SAGE RTU'S
  • Home
  • Products
  • Downloads
  • Support
    • Contacts
    • Services
  • Brochures
  • Updates
  • About

Updates and News

Monthly Security Updates, Product News, and more

Firmware Release C3414-500-S02K5_P6

12/1/2021

0 Comments

 
Firmware available for download on downloads tab above.

K5_P6 Update – 5-Nov-2021:
NOTE: For use with “LX-800” CPU (C3414) ONLY. Will not work with 5X86 (C3413) or 486 and disk on chip configuration (C3412).
Operating System
Must update OPERATING SYSTEM to use this update!

NOTE: Due to California 2020 cyber-security regulations, users must immediately change the user access account from the default using the Sage User Manager tool. The user account file named “Schneider_Electric_1_USERS.tar.gz” located in the “FW_Update/Secure/updateGen” directory, only has up/download permission to enforce this policy, is delivered on new RTUs and installed when using the Initial Installer to convert a G3_P6 or earlier revision. The user account file named “Schneider_Electric_2.tar.gz”, located in the same path, has the old default “Admin” credentials. Use this user account file at your own risk.

​Fixes:
 Command Log: Fix issue with large number of old command log files causing CPU performance to degrade on startup as command log filenames get cataloged and listed into download menu. Very disk intensive process caused slowdown in GUI performance and configuration downloads. New limit imposed on number of command log files 744 files - 31 days of command log files created once per hour (24 * 31) - is enforced at startup. NOTE: Download any unsaved Command Log files prior to this update. Automatic enforcement of new limitation on number of files may cause unsaved Command Log files to be deleted at startup.
0 Comments

C3414-500-S02K5_P5 FIRMWARE UPDATE

9/1/2021

0 Comments

 

The latest firmware is available for download on the Downloads tab above.

Fixes:
VxWorks: Vulnerability CVE-2020-28895 malloc/calloc fix. Applied Wind River patch to bring code libraries current to 6.9.4.12 RCPL3 revision. This corrects issues with overflow causing malloc/calloc to return valid pointer when it should return fail indication NULL pointer.

VxWorks: Vulnerabilities CVE-2020-25176, CVE-2020-25182, CVE-2020-25184, CVE-2020-25178, CVE-2020-25180. Provide a way for users to manually disable the comm path the ISaGRAF Workbench uses to communicate with the ISaGRAF Runtime in the RTU when not downloading new ISaGRAF RLL programs or debugging those programs. This prevents unauthorized access using this comm path.

GUI: Configuration – CPU: Additional network service checkbox provided to allow customer to enable the ISaGRAF ETCP task, which will open listening ports to connect with ISaGRAF workbench.

Configuration – CPU: Non-secure networking services Telnet and FTP are disabled by default. Customer must enable them to use them and therefore assumes risk of using them.

Command Log: Fix bug where command log fails to close Syslog socket on RTU side when it detects Syslog server has closed its end. Unclosed sockets could collect eventually to point where it affects system resources, causing RTU reset.

0 Comments

VxWorks Urgent/11 Update

10/3/2019

0 Comments

 
Update:  The SAGE Team is proud to announce the release of our latest firmware release for the SAGE RTU product family.  There are many important security enhancements, including this VxWorks Urgent/11 fix,  and exciting features included in this release.  For more details about the release, see our post here.

Schneider Electric is aware of recently disclosed vulnerabilities in Wind River’s VxWorks TCP/IP Stack. These vulnerabilities have wide-ranging impact across multiple IT and industrial applications. We are working closely with Wind River to understand and assess how these vulnerabilities impact Schneider Electric offers and our customers’ operations.
​
We downloaded Wind River’s patches as soon as they were made available to us, and we have quickly instituted a remediation plan to evolve all current and future products that rely on the Wind River platform to embed these fixes. We will continue to monitor and will respond further if new information becomes available.

