A number of vulnerabilities, collectively known as Ripple20, exist in Treck Inc.'s embedded TCP/IP stack and are used in Schneider Electric devices.
How is EcoStruxure IT Gateway software affected by Ripple20?
None of the Ripple20 vulnerabilities exist in the EcoStruxure IT Gateway software.
How is the EcoStruxure IT Gateway Appliance affected?
There are two Gateway Appliances, each on a different platform: the NUC and the Dell PowerEdge, Schneider Electric SKUs INNUC0119 and DLPE301118, respectively.
SimplyNUC, the NUC's hardware vendor, confirms that the NUC is not affected.
No specific mitigation for Ripple20 is necessary for the EcoStruxure IT Gateway software or the Gateway Appliances.
Do not disable DNS on the Gateway Appliance or the computer the Gateway is running on.
DNS is required for communication with the cloud-based services.
Mitigation for the known affected devices is documented in these Schneider Electric notifications:
How can EcoStruxure IT Expert help mitigate Ripple20?
Connect vulnerable devices to a private network and monitor using EcoStruxure IT Gateway. See EcoStruxure IT Gateway in a Secure Network Architecture
Disable DNS using the Device Configuration feature in IT Expert. Configure an invalid DNS address to disable DNS, such as 0.0.0.0. With this configuration, IP addresses must be used instead of hostnames.
If hostnames are configured on the Network Management Card (NMC), use the Device Configuration feature in IT Expert to replace them with IP addresses.
Once new firmware is available for the affected NMCs, use the Firmware Update feature in IT Expert to easily push out the new firmware to affected devices.