Products

    Pages

        Security Advisories

        Filter by Tags

        Vulnerability
        Updated Date
        Threat
        Identifier
        How is Crestron Affected
        Resources
        CVE-2018-11229: OS COMMAND INJECTION
        08/09/18
        More information
        Threat:
        Crestron is aware of a vulnerability which allows for unauthenticated remote code execution via command injection in Crestron Toolbox Protocol (CTP).
        Identifier:
        This vulnerability has been assigned CVE identifier CVE-2018-11229.
        How is Crestron Affected:

        Minimum firmware version to address this vulnerability: v2.001.0037.001. Affected Devices:

        • TSW-1060
        • TSW-760
        • TSW-560
        • TSW-1060-NC
        • TSW-760-NC
        • TSW-560-NC
        CVE-2018-11229: UNAUTHENTICATED REMOTE CODE EXECUTION VIA COMMAND INJECTION IN CTP
        08/09/18
        More information
        Threat:
        Crestron is aware of a vulnerability with specific touch panels which allows for unauthenticated remote code execution via command injection. If authentication is enabled, the probability of exploit is lower as authentication is required.
        Identifier:
        This vulnerability has been assigned CVE identifier CVE-2018-11229.
        How is Crestron Affected:

        This vulnerability has been resolved in the current firmware and can be downloaded on the product page.

        Minimum firmware versions to address this vulnerability:

        • TSW-X60 Series use FW 2.0001.0037.001 or later
        • TSW-X52 Series use FW 1.004.0007 or later

        Affected Devices:

        • TSW-1060
        • TSW-760
        • TSW-560
        • TSW-1060-NC
        • TSW-760-NC
        • TSW-560-NC
        • TSW-552
        • TSW-752
        • TSW-1052
        • TSR-302
        • TST-602
        • TST-902
        • TSW-732
        • TSS-752
        • DMC-STR

        Additional products are being tested.

        Resources:
        CVE-2018-13341: ELEVATION OF PRIVILEGE IN CRESTRON TERMINAL PROTOCOL
        08/09/18
        More information
        Threat:
        Crestron TSW-XX60 touch panel devices were affected by a privilege-escalation vulnerability that could be exploited through access to administrative credentials in the device firmware. SUDO is a debug specific command that can only be issued by an authenticated ADMIN user/account. However, to eliminate any possible confusion, the supwdgenerator executable has been completely removed from the device and the original generation algorithm has been modified.
        Identifier:
        This vulnerability has been assigned CVE identifier CVE-2018-13341
        How is Crestron Affected:

        Minimum firmware version to address this vulnerability: v2.001.0037.001. Affected Devices:

        • TSW-1060
        • TSW-760
        • TSW-560
        • TSW-1060-NC
        • TSW-760-NC
        • TSW-560-NC
        KRACK
        08/09/18
        More information
        Threat:

        It has been reported that there several vulnerabilities in the WiFi Protected Access II Protocol (WPA2).

        The vulnerabilities make it possible for attackers to eavesdrop on WiFi traffic.

        Please see the following CVE reports for additional information: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, and CVE-2017-13088.

        Identifier:
        N/A
        How is Crestron Affected:

        This vulnerability is a protocol level vulnerability and as such affects nearly all correct implementations of the firmware.

        The following devices are affected:

        • CEN-WAP-1500
        • CEN-WAP-ABG-1G
        • CEN-WAP-ABG-CM
        • TSR-302 - Resolved in Version 1.004.0007
        • TST-602 - Resolved in Version 1.004.0007
        • TST-902 - Resolved in Version 1.004.0007

        Other Crestron WiFi products do not support WPA2 and as such are not affected.

        If any of the CEN-WAP products are used with non-Crestron products, all unencrypted information should be considered at risk. Use HTTPS and other secure protocols until a fix is available.

        Most traffic between the TSR-302, TST-602, TST-902 and the control system is over Crestron Extended Range 2.4 GHz RF (ER) and is thus unaffected. However, WiFi communications are used for some additional functions (such as video playback, intercom, etc.) and could be vulnerable. Crestron is actively working towards a fix.

        If you are using a non-Crestron WAP you should also check with the vendor for updates.

        A notable risk is that the following UI Applications use direct connections and could be intercepted and potentially spoofed:

        • Media Player Object
        • All Pyng Objects
        • TV Presets Object

        Two possible mitigations exist:

        1. Remove the UI Applications from devices.
        2. Disable WiFi on the Remotes. This will allow the UI Applications to still run but will disable other features (such as streaming video, intercom, graphics). Note that performance of the applications will also be affected.