In the meantime, customers should immediately make sure they have implemented cybersecurity best practices across their operations to protect themselves from these vulnerabilities. Where appropriate this includes locating your industrial systems and remotely accessible devices behind firewalls; installing physical controls to prevent unauthorized access; and preventing mission-critical systems and devices from being accessed from outside networks.

Please subscribe to the Schneider Electric security notification service to be informed of updates to this disclosure, including details on affected products and remediation plans, as well as other important security notifications:
https://www.schneider-electric.com/en/work/support/cybersecurity/security-notifications.jsp www.schneider-electric.com/en/work/support/cybersecurity/security-notifications.jsp
For additional information and support, please contact your Schneider Electric sales or service representative or Schneider Electric’s Customer Care Center. 


An update for our customers regarding the recently announced Urgent/11 VxWorks vulnerabilities.

We are aware of the vulnerabilities and working to include the patches for these vulnerabilities in our SAGE RTU operating system. We are committed to the security of your equipment and will release a patch as soon as possible. 

​These vulnerabilities are all related to the TCP/IP network stack.  If your RTU is not connected to one of the ethernet ports, which could possibly be accessed from a network, there is no additional risk associated to these devices.  Only network connected devices are affected by these vulnerabilities. Serial connections are not affected.  

These patches will be included in our next firmware release, C3414-500-S02K4, which will include this and other exciting features like RADIUS authentication, and some excellent improvements to our SEL Relay interoperability.  Keep an eye out for the firmware release here.  

​If you have any questions, feel free to contact me.  

See the official announcement for all Schneider Electric products here.
https://www.schneider-electric.com/ww/en/download/document/SESB-2019-214-01
SESB-2019-214-01-Wind_River_VxWorks_Security_Bulletin.pdf
File Size: 259 kb
File Type: pdf
Download File

0 Comments

C3414-500-S02K4 Firmware Release

10/3/2019

0 Comments

 
The SAGE Team is proud to announce the release of our latest firmware release for the SAGE RTU product family.  There are many important security enhancements and exciting features included in this release. See below for more details. 
​The C3414-500-S02K4 firmware can be downloaded from our Downloads -> Firmware Tab or by clicking here.  

Firmware Highlights

  • ​​VxWorks Urgent/11 Ethernet Communications Vulnerability Fix - Click the link for more details.
  • RADIUS Authentication - Security improvement which enables user authentication and authorization via an enterprise system.  This facilitates NERC CIP compliance for those of you with network access to your RTU's. See our Secure Software Users Guide for instructions on configuration and usage.
  • FTP Push Application - This application is designed to automatically push files to one or more servers to facilitate quick analysis of events generated by SEL relays connected to the RTU and from log files created by the RTU.  See our Config@web Applications Manual for more information. 
  • SEL Tunnel Enhancements - Users can now tunnel through the RTU to connected relays via the SEL 5030 Quickset software.  
  • Data Trap Enhancements - The Data Trap application now supports up to 5 simultaneous capture sessions.  These can be launched from the Applications Menu Block now. 
  • Syslog Client Enhancements - Logging of critical RTU information can be sent to an enterprise Syslog Server so the right person can be notified immediately. This includes all of the Command Log, System Log, and User Log entries. 
  • Annunciator Panel Enhancements - Annunciator and Alarming pages can be viewed without logging into the RTU. Now up to 60 (from 30) cells with up to 60 points per cell (from 16) can be configured.  Black background and Alarm Sound can be configured. 
  • DNP Protocol Fixes and enhancements. See Release Notes for details.
  • SEL Protocol Enhancements to improve compatibility with newer relay models. 
If you have any questions or comments, feel free to contact me or anyone on the SAGE team for more info.

