The security researchers of the US company Forescout Research Labs yesterday announced the results of their investigations into 33 new security vulnerabilities in four open source TCP/IP stacks, named AMNESIA:33 . Some of these vulnerabilities threaten the security of a large number of devices ranging from IoT systems (particularly affected), network devices such as switches and routers, to operating systems for embedded devices and building automation systems such as access controls. More than 150 manufacturers are affected by this security gap, which can be misused as a gateway into complete networks.
The affected (operating) systems that use the vulnerable stacks are listed in the report www.forescout.com/company/resources/amnesia33-how-tcp-ip-stacks-breed-critical-vulnerabilities-in-iot-ot-and-it-devices/ on page 8.
Since the symmedia Plug&Work Industrial Boxes run on the Linux operating system, they are not affected by AMNESIA:33. Also the WLAN connection cannot be used as access for Amnesia:33, because only WLAN SoCs (Silicon-on-Chip - All-In-One with CPU, RAM, Storage) with integrated TCP/IP stack are affected. symmedia uses a WLAN chip without its own TCP/IP stack and controls it via the TCP/IP stack of CentOS.
Further information can be found at www.bsi.bund.de/DE/Presse/Kurzmeldungen/Meldungen/Amnesia_201208.html