        It is recommended that all installations follow the Secure Deployment Guide found in Online Help ID 5571. This will enable additional encryption on the device. This will not remove the risk noted regarding the UI Applications by itself.

        Resources:
        CVE-2017-16709: REMOTE CODE EXECUTION VULNERABILITY
        06/19/18
        More information
        Threat:
        Crestron is aware of a vulnerability in the AM-100 and AM-101 units that allows for remote code execution. Authentication as an administrator is required for an attacker to use this exploit.
        Identifier:
        This vulnerability has been assigned CVE identifier CVE-2017-16709.
        How is Crestron Affected:

        This vulnerability has been resolved in the current firmware and can be downloaded on the product page.

        Minimum firmware version to address this vulnerability: 2.7.0 (AM-101) and 1.6.0 (AM-100)Affected Devices:

        • AM-101
        • AM-100
        Resources:
        CVE-2017-16710: CROSS-SITE SCRIPTING VULNERABILITY
        06/19/18
        More information
        Threat:
        Crestron is aware of a vulnerability in the AM-100 and AM-101 units that allows for cross-site scripting. Authentication as an administrator is required for an attacker to use this exploit.
        Identifier:
        This vulnerability has been assigned CVE identifier CVE-2017-16710.
        How is Crestron Affected:

        This vulnerability has been resolved in the current firmware and can be downloaded on the product page.

        Minimum firmware version to address this vulnerability: 2.7.0 (AM-101) and 1.6.0 (AM-100). Affected Devices:

        • AM-101
        • AM-100
        Resources:
        CVE­-2018-­5553: CRESTRON DGE-­100 CONSOLE COMMAND INJECTION
        06/04/18
        More information
        Threat:
        Crestron is aware of a vulnerability with the DGE-100, DM-DGE-200-C, and TS-1542-C devices which allows for console command injection. If authentication is enabled, the probability of exploit is lower as authentication is required.
        Identifier:
        This vulnerability has been assigned CVE identifier CVE-2018-5553.
        How is Crestron Affected:

        This vulnerability has been resolved in the current firmware and can be downloaded on the product page.

        Minimum firmware version to address this vulnerability: 1.3384.00059.001

        Affected Devices:

        • DGE-100
        • TS-1542-C
        • DM-DGE-200-C
        Resources:
        DM-NVX PASSWORD VULNERABILITY
        04/23/18
        More information
        Threat:
        Crestron is aware of a DM-NVX password vulnerability, which affects custom passwords created with firmware version 1.3547.00018 or earlier. This issue has been resolved with firmware version 1.3626.00053. After upgrading, it is recommended to resubmit or change the password of the DM-NVX if using a password other than the default.
        Identifier:
        N/A
        How is Crestron Affected:

        Crestron's DM-NVX had a password vulnerability in firmware version 1.3547.00018 and earlier. Due to this vulnerability passwords were authenticated with only eight (8) characters. Therefore, characters after the first eight (8) were discarded and ignored. After upgrading it is recommended to resubmit or change the password for user accounts.

        If attempting to downgrade from 1.3626.00053 to an earlier version of firmware, the DM-NVX will be automatically restored due to this vulnerability.

        Resources:
        MELTDOWN
        01/08/18
        More information
        Threat:
        Crestron is aware of new CPU Vulnerability known as Meltdown (CVE-2017-5754) which affects Intel and ARM based processors. This vulnerability allows a hacker to read system memory that may not otherwise be accessible.
        Identifier:
        N/A
        How is Crestron Affected:
        1. Crestron's Cloud Services which include Fusion Cloud, the Crestron Cloud Provisioning Tool and MyCrestron have been patched by Microsoft as of 1/4/2018. For more details on the patch, see: https://azure.microsoft.com/en-us/blog/securing-azure-customers-from-cpu-vulnerability/
        2. On Premise Servers running Crestron Fusion should be patched according to Microsoft recommendations. Crestron Fusion itself does not require an update.
        3. 3 Series Processors are not known to be affected by Meltdown.
        4. 2 Series processors are not affected by Meltdown as they do not use ARM, Intel or AMD based components.
        5. These devices (Mercury, DGE-100, DGE-200, TS-1542, DMPS-4K-250, DMPS-4K-350 and DM-TXRX-100-STR) have the potential to be affected by a variant of Meltdown. However, as stated by ARM, it is not believed that software mitigations for this issue are necessary. Please download the ARM’s Cache Speculation Side-channels whitepaper for more details.
        6. All TSW Series, TST Series, TSR Series, TPMC-4 Series and TPMC-9 Series are not affected by Meltdown.
        7. No DigitalMedia products are known to be affected by Meltdown.
        8. No Audio Products are known to be affected by Meltdown.
        9. AirMedia (AM-100/101) is not known to be vulnerable by Meltdown.
        10. All Lighting and Shade specific products are not affected by Meltdown.
        11. Affected Conferencing Products include CCS-UC-CODEC-100, CCS-UC-CODEC-200, Crestron SR, and Mercury. Because of additional security implementations on these devices we believe this to be a low risk issue. Crestron is working with Microsoft to provide patches on these devices.

