OMG DDS vulnerabilities

17 November 2021
General info
No Comments

Object Management Group (OMG) Data-Distribution Service (DDS) implementation issues exposing numerous vendor systems. Some patches are available. CISA recommends to

Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.
Locate control system networks and remote devices behind firewalls, and isolate them from the business network.
When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.

The following vendors are affected:

Eclipse CycloneDDS: All versions prior to 0.8.0
eProsima Fast DDS: All versions prior to 2.4.0 (#2269)
GurumNetworks GurumDDS: All versions
Object Computing, Inc. (OCI) OpenDDS: All versions prior to 3.18.1
Real-Time Innovations (RTI) Connext DDS Professional and Connext DDS Secure: Versions 4.2x to 6.1.0
RTI Connext DDS Micro: Versions 3.0.0 and later
TwinOaks Computing CoreDX DDS: All versions prior to 5.9.1

Post Tags :

System

Post Tags :

Siemens Nucleus Vulnerabilities

Mandatory Security Monitoring for Electric Grid

Information

Quick Links

Company

OMG DDS vulnerabilities

Post Tags :

Social Share :

Siemens Nucleus Vulnerabilities

Mandatory Security Monitoring for Electric Grid

Information

Quick Links

Company