Atos SE

Notified:  October 24, 2017 Updated: October 24, 2017

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

From SwissSign: "Our card manufacturer informed us that the ATOS CardOS 4.x cards and card reading systems used by SwissSign are not affected. The vulnerability mainly affects cards of the CardOS 5.x generation which still under evaluation at SwissSign. In addition, there is the possibility for everyone to find out via the link https://keychest.net/roca whether the vulnerability affects the card. If you have any further questions, please do not hesitate to contact us also for a certificate of safety from our card manufacturer."

Dell

Notified:  October 19, 2017 Updated: October 24, 2017

Statement Date:   October 23, 2017

Status

  Affected

Vendor Statement

Dell has released a Knowledge Base article with statement and details.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

Fujitsu

Notified:  October 16, 2017 Updated: October 16, 2017

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

Fujistu has released a security advisory with a list of affected products.

Vendor References

Gemalto AV

Notified:  October 18, 2017 Updated: November 02, 2017

Statement Date:   October 20, 2017

Status

  Affected

Vendor Statement

Gemalto Enterprise & Cybersecurity has released a security bulletin with more information.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

Google

Notified:  October 16, 2017 Updated: October 16, 2017

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

Chrome OS prior to M60 is affected. Google has released a security advisory with more information.

Vendor References

Hewlett Packard Enterprise

Notified:  October 16, 2017 Updated: October 16, 2017

Statement Date:   October 16, 2017

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

Some HPE TPM modules are affected. HPE has released firmware updates at the URL below. HPE has published a longer security bulletin HPESBHF03789 with more details.

Vendor References

Infineon Technologies AG

Notified:  October 16, 2017 Updated: October 24, 2017

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

Infineon RSA library version 1.02.013 is impacted. Infineon provides a partial list of affected vendors using the library in TPM products below.

Vendor References

Lenovo

Notified:  October 16, 2017 Updated: October 16, 2017

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

Lenovo has released a security advisory and will update the advisory as updates become available.

Vendor References

Microsoft Corporation

Notified:  October 16, 2017 Updated: October 16, 2017

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

Microsoft has released a security advisory.

Vendor References

Rubrik

Notified:  October 24, 2017 Updated: October 24, 2017

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

Taglio LLC

Updated:  November 02, 2017

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The PIVKey C980 is affected. See the security advisory for more details.

Vendor References

WinMagic

Notified:  October 16, 2017 Updated: October 16, 2017

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Yubico

Notified:  October 16, 2017 Updated: October 16, 2017

Statement Date:   October 16, 2017

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

Yubikey 4 / 4C / 4 nano, versions 4.2.6 - 4.3.4, are vulnerable when using the onboard RSA generation functionality. Yubico has published a security advisory, and provides a keycheck information page with mitigation or replacement advice.

Vendor References

View all 13 vendors View less vendors