Problem

The security firm JSOF has discovered vulnerabilities in the TCP/IP stack of Treck Inc., which were disclosed by Treck Inc. on June 16, 2020. The vulnerabilities are of different severity and are associated with different risks.

19 vulnerabilities, which have been summarized under the "Ripple20" designation, have been detected in the TCP/IP stack of Treck Inc.

Upon learning of this, SEW-EURODRIVE immediately began reviewing the SEW-EURODRIVE product range. During our review, we have determined that products used by us at SEW-EURODRIVE and by our suppliers are also affected by Ripple20. SEW-EURODRIVE is currently examining with high priority to what extent our products, components, and systems are affected by these vulnerabilities.

In the meantime, our customers should immediately ensure that they have implemented the best practices for cyber security in their areas to protect themselves from vulnerabilities. These include, for example, securing all systems with remote access using firewalls. Ensure that unauthorized access is prevented, particularly with respect to Ethernet-based networked systems and engineering interfaces. Use IT‑specific safety standards to complement access protection.

At the end of 2020, additional vulnerabilities were identified in the same TCP/IP stack from Treck Inc.. They have been evaluated by SEW‑EURODRIVE in the same way as the weak points of the Ripple20 and supplemented as part of the update of this document.