Products

    Pages

        Security Advisories

        Filter by Tags

        Vulnerability
        Updated Date
        Threat
        Identifier
        How is Crestron Affected
        Resources
        CVE­-2018-­5553: CRESTRON DGE-­100 CONSOLE COMMAND INJECTION
        06/04/18
        More information
        Threat:
        Crestron is aware of a vulnerability with the DGE-100, DM-DGE-200-C, and TS-1542-C devices which allows for console command injection. If authentication is enabled, the probability of exploit is lower as authentication is required.
        Identifier:
        This vulnerability has been assigned CVE identifier CVE-2018-5553.
        How is Crestron Affected:

        This vulnerability has been resolved in the current firmware and can be downloaded on the product page.

        Minimum firmware version to address this vulnerability: 1.3384.00059.001

        Affected Devices:

        • DGE-100
        • TS-1542-C
        • DM-DGE-200-C
        Resources:
        DM-NVX PASSWORD VULNERABILITY
        04/23/18
        More information
        Threat:
        Crestron is aware of a DM-NVX password vulnerability, which affects custom passwords created with firmware version 1.3547.00018 or earlier. This issue has been resolved with firmware version 1.3626.00053. After upgrading, it is recommended to resubmit or change the password of the DM-NVX if using a password other than the default.
        Identifier:
        N/A
        How is Crestron Affected:

        Crestron's DM-NVX had a password vulnerability in firmware version 1.3547.00018 and earlier. Due to this vulnerability passwords were authenticated with only eight (8) characters. Therefore, characters after the first eight (8) were discarded and ignored. After upgrading it is recommended to resubmit or change the password for user accounts.

        If attempting to downgrade from 1.3626.00053 to an earlier version of firmware, the DM-NVX will be automatically restored due to this vulnerability.

        Resources:
        MELTDOWN
        01/08/18
        More information
        Threat:
        Crestron is aware of new CPU Vulnerability known as Meltdown (CVE-2017-5754) which affects Intel and ARM based processors. This vulnerability allows a hacker to read system memory that may not otherwise be accessible.
        Identifier:
        N/A
        How is Crestron Affected:
        1. Crestron's Cloud Services which include Fusion Cloud, the Crestron Cloud Provisioning Tool and MyCrestron have been patched by Microsoft as of 1/4/2018. For more details on the patch, see: https://azure.microsoft.com/en-us/blog/securing-azure-customers-from-cpu-vulnerability/
        2. On Premise Servers running Crestron Fusion should be patched according to Microsoft recommendations. Crestron Fusion itself does not require an update.
        3. 3 Series Processors are not known to be affected by Meltdown.
        4. 2 Series processors are not affected by Meltdown as they do not use ARM, Intel or AMD based components.
        5. These devices (Mercury, DGE-100, DGE-200, TS-1542, DMPS-4K-250, DMPS-4K-350 and DM-TXRX-100-STR) have the potential to be affected by a variant of Meltdown. However, as stated by ARM, it is not believed that software mitigations for this issue are necessary. Please download the ARM’s Cache Speculation Side-channels whitepaper for more details.
        6. All TSW Series, TST Series, TSR Series, TPMC-4 Series and TPMC-9 Series are not affected by Meltdown.
        7. No DigitalMedia products are known to be affected by Meltdown.
        8. No Audio Products are known to be affected by Meltdown.
        9. AirMedia (AM-100/101) is not known to be vulnerable by Meltdown.
        10. All Lighting and Shade specific products are not affected by Meltdown.
        11. Affected Conferencing Products include CCS-UC-CODEC-100, CCS-UC-CODEC-200, Crestron SR, and Mercury. Because of additional security implementations on these devices we believe this to be a low risk issue. Crestron is working with Microsoft to provide patches on these devices.

        Products not listed here are pending additional review or discontinued. Crestron will be providing additional information and patches as they become available.

