Are the Common Product Platforms (CPP) vulnerable to Meltdown or Spectre exploitations?
In December 2017 information about two vulnerabilities in modern processors were published. These exploits are often referred to as Meltdown and Spectre. Due to the nature of the flaw, many processors (AMD, ARM, Intel, etc.) are considered vulnerable.
In order to use the exploit, an attacker needs to execute malicious code on the target system. It is thus generally advised to protect systems from unauthorized access (e.g. by using a strong password policy).
BOSCH IP Cameras and BOSCH Encoders are based on Common Product Platform (CPP) designs. Each CPP uses a specific System-on-Chip (SOC), or a family of SoC’s, which inherit various CPU cores. Some of them include ARM cores, which are considered vulnerable.
We therefore have analyzed our Common Product Platforms if they are affected, with the result:
In short, our IP cameras and encoders are not vulnerable to Meltdown or Spectre exploitations.
Notes
To endure insusceptibility it must be ensured to have recent firmware installed on the devices and access protection kept on a reasonable level.