COMET SYSTEM, s.r.o. want to provide customers with timely information and risk mitigation advices to minimize the risks associated with security threats. We recommend that customers use the latest available version of the software and firmware. Firmware and software updates should be downloaded from reputable sources only like a COMET webpages of directly obtained from technical support. Any questions related to COMET products and security threats may to be addressed to technical support.
|DATE||DESCRIPTION||IMPACT TO COMET PRODUCTS
|2021-12-13||Apache Log4j 2.x vulnerabilities||No impact|
|CVE-2021-44228, CVE-2021-45046, CVE-2021-45105
||COMET does not use Log4j library at any end-users software or firmware. No additional measures in relation to COMET devices or software are required.|
|2021-05-15||WiFi FragAttacks vulnerabilities||WiFi sensors Wx7xx (firmware version 10.0.2.0 and lower)|
|CVE-2020-24588, CVE-2020-26140, CVE-2020-26143||FragAttacks is name for vulnerabilities related to WiFi standard and its implementation disclosed by security researcher Mathy Vanhoef at May 11, 2021. WiFi sensors with firmware version 10.0.2.0 and lower may to be affected by this vulnerabilities. We are not aware about any potential attack vector for WiFi sensors, but we strongly recommend update firmware version to 10.0.2.1 or higher. Firmware which solve these potential issues is available at COMET webpages.
|2021-04-29||Potential memory allocation vulnerabilities||WiFi sensors Wx7xx (firmware version 10.0.1.1 and lower)|
|CVE-2021-22636, CVE-2021-27429, CVE-2021-27502||Memory allocation vulnerabilities were found at 3rd party development environment used for development of WiFi sensors. At present time we are not aware any way how to exploit this potential vulnerabilities at WiFi sensors. But we strongly recommand to update firmware to 10.0.2.0 or higher. Latest firmware for WiFi sensors is available at COMET webpages.|
|2020-12-09||Vulnerabilities at TCP/IP stack AMNESIA:33||No impact|
|CVE description||COMET does not use TCP/IP stacks (uIP, FNET, picoTCP, Nut/Net) inside any device. No additional measures in relation to COMET devices are required.|