        SPECTRE
        01/08/18
        More information
        Threat:
        Crestron is aware of new CPU Vulnerabilities known as Spectre (CVE-2017-5753, CVE-2017-5715) which affect Intel, and ARM based processors. This vulnerability allows a hacker to read system memory that may not otherwise be accessible.
        Identifier:
        N/A
        How is Crestron Affected:
        1. Crestron's Cloud Services which include Fusion Cloud, the Crestron Cloud Provisioning Tool and MyCrestron are currently affected as no patches have been published by Microsoft to specifically mitigate the Spectre Vulnerability. For more details, see: https://azure.microsoft.com/en-us/blog/securing-azure-customers-from-cpu-vulnerability/
        2. On Premise Servers running Crestron Fusion should be patched according to Microsoft recommendations. Crestron Fusion itself does not require an update.
        3. Affected Control Systems include the PRO3, AV3, CP3, CP3N, RMC3, FT-TSC600, PYNG-HUB, TSCW-730, ZUM-FLOOR-HUB DIN-AP3MEX and DIN-AP3. This vulnerability is considered low risk for processors as it’s a second level vulnerability (requires system access which is traditionally not available). It is recommended that you follow Crestron’s Secure Deployment Guidelines to reduce exposure (OLH 5571). The MC3 and TPCS are not affected by Spectre.
        4. 2 Series processors are not known to be affected by Spectre as they do not use ARM, Intel or AMD based components.
        5. Affected Interfaces include the TSW-1060, TSW-760, TSW-560, TSW-1052, TSW-752, TSW-552, TSS-752, TSW-732, TSW-1050, TSW-750, TSW-730, TSW-550, TSR-302, TSR-310, TST-902, TST-602, DGE-100, DGE-200, TS-1542, and FT-TS600. This vulnerability is considered low risk for interfaces as it’s a second level vulnerability (requires system access which is traditionally not available). It is recommended that you follow Crestron’s Secure Deployment Guidelines to reduce exposure. Additionally to minimize exposure, it would be recommended to avoid implementing the Chrome browser in touchpanel projects.

        6. TPMC-4 Series and TPMC-9 Series are not affected by Spectre.
        7. Affected DigitalMedia products include NVX, DMPS3 Series, DM-STR, DM-MD64x64, DM-MD128x128 and DM-TXRX-100-STR. This vulnerability is considered low risk for DigitalMedia as it’s a second level vulnerability (requires system access which is traditionally not available). It is recommended that you follow Crestron’s Secure Deployment Guidelines to reduce exposure.

        8. Audio Products affected by Spectre include the DSP-1280, DSP-1281, DSP-1282, DSP-1283, DSP-860, AMP-8075 and AMP-8150. This vulnerability is considered low risk for Audio Products as it’s a second level vulnerability (requires system access which is traditionally not available). It is recommended that you follow Crestron’s Secure Deployment Guidelines to reduce exposure.

        9. AirMedia (AM-100/101) is not known to be vulnerable by Spectre.

        10. All Lighting and Shade specific products are not affected by Spectre.

        11. Affected Conferencing Products include CCS-UC-CODEC-100, CCS-UC-CODEC-200, Crestron SR, and Mercury. Because of additional security implementations on these devices we believe this to be a low risk issue. Crestron is working with Microsoft to provide patches on these devices.

        Products not listed here are pending additional review or discontinued. Crestron will be providing additional information and patches as they become available.

        AUTHENTICATION FAILURE IN TSW‑x60
        11/14/17
        More information
        Threat:
        By definition, devices that do not have authentication enabled are not affected
        Identifier:
        N/A
        How is Crestron Affected:

        Crestron is aware of a flaw in the authentication model of the following products:

        TSW-560, TSW-560P, TSW-760, TSW-1060, TSW-560-NC, TSW-760-NC, TSW-1060-NC running the following versions 1.002.0016.001, 1.002.0028.001, 1.003.0052.001.

        A hacker can gain access to the device configuration pages using invalid credentials. It should be noted that the vulnerability only allows access to the configuration of the device and thus possibly render the device inoperable or inaccessible.

        Crestron has posted an updated version of the firmware to address this problem:

        • If you are running version 1.002.0016 or 1.002.0028, please update to version 1.002.0029.
        • If you are running version 1.003.0052, please update to version 1.003.0054.

        If you previously disabled the webserver to mitigate this issue you may re-enable it using the command WEBSERVER ON, followed by a REBOOT.

