DS1006 Processor Board Compiler (x86 Tools 3.0)

Problem Description

The compiler for the DS1006 Processor Board uses the X86 tools in version 3.0. This means that components are used which have various security vulnerabilities.

Connected CVE's

The following vulnerabilities are associated with the components.

A detailed description of the CVE's can be found here.

GNU Compiler Collection 4.8.3

Database	CVE	Score	Classification
NVD	CVE-2018-12886	8.1	Critical
NVD	CVE-2021-37322	7.8	Critical
NVD	CVE-2019-15847	7.5	Critical
NVD	CVE-2015-5276	5.0	Medium
NVD	CVE-2023-4039	4.8	Medium

GNU Binutils 2.22

Database	CVE	Score	Classification
NVD	CVE-2014-9939	9.8	Critical
NVD	CVE-2021-45078	7.8	High
NVD	CVE-2022-47696	7.8	High
NVD	CVE-2022-45703	7.8	High
NVD	CVE-2017-12449	7.8	High
NVD	CVE-2022-44840	7.8	High
NVD	CVE-2021-37322	7.8	High
NVD	CVE-2018-19931	7.8	High
NVD	CVE-2017-12456	7.8	High
NVD	CVE-2017-12454	7.8	High
NVD	CVE-2017-12450	7.8	High
NVD	CVE-2017-12457	7.8	High
NVD	CVE-2017-12459	7.8	High
NVD	CVE-2018-1000876	7.8	High
NVD	CVE-2017-12451	7.8	High
NVD	CVE-2022-47673	7.8	High
NVD	CVE-2017-12455	7.8	High
NVD	CVE-2017-12458	7.8	High
NVD	CVE-2017-12448	7.8	High
NVD	CVE-2017-12453	7.8	High
NVD	CVE-2022-47695	7.8	High
NVD	CVE-2017-12452	7.8	High
NVD	CVE-2014-8485	7.5	High
NVD	CVE-2014-8501	7.5	High
NVD	CVE-2014-8504	7.5	High
NVD	CVE-2021-46174	7.5	High
NVD	CVE-2014-8502	7.5	High
NVD	CVE-2020-35342	7.5	High
NVD	CVE-2014-8503	7.5	High
NVD	CVE-2021-20197	6.3	Medium
NVD	CVE-2020-35494	6.1	Medium
NVD	CVE-2019-1010204	5.5	Medium
NVD	CVE-2018-20671	5.5	Medium
NVD	CVE-2020-35496	5.5	Medium
NVD	CVE-2022-48064	5.5	Medium
NVD	CVE-2022-38533	5.5	Medium
NVD	CVE-2018-19932	5.5	Medium
NVD	CVE-2022-48065	5.5	Medium
NVD	CVE-2022-48063	5.5	Medium
NVD	CVE-2020-35507	5.5	Medium
NVD	CVE-2020-35493	5.5	Medium
NVD	CVE-2020-21490	5.5	Medium
NVD	CVE-2020-35495	5.5	Medium
NVD	CVE-2020-19724	5.5	Medium
NVD	CVE-2014-8738	5	Medium
NVD	CVE-2014-8484	5	Medium
NVD	CVE-2012-3509	5	Medium
NVD	CVE-2014-8737	3.6	Low

Newlib 1.20

Database	CVE	Score	Classification
NVD	CVE-2021-3420	9.8	Critical
NVD	CVE-2019-14874	6.5	Medium
NVD	CVE-2019-14878	6.5	Medium
NVD	CVE-2019-14872	6.5	Medium
NVD	CVE-2019-14871	6.5	Medium
NVD	CVE-2019-14877	6.5	Medium
NVD	CVE-2019-14873	6.5	Medium
NVD	CVE-2019-14875	6.5	Medium
NVD	CVE-2019-14876	6.5	Medium

Affected Products / Affected Versions

DS1006 Compiler, RTI1006 up to Release 2023-B

Solution

The provided script will remove the X86 tools from the RCP&HIL installation path, removing the vulnerabilities.

The script must be executed after the installation of the basic software and after the installation of service packs and patches. If a recovery/repair is carried out, the components are automatically restored and the script has to be executed again.

Download:

DS1006ProcessorBoardCompiler_Remove_x86Compiler.ps1

Limitations

By removing the x86 tools, it is no longer possible to build real-time applications for the DS1006 processor board. Loading and running application is still possible. It has to be checked in advance whether the functionality is required.

Enable form call

At this point, an input form from Click Dimensions is integrated. This enables us to process your newsletter subscription. The form is currently hidden due to your privacy settings for our website.

External input form

By activating the input form, you consent to personal data being transmitted to Click Dimensions within the EU, in the USA, Canada or Australia. More on this in our privacy policy.

Date	2023-12-20
Product	Compilers, DS1006 Processor Board, RTI (Real-Time Interface)
Information Type	Notifications
Information Category	Product Security, Troubleshooting
dSPACE Release	2023-B, 2023-A, 2022-B, 2022-A, 2021-B, 2021-A, 2020-B, 2020-A, 2019-B, 2019-A