‫ Siemens patches Heartbleed in popular SCADA system

Number:IRCNE2014042179
Date: 2014-04-30

According to “techworld”, Siemens released a security update to address the Heartbleed vulnerability in SIMATIC WinCC Open Architecture, a supervisory control and data acquisition (SCADA) system that's used in a large number of industries to operate processes, machines and production flows.

Heartbleed is a critical security flaw discovered earlier this month in OpenSSL, the most popular implementation of the TLS (Transport Layer Security) and SSL (Secure Sockets Layer) protocols.

The vulnerability can be exploited to extract passwords, encryption keys and other potentially sensitive information from the memory of TLS servers and clients that rely on OpenSSL for encrypted communications.

Siemens updated its Heartbleed security advisory Friday to announce the availability of WinCC OA version 3.12-P006 that fixes the flaw for WinCC OA 3.12, the only affected version of the product according to the company.

However, Heartbleed also affects other Siemens products: eLAN prior to version 8.3.3 when RIP is used, S7-1500 V1.5 when HTTPS is active, CP1543-1 V1.1 when FTPS is active and APE 2.0 when the SSL/TLS component is used in customer implementations.

ELAN customers can solve the security issue by updating to version 8.3.3, but the other affected products are yet to receive patches. In the meantime, Siemens suggests several mitigations in its security advisory that involve disabling or restricting access to the web server in S7-1500 and disabling or restricting access to FTPS in CP1543-1.

APE 2.0 customers can upgrade the OpenSSL installation in the product to version 1.0.1g by following instructions in a separate advisory published on the RuggedCom website.

Related Link:

Oracle identifies products affected by Heartbleed, but work remains on fixes

Heartbleed bug can expose private server encryption keys

BlackBerry to release Heartbleed fixes for BBM Messenger, Secure Work Space

Lagging Android devices vulnerable to Heartbleed

Apple's iOS, OS X don't have Heartbleed bug but BBM for iOS and Android do

Heartbleed flaw affects mobile apps

Cisco, Juniper products affected by Heartbleed

'Heartbleed' bug in OpenSSL puts encrypted communications at risk

 


نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 10 اردیبهشت 1393

دسته‌ها

امتیاز

امتیاز شما
تعداد امتیازها:0