Menu
Siemens patches Heartbleed in popular SCADA system

Siemens patches Heartbleed in popular SCADA system

Some of the company's other products are still vulnerable

Siemens released a security update to address the Heartbleed vulnerability in SIMATIC WinCC Open Architecture, a supervisory control and data acquisition (SCADA) system that's used in a large number of industries to operate processes, machines and production flows.

Heartbleed is a critical security flaw discovered earlier this month in OpenSSL, the most popular implementation of the TLS (Transport Layer Security) and SSL (Secure Sockets Layer) protocols.

The vulnerability can be exploited to extract passwords, encryption keys and other potentially sensitive information from the memory of TLS servers and clients that rely on OpenSSL for encrypted communications. While most of the discussion surrounding the vulnerability has focused on how it impacts Web servers, the flaw also affects desktop and mobile applications, embedded systems like routers, hardware appliances and industrial control systems, including those potentially used in critical infrastructure.

Siemens updated its Heartbleed security advisory Friday to announce the availability of WinCC OA version 3.12-P006 that fixes the flaw for WinCC OA 3.12, the only affected version of the product according to the company.

However, Heartbleed also affects other Siemens products: eLAN prior to version 8.3.3 when RIP is used, S7-1500 V1.5 when HTTPS is active, CP1543-1 V1.1 when FTPS is active and APE 2.0 when the SSL/TLS component is used in customer implementations.

ELAN customers can solve the security issue by updating to version 8.3.3, but the other affected products are yet to receive patches. In the meantime, Siemens suggests several mitigations in its security advisory that involve disabling or restricting access to the web server in S7-1500 and disabling or restricting access to FTPS in CP1543-1.

APE 2.0 customers can upgrade the OpenSSL installation in the product to version 1.0.1g by following instructions in a separate advisory published on the RuggedCom website. RuggedCom is a subsidiary of Siemens and the original maker of the product.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags patch managementsiemenspatchesExploits / vulnerabilities

Brand Post

What to expect from your IT Distributor

Whether you’re just starting out or you’ve been around since before the dot com rollercoaster, choosing the right distribution partner can be a pivotal factor in your success. This definitive guide outlines the traits that every IT partner needs to look for in their IT Distributor.

Featured

Slideshows

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

This year’s Reseller News 30 Under 30 Tech Awards were held as an integral part of the first entirely virtual Emerging Leaders​ forum, an annual event dedicated to identifying, educating and showcasing the New Zealand technology market’s rising stars. The 30 Under 30 Tech Awards 2020 recognised the outstanding achievements and business excellence of 30 talented individuals​, across both young leaders and those just starting out. In this slideshow, Reseller News honours this year's winners and captures their thoughts about how their ideas of leadership have changed over time.​

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners
Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

This exclusive Reseller News Exchange event in Auckland explored the challenges facing the partner community on the cloud security frontier, as well as market trends, customer priorities and how the channel can capitalise on the opportunities available. In association with Arrow, Bitdefender, Exclusive Networks, Fortinet and Palo Alto Networks. Photos by Gino Demeer.

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security
Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomed 2019 inductees - Leanne Buer, Ross Jenkins and Terry Dunn - to the fourth running of the Reseller News Hall of Fame lunch, held at the French Cafe in Auckland. The inductees discussed the changing face of the IT channel ecosystem in New Zealand and what it means to be a Reseller News Hall of Fame inductee. Photos by Gino Demeer.

Reseller News welcomes industry figures at 2020 Hall of Fame lunch
Show Comments