We have released a production OS patch for the vulnerabilities outlined below. Please visit the 

Two vulnerabilities have been found relating to the Diagnostic Web Server (DWS) on the device. These vulnerabilities are catalogued as CVE-2017-17737, -17738, and -17739.

An attacker can construct a malicious link to content on the DWS, which can fool a browser into running arbitrary JavaScript. This may allow an attacker to compromise a BrightSign player; however, they would need to know the IP address of the DWS to construct the link, and they would need to trick someone who knows the DWS login credentials into clicking that link.

A user who already has access to the DWS can, by adding certain characters to the /storage.html URL, view file directories that they should not be able to see. So far, it does not seem possible to view or edit the contents of files in this manner—only the directories are visible.

: We do not recommend using the DWS in security-sensitive production environments under any circumstance. Please see the 

Log4J, Meltdown & Spectre Vulnerabilities

DWS Vulnerability

This is our legacy cloud platform. Our latest cloud platform is BSN.Cloud which consists of the free bsn.Control and the paid bsn.Content tiers. Development of BSN has largely ceased and will eventually be deprecated and replaced with BSN.Cloud.

BrightSign_Network_BSN

BrightSign’s *legacy* app for authoring and managing players. The app's actual name is BrightAuthor but is referred to as BrightAuthor Classic to lessen confusion with BrightAuthor:connected, our latest app.

BrightAuthor_Classic

BrightSign’s latest free, all-in-one app for player setup / management, authoring, and content management.

BrightAuthorconnected

The BSN.Cloud record of a player and its Setup. The Default Setup is assigned to the player unless another Setup has been explicitly set.

Provision_Record

The process where a Setup is delivered and applied to a player by BSN.Cloud.

Provision

A set of files containing player settings (player name, description, time zone, Publishing Mode, network settings, etc.) and an autorun.brs file which instructs the player what to do upon bootup.