Eaton Security Bulletin on OpenSSH Vulnerability

This document is a security bulletin issued by Eaton regarding a high severity vulnerability identified in OpenSSH's server (sshd) affecting glibc-based Linux systems. The vulnerability, designated CVE-2024-6387, could allow unauthenticated remote code execution as root due to a race condition triggered when a connection fails to authenticate within a specified time. The bulletin details the affected versions of OpenSSH and impacted Eaton products, including NM2, IPM2, and INDGW X2. It outlines remediation steps, including the release of new firmware versions to patch the vulnerabilities. Additionally, the document provides mitigation strategies for users of Eaton products utilizing SSH functionality, emphasizing a secure-by-default approach and recommending cybersecurity best practices. The bulletin also mentions Eaton's commitment to cybersecurity and offers information on available services to assist customers in securing their operational technology networks.