        Resources:
        BLUEBORNE
        10/26/17
        More information
        Threat:
        It has been reported that a new attack vector called BlueBorne can potentially affect all devices with Bluetooth capabilities running major mobile, desktop, and IoT operating systems, including Android, iOS, Windows, and Linux. By spreading through the air, BlueBorne targets the weakest spot in the networks' defense – and the only one that no security measure protects.
        Identifier:
        N/A
        How is Crestron Affected:

        The only Crestron device that currently exposes a Bluetooth interface is the Crestron Mercury Tabletop Conference System.

        Mercury uses a BlueTooth module which incorporates a proprietary operating system (not Android, iOS, Windows or Linux) and therefore is not susceptible to the BlueBorne attack. Furthermore, all Bluetooth profiles are kept inactive during normal operation of the device, requiring explicit user intervention to enable paring and/or discovery to the device. As such, Mercury is not vulnerable to the BlueBorne attack vector.

        WANNACRY
        05/18/17
        More information
        Threat:

        There are several vulnerabilities in Microsoft's implementation of SMBv1 on Windows. Microsoft addressed these in Microsoft Security Bulletin MS17-010 in March 2017. This bulletin refers to the following CVE identifiers: CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, CVE-2017-0147, and CVE-2017-0148

        The most severe of the vulnerabilities could allow remote code execution if an attacker sends specially crafted messages to a Microsoft Server Message Block 1.0 (SMBv1) server. SMB is a protocol mainly used for providing shared access to files and devices between nodes on a network.

        Identifier:
        N/A
        How is Crestron Affected:

        Platforms not affected

        Products running Windows CE 6 and Windows Embedded Compact 7 are not affected by the WannaCry malware package.

        PRO3, CP3, CP3N, AV3, DMPS 3-Series (all models), DM-64X64, DM-128X128, RMC3, DIN-AP3, TSW-550, TSW-750, TSW-1050, TSM-730

        • Only code signed with Crestron certificates can execute on these devices.
        • These devices cannot execute x86 native code and so are not vulnerable to the WannaCry malware.
        • The SMB file server is not enabled and so they are not vulnerable to the original ETERNALBLUE exploit.
        • NOTE: It is not clear that the vulnerability exists in the Embedded Compact SMB implementation in the first place but as noted it is disabled anyway.

        TPMC-4SM, TPMC-9, TST-600

        • Only code signed with Crestron certificates can execute on these devices.
        • These devices cannot execute x86 native code and so are not vulnerable to the WannaCry malware.
        • The SMB ports are open but there is no notice of this implementation being vulnerable to the original ETERNALBLUE exploit.

        MC3, TPCS-4SM

        • Only code signed with Crestron certificates can execute on these devices.
        • These devices cannot execute x86 native code and so are not vulnerable to the WannaCry malware.

        Platforms potentially affected

        Crestron also has devices using XP Embedded and Windows Embedded Standard 7.

        DGE-2, DGE-1, TPMC-V12, TPMC-V15

        • These products have the SMB ports closed by default and so are not vulnerable under normal installation.
        • In the event the device does become infected; a reboot will clean it up.
        • Please install the following update service pack which includes Microsoft KB4012598
          • DGE-1 Use dge-1-osp_1.1.10.zip or higher
          • DGE-2 Use dge-2_1.01.10.puf or higher
          • TPMC-V12/15 Use tpmc-v12_tpmc-v15_1.01.008.puf or higher

        TPMC-8X-GA

        TPMC-8X-GA Use tpmc-8x-ga-osp_1.1.10.zip or higher.

        • NOTE: This product has SMB ports open by default and should be considered at risk.
        • In the event the devices does become infected, a reboot will clean it up.
        • Please install the following updated service pack which includes Microsoft KB4012598.

        TPMC-8X, TPMC-8L

        • NOTE: This product has SMB ports open by default and should be considered at risk.
        • In the event the devices does become infected, a reboot will clean it up.
        • Please install the following updated service pack which forces the SMB ports closed regardless of any other settings.
          • Upgrade firmware to version 2.00.02.219 or above. 2.00.02.221 is the latest release at this writing.
          • Install new service pack tpmc-8x-tpmc-8l-firewall_1.0.0.zip.
          • Ensure firewall is enabled using the console command: FIREWALL

        ADMS, ADMS-BR, ADMS-G2

        These products have the SMB ports closed by default and so are not vulnerable under default installation. If file sharing options are enabled the device should be considered at risk.

