EcoStruxure IT forum
A support forum for Data Center Operation, Data Center Expert, and EcoStruxure IT product users to share knowledge on installation, configuration, and general product use.
Posted: 2020-09-02 12:55 AM
Hi Team,
I hope you all keeping safe 🙂
We have a customer that we deployed DCE and DCO, they have a number of devices being monitored including UPS, PDU and NetBotz.
They sent us Treck TCP/IP stack multiple vulnerabilities to address on the mentioned devices being monitored, their solution to this issues is 'Confirm if you have applied the patches from the vendor for the Ripple20 vulnerabilities, Apply the relevant patches as they become available'.
Kindly anyone who has had to address this, please assist.
Thank you
Regards
Felix
Posted: 2020-09-02 07:18 AM . Last Modified: 2020-09-02 07:20 AM
Posted: 2020-09-02 07:18 AM . Last Modified: 2020-09-02 07:20 AM
Hi Felix,
A new version of firmware for impacted devices will be released shortly, this will address the Ripple20 issues. The first devices to get the update will be the with the NMC2 for Smart-UPS, followed by the rPDUg2 range.
In terms of mitigation the advice is as always to follow best practice when securing your critical power infrastructure. We recommend separation of infrastructure assets from the main IT networks through the use of separate switches, VLANs or using the private network on the DCE server. Customers should be using up to date firewalls with intrusion prevention scanning all traffic between the IT and infrastructure networks where NMCs are located. Access to these networks should only be provided to trusted personal.
It might be a good idea to keep an eye on the following link for updates:
https://www.apc.com/ie/en/faqs/FA410359/
Also note that DCE, DCO and most Botz are not impacted with the 250 being the main exception.
-Gavan
Posted: 2020-09-02 07:18 AM . Last Modified: 2020-09-02 07:20 AM
Posted: 2020-09-02 07:18 AM . Last Modified: 2020-09-02 07:20 AM
Hi Felix,
A new version of firmware for impacted devices will be released shortly, this will address the Ripple20 issues. The first devices to get the update will be the with the NMC2 for Smart-UPS, followed by the rPDUg2 range.
In terms of mitigation the advice is as always to follow best practice when securing your critical power infrastructure. We recommend separation of infrastructure assets from the main IT networks through the use of separate switches, VLANs or using the private network on the DCE server. Customers should be using up to date firewalls with intrusion prevention scanning all traffic between the IT and infrastructure networks where NMCs are located. Access to these networks should only be provided to trusted personal.
It might be a good idea to keep an eye on the following link for updates:
https://www.apc.com/ie/en/faqs/FA410359/
Also note that DCE, DCO and most Botz are not impacted with the 250 being the main exception.
-Gavan
Create your free account or log in to subscribe to the forum - and gain access to more than 10,000+ support articles along with insights from experts and peers.