Notified: January 18, 2013 Updated: June 26, 2013
Statement Date: June 18, 2013
Affected
Monroe Electronics released Version 2.0-2, which includes a cumulative security update that resolves potential vulnerabilities by removing of default SSH keys, providing a simplified user option to load new SSH keys, changing password handling, and other security enhancements. Version 2.0-2 was released on 24 April 2013, after soft launch in March 2013. Most device users have already obtained and installed this update. Users should always maintain secure network connections for their EAS/CAP systems, including firewalls and/or other basic network safeguards, as a standard and common sense best practice. Monroe Electronics has encouraged all users to adhere to FCC guidance and FEMA recommendations in this area. Users who had previously disabled or changed their SSH keys and default passwords are not impacted, but should apply the v2.0-2 update nonetheless. There have been no reports of any incidents relating to SSH keys, and the company issued this security update as a precautionary measure. No evidence of predictable session IDs was found after extensive examination of equipment, including fielded devices. The finding appears to be anomaly based on the particular test method used by the researcher, which did not involve the actual device. This issue does not appear in the actual device. DASDEC users can obtain the DASDEC v2.0-2 software update and release notes by contacting support@digitalalertsystems.com. One-Net users can obtain the R189 One-Net v2.0-2 software update and release notes by contacting customer service at eas@monroe-electronics.com.
Digital Alert Systems has released firmware version 2.0-2 for DASDEC-I and DASDEC-II devices.
Notified: January 18, 2013 Updated: June 24, 2013
Statement Date: June 18, 2013
Affected
Monroe Electronics released Version 2.0-2, which includes a cumulative security update that resolves potential vulnerabilities by removing of default SSH keys, providing a simplified user option to load new SSH keys, changing password handling, and other security enhancements. Version 2.0-2 was released on 24 April 2013, after soft launch in March 2013. Most device users have already obtained and installed this update. Users should always maintain secure network connections for their EAS/CAP systems, including firewalls and/or other basic network safeguards, as a standard and common sense best practice. Monroe Electronics has encouraged all users to adhere to FCC guidance and FEMA recommendations in this area. Users who had previously disabled or changed their SSH keys and default passwords are not impacted, but should apply the v2.0-2 update nonetheless. There have been no reports of any incidents relating to SSH keys, and the company issued this security update as a precautionary measure. No evidence of predictable session IDs was found after extensive examination of equipment, including fielded devices. The finding appears to be anomaly based on the particular test method used by the researcher, which did not involve the actual device. This issue does not appear in the actual device. DASDEC users can obtain the DASDEC v2.0-2 software update and release notes by contacting support@digitalalertsystems.com. One-Net users can obtain the R189 One-Net v2.0-2 software update and release notes by contacting customer service at eas@monroe-electronics.com.
Monroe Electronics has released firmware version 2.0-2 for R189 One-Net and R189SE One-NetSE devices.