JMP Seminar in Casablanca, Morocco

Our associates from JMP hosted a banking and multi-site client seminar in Casablanca in Morocco together with Protectas and Assa Abloy yesterday. We presented the latest technologies for cloud solutions available in today’s market.

JMP Controls is a value-added distributor of innovative and efficient security solutions covering all areas of electronic security.

Check out the SPG Controls page to find out more about our collaborators: https://spgcontrols.com/partners/

ARCO Platform 6.0 Release Highlights

Please refer to the SPG Support site for the complete Release Notes.

SPG Controls FCC Certification

SPG Controls’ S1000 Smart Controller and Peripherals are FCC certified under 47 CFR PART 15, SUBPART B/ICES-003 issued by the independent testing company EMC Technologies Pty. Ltd.

List of FCC Certified Products

• S1000 Smart Controller: S1000-PCB
• SPG Power Supply: SP1-PSU-2A
• CRI Expansion Card: SE1-CRI-PCB
• Card Reader Interface Board: SD1-CRIO-PCB
• IO Expansion Card: SE1-8I2O-PCB
• 6 Output Expansion Card: SE1-6OUT-PCB
• S1000 Remote IO: SD1-REMIO-PCB
• Audio Listen In Module: SD1-AUDIO4-PCB
• Audio Converter Expansion Card: SE1-AUDIOBUS-PCB
• Dual Ethernet Expansion Card: SE1-ETHER2-PCB
• Cellular+WiFi Expansion Card: SE1-CELL-PCB
• Sensor Remote Device: SD1-2ADI-PCB
• Alarm Keypad: SD1-TKD-MFRICP-B
• S1000 Communicator: S1000-PENC

For a copy of the FCC certificate or the comprehensive testing report, feel free to contact us at info@spgcontrols.com

New Collaboration Announcement: Eclipse Digital Solutions

SPG Controls is pleased to announce a new collaboration with Eclipse Digital Solutions, a double award-winning pioneer of modern-day integrated security solutions. Eclipse Digital Solutions has long-established relationships with a wide range of public and private sector bodies and commercial clients in and around the UK.

Eclipse Digital Solutions Ltd have consistently delivered tailor-made and cost-effective security solutions to our client base across various sectors.
Clients include the Home Office, Centre for the Protection of National Infrastructure, Ministry of Justice and businesses and organisations requiring the highest level of security protection.

Dedicated to standards and is accredited to ISO9001 Quality Management System and ISO27001 and is a member of ADS – the premier trade association for organisations operating in our sectors – providing the best possible solutions, products and services.

Check out the Eclipse Digital Solutions website: https://www.eclipsedigital.co.uk/

Check out the SPG Controls page to find out more about our collaborators: https://spgcontrols.com/partners/

How To Detect and Mitigate the Log4j2 Vulnerability

Like many manufacturers in our Industry, we became aware on the 10th of December 2021 of the Remote Code Execution vulnerability CVE-2021-44228 in the popular Java logging library Log4j2 CVE (all versions between 2.0 and 2.14.1 are vulnerable).

While SPG Controls and our related products are safe from the Log4j2 vulnerability, you may have other products and services that are not.

Below is a brief infographic on how the Log4j2 works and potential fixes you can implement.

Contact us at info@spgcontrols.com and tell us how we can help you configure your systems integrations to be safe from the Log4j2 vulnerability.

Log4j2 CVE Vulnerability and SPG Controls

Description:

Like many of the manufacturer’s in our Industry, we became aware on the 10th of December 2021 of the Remote Code Execution vulnerability CVE-2021-44228 in the popular Java logging library Log4j2 CVE (all versions between 2.0 and 2.14.1 are vulnerable).

SPG Controls Action:

SPG Controls scan the published docker images for known security flaws. The Log4j2 CVE vulnerability has been included in this process by the Docker Hub team.

Vulnerability Summary:

  • Code developed by SPG Controls does NOT use Log4j2 CVE.
  • Some Official Docker Images do contain the vulnerability; however, the versions used by SPG Controls are NOT affected.
  • SPG Control uses a version of Elasticsearch which does NOT contain the vulnerability.

Further Details:

Scan images on Docker Hub

Docker Hub security scans triggered after 1700 UTC the 13th of December 2021 are now correctly identifying the Log4j2 CVE. Scans before this date do not currently reflect the status of this vulnerability. Therefore, we recommend that you trigger scans by pushing the image to Docker Hub to view the status of Log4j2 CVE in the vulnerability report.

Source: https://docs.docker.com/docker-hub/vulnerability-scanning/

Code developed by SPG Controls does NOT use Log4j2 CVE. Some Official Docker Images do contain the vulnerability; however, the versions in use by SPG Controls are not affected.

Repository

Patched version

Additional documentation

couchbase

7.0.3

Couchbase blog

Elasticsearch

6.8.22, 7.16.2

Elasticsearch announcement

Flink

1.11.6, 1.12.7, 1.13.5, 1.14.2

Flink advice on Log4j CVE

Geonetwork

3.10.10

Geonetwork GitHub discussion

lightstreamer

Awaiting info

Awaiting info

logstash

6.8.22, 7.16.2

Elasticsearch announcement

neo4j

4.4.2

Neo4j announcement

solr

8.11.1

Solr security news

sonarqube

8.9.5, 9.2.2

SonarQube announcement

storm

Awaiting info

Awaiting info

Elasticsearch mitigation

Elasticsearch mitigation summary matrix.

