B11101-000101 | <= v1.5.3 |
| WEG500100270 | EG500Mk2-C11001-000101 | <= v1.5.3 |
| WEG500100260 | EG500Mk2-C11101-000101 | <= v1.5.3 |
| WEG500100020 | EG503L | <= v1.5.3 |
| WEG500100040 | EG503L_4GB | <= v1.5.3 |
| WEG500100130 | EG503L-G | <= v1.5.3 |
| WEG500100010 | EG503W | <= v1.5.3 |
| WEG500100030 | EG503W_4GB | <= v1.5.3 |
| WEG600100020 | EG602L | <= v1.5.3 |
| WEG600100010 | EG602W | <= v1.5.3 |
| WEG600100050 | EG603L Mk2 | <= v1.5.3 |
| WEG600100040 | EG603W Mk2 | <= v1.5.3 |
| WEG800100010 | EG802W | <= v1.5.3 |
| WEG800100040 | EG802W_i7_512GB_DinRail | <= v1.5.3 |
| WEG800100050 | EG802W_i7_512GB_w/o DinRail | <= v1.5.3 |
| WEG800100020 | EG804W | <= v1.5.3 |
Products from the Edge Gateway Family are affected by recently published so called RegreSSHion vulnerability.
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
The vulnerability can lead to unauthenticated remote code execution.
Mitigation
Disable SSH Access via CLI Command or Config Import locally or for a centrally managed device by changing the configuration in SMART EMS
Refer to eG OS manual chapter 4.26 for further information
Remediation
Update egOS on affected products to version v1.5.4 or later
Reported by Qualys Threat Research Unit (TRU)
CERT@VDE coordinated with Welotec GmbH