        Crestron RL (Version 1 and 2)

        • Crestron RL products disallow arbitrary applications to be executed and so are not vulnerable.
        • These products have the SMB ports closed by default and so are not vulnerable under normal installation.
        • Notwithstanding these protections, Microsoft has provided a security update for Crestron RL products – https://techcommunity.microsoft.com/t5/Skype-for-Business-Blog/Skype-for-Business-15-15-9-Security-Update-for-Crestron-RL/ba-p/70432
        • This has been posted in CCS-UC-200 ver. 15.15.09 and CCS-UC-100 ver. 15.15.09

        CEN-FUSION-SERVER-R330, CEN-FUSION-RVS-R310, CEN-FUSION-R320, CEN-RVS-R210, CEN-RVS-R320

        Please follow Microsoft guidance for Windows Server Products: https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

        NOTE: No other current Crestron products have been found to be affected by the WannaCry malware.

        SSL 3.0 PROTOCOL VULNERABILITY
        06/30/16
        More information
        Threat:

        As per TA14-290A, all systems and applications utilizing the Secure Socket Layer (SSL) 3.0 with cipher-block chaining (CBC) mode ciphers may be vulnerable. However, the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack demonstrates this vulnerability using web browsers and web servers, which is one of the most likely exploitation scenarios.

        Later, this vulnerability was extended to certain TLS 1.0 and TLS 1.1 implementations.

        Identifier:
        N/A
        How is Crestron Affected:
        1. The most likely exploitation is via web browsers and servers, which is not a high use case on Crestron equipment. In addition, the exploitation is most commonly implemented as a Man-in-the-Middle attack which is also less likely given the way most Crestron systems are put together.
        2. Crestron has deprecated support for SSL 3.0 and relies only on TLS which does not have this vulnerability. The console command "SSL" supports the following options: TLSSSL, TLSONLY, TLS1.2ONLY.
        3. Crestron does implement the protocol extension, TLS_FALLBACK_SCSV, which prevents MITM attackers from being able to force a protocol downgrade.
        4. Crestron's implementation of TLS 1.0 and TLS 1.1 was proven not to expose this vulnerability using the Qualys SSL Labs SSL Server test.
        FLASH
        07/08/15
        More information
        Threat:
        As per CVE-2015-5119, there is a use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a ValueOf function, as exploited in the wild in July 2015.
        Identifier:
        N/A
        How is Crestron Affected:

        All shipping products were reviewed and the following notes are applicable:

        1. The Smart Graphics installation package contains an affected version of the Adobe Flash Player for Internet Explorer. This will be updated in the next release. In the meanwhile, users may update their own systems via the normal means. This only affects developer’s own systems and no Crestron products.
        2. The following products support an embedded browser control which supports Flash: DGE-1, DGE-2, TPMC-8X, TPMC-8X-GA, TPMC-V12, TPMC-V15. However, the version of Flash installed on these products is not a version affected. In addition, if the user project on the system does not support browsing to arbitrary sites, the systems are not affected. Note that this does not affect Smart Graphics projects.
        GNU GLIBC BUFFER OVERFLOW IN DNS RESOLVER
        03/05/15
        More information
        Threat:
        According to a Google security blog post, and documented in CVE-2015-7547, the glibc DNS client side resolver is vulnerable to a stack-based buffer overflow when the getaddrinfo() library function is used. Software using this function may be exploited with attacker-controlled domain names, attacker-controlled DNS servers, or through a man-in-the-middle attack. All versions from 2.9 (originally released November 2008) to 2.22 appear to be affected.
        Identifier:
        N/A
        How is Crestron Affected:
        All shipping products were reviewed and no shipping products are affected by this report.
        |<  <   1 2 3 4 5 6    >  >| Pages: 5 of 6

        Subscribe to get notifications on the latest security updates