manufacturer of measuring instruments
English Česky Africa China Español Français Magyar Polski Sweden USA UAE

Security policy and Security Advisories

Security of our products is high priority for us. However, as we all know, no matter how much effort is put into product security, no product can be 100% secure. Using our security advisories want to provide customers with timely information and risk mitigation advices to minimize the risks associated with security threats. We recommend that customers use the latest available version of the software and firmware. Firmware and software updates should be downloaded from reputable sources only like a COMET webpages of directly obtained from technical support. Any questions related to COMET products and security threats may to be addressed to technical support.

 

How to report a potential security vulnerability

We wants to learn about any potential security issues impacting our products so that we can take the necessary steps to promptly address them. To report a potential securely vulnerability, please contact our security team via technical support. Your report should be in English. Because vulnerability information are extremely sensitive, do not provide them directly via email. Please contact us, and we will provide you secure way how to report them.

 

Report handling process

Once report is submitted, submitted report will be managed according to following process:

  1. Reporting new vulnerability - contact technical support about found potential security vulnerability. They will provide you a way how to securely sent details
  2. Evaluating - once we will acknowledge receiving of detail information about potential security vulnerability, we will analyse them to understand impact to COMET products
  3. Remediation - confirmed security issues will be mitigated by the appropriate actions
  4. Disclosure - where appropriate, we will disclose information about verified vulnerability by the security advisory or a bulletin

 

Public security advisories

Below is list of publicly provided security advisories. List may to contain commonly know CVE which does not have impact to COMET products.


DATE DESCRIPTION IMPACT TO COMET PRODUCTS

2022-02-16 Ping Utility Vulnerability
WiFi sensors Wx7xx (firmware version 10.0.3.0 and lower)
  CVE-2021-21966
It was found security vulnerability related to SoC used at WiFi sensors. This vulnerability affects Ping utility inside http server. We have confirmed that WiFi sensors with firmware version 10.0.3.0 and lower are affected by this vulnerability. From this reason we strongly recommand to update firmware to 10.0.4.0 or higher. Latest firmware for WiFi sensors is available at COMET webpages.

2022-02-07 Samba vulnerability No impact
  CVE-2021-44142
COMET does not use Samba (open-source implementation of SMB protocol) at any end-users software or firmware. No additional measures in relation to COMET devices or software are required.

2021-12-13 Apache Log4j 2.x vulnerabilities No impact
  CVE-2021-44228, CVE-2021-45046, CVE-2021-45105
COMET does not use Log4j library at any end-users software or firmware. No additional measures in relation to COMET devices or software are required.

2021-05-15 WiFi FragAttacks vulnerabilities WiFi sensors Wx7xx (firmware version 10.0.2.0 and lower)
  CVE-2020-24588, CVE-2020-26140, CVE-2020-26143 FragAttacks is name for vulnerabilities related to WiFi standard and its implementation disclosed by security researcher Mathy Vanhoef at May 11, 2021. WiFi sensors with firmware version 10.0.2.0 and lower may to be affected by this vulnerabilities. We are not aware about any potential attack vector for WiFi sensors, but we strongly recommend update firmware version to 10.0.2.1 or higher. Firmware which solve these potential issues is available at COMET webpages.

2021-04-29 Potential memory allocation vulnerabilities WiFi sensors Wx7xx (firmware version 10.0.1.1 and lower)
  CVE-2021-22636, CVE-2021-27429, CVE-2021-27502 Memory allocation vulnerabilities were found at 3rd party development environment used for development of WiFi sensors. At present time we are not aware any way how to exploit this potential vulnerabilities at WiFi sensors. But we strongly recommand to update firmware to 10.0.2.0 or higher. Latest firmware for WiFi sensors is available at COMET webpages.

2020-12-09 Vulnerabilities at TCP/IP stack AMNESIA:33 No impact
  CVE description COMET does not use TCP/IP stacks (uIP, FNET, picoTCP, Nut/Net) inside any device. No additional measures in relation to COMET devices are required.