Note: While the below mitigations are considered complete, our overall recommendation is to update to version 7.16.2 or 6.8.22 or newer.

Yes indicates the versions that are subject to the vulnerability in question, No indicates they are not vulnerable. Version ranges are inclusive.

Source: https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476

SPG Control uses a version of Elasticsearch which does NOT contain the vulnerability.

Elasticsearch

JDK

CVE IDs

Information Leak

Remote Code Execution

Complete Mitigation

7.16.1 – 7.16.2

≥ 8

CVE-2021-44228, CVE-2021-45046

No

No

N/A (not vulnerable)

7.0.0 – 7.16.0

≥ 9

CVE-2021-44228, CVE-2021-45046

No

No

N/A3 (not vulnerable)

7.0.0 – 7.16.0

< 9

CVE-2021-44228, CVE-2021-45046

Yes

No

System property1

6.8.21

≥ 8

CVE-2021-44228, CVE-2021-45046

No

No

N/A (not vulnerable)

6.0.0 – 6.8.20

≥ 9

CVE-2021-44228, CVE-2021-45046

No

No

N/A3 (not vulnerable)

6.4.0 – 6.8.20

< 9

CVE-2021-44228, CVE-2021-45046

Yes

No

System property1

6.0.0 – 6.3.2

< 9

CVE-2021-44228, CVE-2021-45046

Yes

No

Remove JndiLookup2

5.6.11 – 5.6.16

8

CVE-2021-44228, CVE-2021-45046

Yes

Yes

System property1

5.0.0 – 5.6.10

8

CVE-2021-44228, CVE-2021-45046

Yes

Yes

Remove JndiLookup2

< 5.0.0

any

CVE-2021-44228, CVE-2021-45046

No

No

N/A (not vulnerable)

 

New Integration Announcement: Orange Business Services – Pack ID solution

SPG Controls is pleased to announce a new partnership with Orange Business Services, a global IT and communications services provider. Orange Business Services operations span 26 countries and serve 207 million mobile customers, including 8 million business customers.

Integration with ARCO Platform uses its Open API to interface to the Pack ID solution from Orange Cloud Service mobile credentials. Credential request on the Orange Cloud Server leverages the built-in security architecture and secure communication of the ARCO Platform to access Sites/Doors.

The API is based on the latest Web-based Restful Architecture. All data contained within ARCO Platform is securely communicated to the Orange Cloud Service.

Check out the Orange Business Services website: https://www.orange-business.com/fr/produits/pack-id 

Check out the SPG Controls partners page to find out more about our collaborators: https://spgcontrols.com/partners/

New Partner Announcement: Avarn Security

SPG Controls is pleased to announce a new partnership with Avarn Security, a leading security group with operations in Norway, Sweden, Denmark and Finland. Avarn Security supply security to clients across the Nordic countries.

Avarn Security (earlier Nokas) is a leading and strategic security partner for corporate customers and public sector organizations. They provide security services and solutions in the Nordic market.

Avarn Security is known for its long history as a strong solution provider of access control solutions. They are expanding their current access control system offering by bringing the latest technology in the industry to Finland for the benefit of the customers. SPG Controls and Avarn Security have entered into a cooperation agreement, in which Avarn Security will continue to represent the ARCO Enterprise access control system in Finland alongside its current access control solutions.

The company’s main operations are based in Norway, Sweden and Finland. Its head office is located in Oslo, Norway and it is headed by Group CEO Vidar Berg, with 16,000 employees spread across the Nordic countries.

Check out the Avarn Security website: https://www.avarnsecurity.fi/

Check out the SPG Controls partners page to find out more about our collaborators: https://spgcontrols.com/partners/

ARCO Security configuration – making it happen though a Mobile Application

System configuration management is important, especially in large scale systems, where you need control over both hardware and software components essential to your security solution.
It’s important in establishing and maintaining consistency in a product; from performance to functionality to physical attributes to efficiently managing requirements, design, and operational information for hardware and software.

System configuration management is essential because the system-level design may be challenging. It is hard enough to manage hardware and software development projects independently but managing all the dependencies between the two disciplines while also accounting for security concerns, scheduling and distribution. It’s a complex problem to tackle.

The ARCO Setup APP makes installing and operating your S1000 Smart Controller quick and easy. In addition, ARCO Setup provides network settings to establish remote communications to the ARCO Platform, input and output testing both locally and end-to-end. Download the ARCO Setup APP on your mobile fast and easy configuration.

  • Support BLE 4.2
  • Android and iOS Compatible
  • No Setup PC Required
  • Allows For Easy Commissioning of Panel
  • Secure Authentication Layer for Login
  • Dashboard For Diagnostics and Testing

Contact us at info@spgcontrols.com and tell us how we can help you configure your systems using ARCO Setup app.

ARCO Platform 5.2 Release Highlights

Please refer to the SPG Support site for the complete Release Notes.