Data Distribution Service: Exploring Vulnerabilities and Risks Part 2

In part two of our series, we’ll highlight both known and new DDS vulnerabilities and what they mean for mission critical operations...

Data Distribution Service: An Overview Part 1

In this three-part blog series, we’ll look into Data Distribution Service, why it is critical, and how you can mitigate risks associated with it...

CVE-2021-38433

RTI Connext DDS Professional and Connext DDS Secure Versions 4.2x to 6.1.0 vulnerable to a stack-based buffer overflow, which may allow a local attacker to execute arbitrary code...

Critically Underrated: Studying the Data Distribution Service (DDS) Protocol

Researchers from Trend Micro Research, TXOne, ADLINK, Alias Robotics, and ZDI looked into the Data Distribution Service DDS standard and its implementations from a security angle. The full findings of this research will be presented in the S4X22 Conference in April 2022...

Hazelcast code issue vulnerability

Hazelcast Hazelcast IMDG is a scalable open-source data distribution platform from Hazelcast, Inc. The platform supports a variety of distributed data structures, distributed caching and other features. Hazelcast versions prior to 5.1 of XML has a code problem vulnerability, which stems from not...

Defending the Supply Chain: Why the DDS Protocol is Critical in Industrial and Software Systems

In 2021, a team of researchers from Trend Micro Research, TXOne, ADLINK, Alias Robotics, and ZDI looked into the Data Distribution Service DDS standard and its implementations from a security angle. The full findings of this research will be presented in the S4X22 Conference in April 2022...

CISA Releases Advisory on Vulnerabilities in Multiple Data Distribution Service Implementations 

CISA has released an Industrial Control Systems Advisory ICSA related to a public report detailing vulnerabilities found in multiple open-source and proprietary Object Management Group OMG Data-Distribution Service DDS implementations. Successful exploitation of these vulnerabilities could result...

Eclipse Cyclone DDS 缓冲区错误漏洞

Eclipse Cyclone DDS is a very high performance and robust open source DDS implementation from the Eclipse Foundation. A security vulnerability exists in Eclipse Cyclone DDS Project v0.1.0 that causes the dds subscriber server to crash...

Why Take It to the Edge

Edge computing is the next natural paradigm shift in IT, bringing a new wave of decentralization. Over the past decade, IT has embraced two seemingly juxtaposed trends: the consolidation of infrastructure and data in private, public, or hybrid clouds, and the growing distribution and diversity of...

[SECURITY] Fedora 31 Update: golang-vitess-3.0-4.20190701git948c251.fc31

Vitess is a database clustering system for horizontal scaling of MySQL thro ugh generalized sharding. By encapsulating shard-routing logic, Vitess allows application code and database queries to remain agnostic to the distribution of data onto multip le shards. With Vitess, you can even split and...

CVE-2019-15135

The handshake protocol in Object Management Group OMG DDS Security 1.1 sends cleartext information about all of the capabilities of a participant including capabilities inapplicable to the current session, which makes it easier for attackers to discover potentially sensitive reachability...

CVE-2019-15135

The handshake protocol in Object Management Group OMG DDS Security 1.1 sends cleartext information about all of the capabilities of a participant including capabilities inapplicable to the current session, which makes it easier for attackers to discover potentially sensitive reachability...

CVE-2019-15137

The Access Control plugin in eProsima Fast RTPS through 1.9.0 allows fnmatch pattern matches with topic name strings instead of the permission expressions themselves, which can lead to unintended connections between participants in a Data Distribution Service DDS network...

CVE-2019-15137

The Access Control plugin in eProsima Fast RTPS through 1.9.0 allows fnmatch pattern matches with topic name strings instead of the permission expressions themselves, which can lead to unintended connections between participants in a Data Distribution Service DDS network...

CVE-2019-15136

The Access Control plugin in eProsima Fast RTPS through 1.9.0 does not check partition permissions from remote participant connections, which can lead to policy bypass for a secure Data Distribution Service DDS partition...

Code injection

The Access Control plugin in eProsima Fast RTPS through 1.9.0 does not check partition permissions from remote participant connections, which can lead to policy bypass for a secure Data Distribution Service DDS partition...

Design/Logic Flaw

The handshake protocol in Object Management Group OMG DDS Security 1.1 sends cleartext information about all of the capabilities of a participant including capabilities inapplicable to the current session, which makes it easier for attackers to discover potentially sensitive reachability...

Design/Logic Flaw

The Access Control plugin in eProsima Fast RTPS through 1.9.0 allows fnmatch pattern matches with topic name strings instead of the permission expressions themselves, which can lead to unintended connections between participants in a Data Distribution Service DDS network...

CVE-2019-15136

CVE-2019-15136 affects the Access Control plugin in eProsima Fast RTPS up to version 1.9.0. The vulnerability arises because remote connections to a participant do not have their partition permissions checked, allowing a policy bypass of a secure DDS partition. The issue is documented across mult...

CVE-2019-15136

The Access Control plugin in eProsima Fast RTPS through 1.9.0 does not check partition permissions from remote participant connections, which can lead to policy bypass for a secure Data Distribution Service DDS partition...