| 631.969.2601 | MADE IN USA

Security Advisory

Ripple20 Vulnerability Assessment

Update History:

January 25, 2022 at 11:30AM EST – Published

 Overview 

IPVideo Corporation is aware of several TCP/IP Stack vulnerabilities and our product, operations and security teams have assessed its effect on the ViewScan system. 

https://www.digi.com/support/knowledge-base/digi-international-security-notice-treck-tcp-ip-st 

As always, please follow cybersecurity best practices including ensuring all of your servers are properly secured behind firewalls, backed up, and not left unprotected on the internet if they are installed on-premises. 

Current Status: 

IPVideo Corporation has been performing a review of our products and software. Our analysis indicates that only the Digi Connect ME, a networking module used for communication with the ViewScan Monolith, is affected by this vulnerability. 

The products listed below are not affected by this vulnerability. 

  • HALO V2.0 
  • HALO V2C 
  • HALO Cloud 
  • AVfusion 

Important Notes: 

1. ViewScan systems that are on a Standalone or Sandboxed network of the Scanner, Camera, and Laptop are not vulnerable to network attacks. Updating the firmware is still recommended in this case. 

2. For ViewScan systems that are on a larger network, it is suggested that they are on one that is non-public facing. 

Log4j2 Vulnerability Assessment

Update History:

December 14, 2021 at 4:30PM EST – Published

Overview

IPVideo Corporation is aware of the Log4j2 vulnerability CVE – CVE-2021-44228 (mitre.org) and our product, operations and security teams are currently assessing all products.

As always, please follow cybersecurity best practices including ensuring all of your servers are properly secured behind firewalls, backed up, and not left unprotected on the internet if they are installed on-premises.

Please check back to this site regularly as we will continue to post updates as new information becomes available.

Current Status:

IPVideo Corporation has been performing a review of our products, code and production environments.  Currently, our analysis indicates that the products listed below are not affected by this vulnerability.  As this is an evolving threat, we will update this site as new information becomes available.

  • HALO V2.0
  • HALO V2C
  • HALO Cloud
  • AVfusion
  • ViewScan

Important Notes:

  1. While the AVfusion and ViewScan products are not affected, customers should investigate the environment where they have installed the product(s) to ensure the operating systems, other software installed on the server and virtual environments are not affected.  For example, VMware is commonly used to virtualize the underlying infrastructure and they have provided an update on their products at the following link: https://www.vmware.com/security/advisories/VMSA-2021-0028.html
  2. Our analysis was done on the latest released version of each product.  SaaS products are always on the latest version, but for on-premises products, you should ensure you have updated to the latest version.
  3. Our HALO Cloud backend utilizes Amazon Web Services. Amazon has addressed the vulnerability and we are actively monitoring their updates.

https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

To learn more, fill out the information below:

Or call us today at 631.969.2601