Ripple20 vulnerabilities in the Treck TCP/IP stack

A number of vulnerabilities, collectively known as Ripple20, exist in Treck Inc.'s embedded TCP/IP stack and are used in Schneider Electric devices.

How is EcoStruxure IT Gateway software affected by Ripple20?

None of the Ripple20 vulnerabilities exist in the EcoStruxure IT Gateway software.

How is the EcoStruxure IT Gateway Appliance affected?

There are two Gateway Appliances, each on a different platform: the NUC and the Dell PowerEdge, Schneider Electric SKUs INNUC0119 and DLPE301118, respectively. 

Dell states that their servers are not affected.

SimplyNUC, the NUC's hardware vendor, confirms that the NUC is not affected.  

Mitigation

No specific mitigation for Ripple20 is necessary for the EcoStruxure IT Gateway software or the Gateway Appliances.

Do not disable DNS on the Gateway Appliance or the computer the Gateway is running on. 

DNS is required for communication with the cloud-based services.

Mitigation for the known affected devices is documented in these Schneider Electric notifications:

Security Notification - APC by Schneider Electric Network Management Cards

Treck TCP/IP Vulnerabilities (Ripple20)

Security Notification – Treck TCP/IP Vulnerabilities

How can EcoStruxure IT Expert help mitigate Ripple20?

• Connect vulnerable devices to a private network and monitor using EcoStruxure IT Gateway. See EcoStruxure IT Gateway in a Secure Network Architecture

• Use the Device Configuration feature in IT Expert to set DNS servers to 0.0.0.0 on all impacted NMCs and use static IP addresses for all servers the NMC will connect to.

• Once new firmware is available for the affected NMCs, use the Firmware Update feature in IT Expert to easily push out the new firmware to affected devices.

See also

https://www.apc.com/secure-nmc

APC FAQ FA410359