|Model:| |Digi Connect ME|
|Firmware Version:| |1.9.0.6 (Version 82000856_F6 07/21/2006)|
|Boot Version:| |0.0.0.1 (release_82000866_C)|
|POST Version:| |1.1.3 (release_82000867_H)|
cheers!
please help me determine what POST, boot and firmware versions to update to and in which order!
on the obsolete DC-ME-01T-S PN:(1P)50000878-01 Digi Connect ME 2MB flash running plug and play firmware, you
a) don’t need to update the POST firmware [82000867_H is the latest anyway]
b) you can run the 2MB ME EOS Firmware based on Fusion stack 82000856, latest revision is 82000856_F7
we recommend using this Fusion stack firmware! because:
c) there is a newer Treck Stack firmware 2MB ME EOS Firmware with new Treck TCP/IP Stack 82001116_K6:
# 2MB ME EOS Firmware with new Treck TCP/IP Stack
which is vulnerable to Ripple20 see: Digi International Security Notice - TRECK TCP/IP Stack "RIPPLE20" VU#257161 ICS-VU-035787 | Digi International
The vulnerability was fixed in the firmware for 4MB flash, but for the 2MB flash there is not enough space to fix it and the 2MB product is obsolete anyway.
We recommend using the Fusion stack firmware 82000856 instead. If you application does work better with the Treck Stack firmware, it’s your choice if you can take the risk of the vulnerability (e.g. in a local network only).
This DC-ME-01T-S PN:(1P)50000878-01 is obsolete. A plug in replacement (same hardware but 4MB flash) with a different firmware (behaves a little different) is the DC-ME4-01T-S-UPW PN:(1P)50000878-76 running the 4meg Treck Stack firmware 82004424_C.bin:
this 4meg Treck Stack firmware has the Ripple20 vulnerability fixed.