RI Title
RI logo





***Security Alert***

Roos Instruments is aware and has been closely monitoring the developments of the Meltdown and Spectre vulnerability. The RI8574A EPC for Cassini includes a Intel CPU and an embedded OS based on OS/2 Platform that are likely affected. The RIK0126A Virtual Workstation and Guru Server software can be run in the cloud, virtually or on physical hardware are also affected.

Status: Pending Updates (not yet available)

Risk Level: Low (malware must target OS/2 platform)

Roos Instruments has identified that all CASSINI RI8574 EPC TIMs, Virtual Workstations, Guru Enterprise Servers, Guru Servers and eManuals (Apple iPads) may be impacted by this issue. We recommend that our customers evaluate their systems for this vulnerability and to take immediate action to remediate as OS, VirtualBox or VMWare patches become available. If Guru Server is installed on an affected Linux operating system (OpenSuSE, xUbuntu), please follow the procedures to apply security updates. Since these installations are typically not accessible to the public internet and are protected by multiple layers of physical and network security, although the issue is urgent in both priority and severity the actual risk is very low.

As for Roos Instruments, we are taking the necessary steps to mitigate any risk associated with this flaw as soon as possible. Roos Instruments is preparing to update all servers that are exposed to the public internet and will verify that these systems are no longer affected once a patch is available.

For Guru Server, the performance impact of these patches can be avoided by disabling page table isolation, but it is NOT recommended.

For EPC and Virtual Workstations based on OS/2, eComStation, and ArcaOS operating systems, apply updates to Firefox and hardware firmware updates (as made available). Otherwise, use network access controls to restrict access to HTTPS/HTTP (TCP port 443/80) from vulnerable systems.

RI8574A EPC Firmware: Intel, ASRock - TBD, OS: eComStation 4 or ArcaOS 5 - TBD

OS/2 Platform vulnerability: OS/2 - untested, eComStation - untested, ArcaOS - vulnerable, ArcaOS Policy Statement

OS/2 Web Browser: Firefox does not include the timing precision necessary for practical attacks. (Source)

Guru Server, common Linux OS Update commands:

    • Ubuntu/xUbuntu: "sudo apt-get update"
    • OpenSuSE: "zypper patch"
    • CentOS, Redhat: "sudo yum update"
Additional Information:

PrintEmail Link
https://roos.com/docs/RBEH-AUPQ6Q
ROOS INSTRUMENTS CONFIDENTIAL AND PROPRIETARY
©2018-2022 Roos Instruments, Inc. All rights reserved.