Regarding the Meltdown/Spectre side-channel attacks Advanced Relay Corp. would like to share these thoughts with our customers:
- Meltdown is Intel processors specific, so it does not affect the PXSe which is based on an ARM 7TDMI microporcessor.
- Spectre violates memory insulation boundaries, by using a flaw on branch prediction and speculative execution and can happen on Intel, AMD and ARM processors. To exploit this flaw, the attacker uses a side-channel strategy to access the memory of a victim process and find its secrets (e.g. passwords)
- The PXSe uses the eCos OS (Embedded Configurable Operating System), which is a single process OS (though multithreaded)
- ECos does not use virtual memory or protected areas of memory
- As there is no multiprocess nor virtual memory the concept of side-channel attack is meaningless: eCos runs only one process, so there can not be an attack process.
- All the code is executed from flash memory. Even if an attacker could somehow (perhaps through the web server, but we have no knowledge of any vulnerability on this piece of software) inject some code into RAM and execute it, the PXSe does not have any critical information like passwords. Still, if concerned about this possible vector of attack, the web server can be disabled.
Last but not at all least, ARM released a Security Update in which it clearly list the ARM processors succeptible to these attacks. ARM 7TDMI is not in this list. Please check the ARM Security Update .