Known vulnerabilities

Known Vulnerability Background Information Affected SCIEX Products Recommended Actions Comments
Windows 7 support has ended. There will be no security updates or any other support provided by Microsoft for Windows 7

20230126 Win7 obsolescence.pdf
https://support.microsoft.com/en-us/windows/windows-7-support-ended-on-january-14-2020-b75d4580-2cc7-895a-2c9c-1466d9a53962 https://learn.microsoft.com/en-us/troubleshoot/windows-client/windows-7-eos-faq/windows-7-extended-security-updates-faq Any acquisition or data processing computers operating on Windows 7 Where possible, update the computer operating system to the SCIEX supported version of Windows 10.

Please contact customer support to discuss the best way to upgrade your system
To ensure system reliability and service support please make sure you are using preconfigured Windows 10 OS images provided by SCIEX for corresponding acquisition computers
CVE-2019-11157, CVE-2019-14598, CVE-2019-14607, CVE-2020-0531, CVE-2020-0532, CVE-2020-0534, CVE-2020-0535, CVE-2020-0536, CVE-2020-0537, CVE-2020-0538, CVE-2020-0539, CVE-2020-0540, CVE-2020-0541, CVE-2020-0542, CVE-2020-0594, CVE-2020-0595, CVE-2020-0596, CVE-2020-8674, CVE-2020-0543, CVE-2020-0548, CVE-2020-0549, CVE-2020-8753, CVE-2020-8744, CVE-2020-8745, CVE-2020-8705, CVE-2020-8757, CVE-2020-8756, CVE-2020-8760, CVE-2020-8754, CVE-2020-8747, CVE-2020-8755, CVE-2020-8746, CVE-2020-8749, CVE-2020-8752, CVE-2020-8696, CVE-2020-8698, CVE-2020-8694, CVE-2020-8695, CVE-2020-0587, CVE-2020-0591, CVE-2020-0592, CVE-2020-0593, CVE-2020-12303, CVE-2020-12355, CVE-2020-12356, CVE-2020-24586, CVE-2020-24587, CVE-2020-24588, CVE-2020-24507, CVE-2020-8703, CVE-2020-24506 , CVE-2020-24511, CVE-2020-24512, CVE-2021-0157, CVE-2021-33107, CVE-2021-0127, CVE-2021-0091, CVE-2021-0107, CVE-2021-0111, CVE-2021-0114, CVE-2021-0115, CVE-2021-0116, CVE-2021-0117, CVE-2021-0118, CVE-2021-0119, CVE-2021-0124, CVE-2021-0125, CVE-2021-0156, CVE-2021-3712, CVE-2021-33159, CVE-2022-21181, CVE-2022-0004, CVE-2022-0005, CVE-2022-21123, CVE-2022-21125, CVE-2022-21127, CVE-2022-21166, CVE-2022-21151, CVE-2022-29083   Alpha Workstation 2020 Perform BIOS update to v 2.15 The known vulnerabilities and listed as a cumulative collection between BIOS v 2.3.1 and BIOS v 2.15
CVE-2020-0587, CVE-2020-0591, CVE-2020-0592 CVE-2020-0593, CVE-2020-8696, CVE-2020-8698, CVE-2020-8694, CVE-2020-8695, CVE-2020-8753, CVE-2020-8745, CVE-2020-8705, CVE-2020-8757, CVE-2020-8756, CVE-2020-8760, CVE-2020-8751, CVE-2020-8754, CVE-2020-8747, CVE-2020-8746, CVE-2020-8749, CVE-2020-8752, CVE-2020-12303, CVE-2020-12355, CVE-2020-12356   SCIEX Workstation, SCIEX Workstation+ Perform BIOS updated version 2.10.0 The known vulnerabilities and listed as a cumulative collection between BIOS v 2.4.0 and BIOS v 2.10.0
CVE-2020-0587, CVE-2020-0591, CVE-2020-0592 CVE-2020-0593, CVE-2020-8696, CVE-2020-8698, CVE-2020-8694, CVE-2020-8695, CVE-2020-8753, CVE-2020-8745, CVE-2020-8705, CVE-2020-8757, CVE-2020-8756, CVE-2020-8760, CVE-2020-8751, CVE-2020-8754, CVE-2020-8747, CVE-2020-8746, CVE-2020-8749, CVE-2020-8752, CVE-2020-12303, CVE-2020-12355, CVE-2020-12356, CVE-2021-0099, CVE-2021-0103, CVE-2021-0107, CVE-2021-0111, CVE-2021-0114, CVE-2021-0115, CVE-2021-0116, CVE-2021-0117, CVE-2021-0118, CVE-2021-0119, CVE-2021-0124, CVE-2021-0125, CVE-2021-0144, CVE-2021-0156, CVE-2021-0147, CVE-2022-2118, CVE-2022-0004, CVE-2021-21131, CVE-2021-21136, CVE-2022-21166   TripleTOF Acquisition PC - Analyst TF Perform BIOS update version 2.19.1 The known vulnerabilities and listed as a cumulative collection between BIOS v 2.4.0 and BIOS v 2.19.1
CVE-2020-0548 CVE-2020-0549, CVE-2020-0543, CVE-2020-5362, CVE-2020-0531, CVE-2020-0532, CVE-2020-0533, CVE-2020-0535, CVE-2020-0536, CVE-2020-0537, CVE-2020-0538, CVE-2020-0539, CVE-2020-0540, CVE-2020-0545, CVE-2020-0594, CVE-2020-0595, CVE-2020-0596, CVE-2020-8674, CVE-2020-8758   ProteinPilot Processing PC Perform BIOS update version 2.12 The known vulnerabilities and listed as a cumulative collection between BIOS v 2.3.1 and BIOS v 2.12
CVE-2021-44228: Apache Log4j2 arbitrary code execution.

NVD Guidance CVE-2021-44228

  1. StatusScope® 2.2 and below
  2. OneOmics™ 3.2
  1. To address StatusScope issue please:
    • -Apply StatusScope® Remote Monitoring 2.2.1, now available on the SCIEX Software Download page
  2. To address OneOmics issue, a patch has been deployed by SCIEX directly to the cloud. No action for customer.
N/A
Remote Desktop Protocol vulnerability (Bluekeep) Microsoft Customer Guidance Products using Windows 7 OS Install Windows OS updates as recommended by Microsoft N/A