The latest firmware release for all SNAP PAC controllers and brains addresses important security fixes.

For all you SNAP PAC users, an important update is available now! SNAP PAC firmware 10.3b is ready for download.

This latest maintenance release has some noteworthy updates you'll want to review. You can check out the README for a complete list of bug fixes and exact details. It lists revision changes made to the firmware used in SNAP PAC S-series, R-series, and SoftPAC controllers; SNAP PAC EB-series and SB-series brains; and G4EB2 and G4D32EB2 brains.

While there are a range of bug fixes that address some specific issues, the focus on this update is to address security vulnerabilities in the Treck TCP/IP software that the SNAP PAC controllers use.

You can read more about this vulnerability and appropriate mitigation practices here in our Knowledge Base article KB88981. This vulnerability is known in the industry as "Ripple20". As soon as Opto 22 was notified of this issue, we began working on updating and testing the new Treck TCP/IP stack in our SNAP PAC controllers. This 10.3b firmware release is the result of those efforts.

More Information About Security and Opto 22 Products

Opto 22 also has other resources available to answer your cybersecurity questions. In addition to applying the fix, you can review the following OptoBlog Security Series, which can help you review your current practices and identify areas of improvement:

• Part 1: Dual Network Interfaces
• Part 2: What's a Firewall?
• Part 3: Device originating communications, or how and why MQTT rocks
• Part 4: User Accounts
• Part 5: Encryption and Certifications

Finally, it's worth noting that Ripple20 only applies to SNAP PAC controllers; our groov EPIC and groov RIO devices are not impacted.