        Products not listed here are pending additional review or discontinued. Crestron will be providing additional information and patches as they become available.

        SPECTRE
        01/08/18
        More information
        Threat:
        Crestron is aware of new CPU Vulnerabilities known as Spectre (CVE-2017-5753, CVE-2017-5715) which affect Intel, and ARM based processors. This vulnerability allows a hacker to read system memory that may not otherwise be accessible.
        Identifier:
        N/A
        How is Crestron Affected:
        1. Crestron's Cloud Services which include Fusion Cloud, the Crestron Cloud Provisioning Tool and MyCrestron are currently affected as no patches have been published by Microsoft to specifically mitigate the Spectre Vulnerability. For more details, see: https://azure.microsoft.com/en-us/blog/securing-azure-customers-from-cpu-vulnerability/
        2. On Premise Servers running Crestron Fusion should be patched according to Microsoft recommendations. Crestron Fusion itself does not require an update.
        3. Affected Control Systems include the PRO3, AV3, CP3, CP3N, RMC3, FT-TSC600, PYNG-HUB, TSCW-730, ZUM-FLOOR-HUB DIN-AP3MEX and DIN-AP3. This vulnerability is considered low risk for processors as it’s a second level vulnerability (requires system access which is traditionally not available). It is recommended that you follow Crestron’s Secure Deployment Guidelines to reduce exposure (OLH 5571). The MC3 and TPCS are not affected by Spectre.
        4. 2 Series processors are not known to be affected by Spectre as they do not use ARM, Intel or AMD based components.
        5. Affected Interfaces include the TSW-1060, TSW-760, TSW-560, TSW-1052, TSW-752, TSW-552, TSS-752, TSW-732, TSW-1050, TSW-750, TSW-730, TSW-550, TSR-302, TSR-310, TST-902, TST-602, DGE-100, DGE-200, TS-1542, and FT-TS600. This vulnerability is considered low risk for interfaces as it’s a second level vulnerability (requires system access which is traditionally not available). It is recommended that you follow Crestron’s Secure Deployment Guidelines to reduce exposure. Additionally to minimize exposure, it would be recommended to avoid implementing the Chrome browser in touchpanel projects.

        6. TPMC-4 Series and TPMC-9 Series are not affected by Spectre.
        7. Affected DigitalMedia products include NVX, DMPS3 Series, DM-STR, DM-MD64x64, DM-MD128x128 and DM-TXRX-100-STR. This vulnerability is considered low risk for DigitalMedia as it’s a second level vulnerability (requires system access which is traditionally not available). It is recommended that you follow Crestron’s Secure Deployment Guidelines to reduce exposure.

        8. Audio Products affected by Spectre include the DSP-1280, DSP-1281, DSP-1282, DSP-1283, DSP-860, AMP-8075 and AMP-8150. This vulnerability is considered low risk for Audio Products as it’s a second level vulnerability (requires system access which is traditionally not available). It is recommended that you follow Crestron’s Secure Deployment Guidelines to reduce exposure.

        9. AirMedia (AM-100/101) is not known to be vulnerable by Spectre.

        10. All Lighting and Shade specific products are not affected by Spectre.

        11. Affected Conferencing Products include CCS-UC-CODEC-100, CCS-UC-CODEC-200, Crestron SR, and Mercury. Because of additional security implementations on these devices we believe this to be a low risk issue. Crestron is working with Microsoft to provide patches on these devices.

        Products not listed here are pending additional review or discontinued. Crestron will be providing additional information and patches as they become available.

        |<  <   1 2 3    >  >| Pages: 2 of 3