C3414_Release_Notes_K4.pdf
File Size: 448 kb
File Type: pdf
Download File

0 Comments

Chinese Suppliers Questions

8/6/2019

0 Comments

 
​On July 16th, 2019 the North American Electric Reliability Corporation (NERC) issued a Recommendation to Industry addressing supply chain concerns regarding certain Chinese suppliers.  Use of products and services from these suppliers represents a tangible risk to the Bulk Electric System.
 
NERC has required many of our customers to respond regarding the status of our activities in relation to NERC's recommendation.  This post serves to provide the status of SAGE RTU's regarding these suppliers.
  • Huawei Technologies Company
  • ZTE Corporation
  • Hytera Communications Corporation
  • Hangzhou Hikvision Digital Technology Company
  • Dahua Technology Company
  • DJI (Da-Jiang Innovations)
  • Zero Tech
  • Yuneec
  • Autel

No components in our SAGE RTU's are sourced from any of the companies in the list above or the attached PDF.  This includes our RTU baseboards, I/O Expansion PCB's, the C3414 CPU, and any PC104 Expansion boards.  
​
Please contact us if you have any follow up questions regarding our products.  
0 Comments

Get SAGE Security Updates & News in your Email

3/4/2019

0 Comments

 

Fast and Easy Steps below.

All of the posts from this page will show up in your Outlook client, including our Monthly Cybersecurity Updates, Product Announcements, and other News.  

1. From your Outlook Inbox, Right Click on RSS Subscriptions -> Add A New RSS Feed.
2. Paste this URL into the box to subscribe to this feed. 
https://www.sage-rtu.com/1/feed
Picture
Picture

3. (Optional) Add the RSS Feed to your Favorites for quick access. 
Picture
0 Comments

New Firmware Release - C3414-500-S02K3

1/28/2019

0 Comments

 

C3414-500-S02K3 Firmware Available for Download

The new firmware can be downloaded on the Downloads section of this website.  
​For use with the red C3414 (LX-800) CPU. Will not work with previous CPU hardware versions.  
Enhancements:
  • FTP Push Application:  New application which allows SEL History, Event, and Sequential Event Recorder reports to be retrieved from SEL relays and pushed to central repositories for quick analysis.
  • Annunciator Panel:  Increased number of points per cell from 16 to 60.  Also increased the number of cells from 30 to 60.
  • Data Trap Application:  Data Trap now supports up to 5 simultaneous protocol capture sessions and launched from the Applications Menu block.  
  • DNPR Protocol:  Now sets local forced flag in health byte (in variations that send flags) when points are forced on the GUI.
Fixes:
  • SEL Protocol: Update to autoconfigure to support new relay models and HIS, EVE, and SER report retrieval.
  • Force Data:  Fix analog calculation bug preventing some analog events from being detected.
C3414_Release_Notes_K3.pdf
File Size: 504 kb
File Type: pdf
Download File

0 Comments

SAGE RTU's Shipping with Secure Firmware

7/12/2018

0 Comments

 

Starting January 2018, the Secure Firmware will ship with every SAGE RTU.

That’s a good thing. The Secure Firmware includes everything from the legacy firmware with lots of improvements.
Download the Secure Firmware Announcement here.

0 Comments

    Categories

    All
    Bulletins
    Security Updates

    Archives

    November 2022
    October 2022
    September 2022
    August 2022
    July 2022
    June 2022
    May 2022
    April 2022
    March 2022
    February 2022
    January 2022
    December 2021
    November 2021
    October 2021
    September 2021
    July 2021
    June 2021
    April 2021
    March 2021
    February 2021
    January 2021
    November 2020
    October 2020
    August 2020
    July 2020
    June 2020
    April 2020
    March 2020
    February 2020
    January 2020
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    August 2018
    July 2018
    June 2018
    May 2018

    RSS Feed

Services

RTU System Consulting
Project Management
Design and Install
NERC/CIP Security Support
Complete RTU SUpport
RIG for ISO

​

Company

About
​
​

Support

Contact
​
© COPYRIGHT 2018. ALL RIGHTS RESERVED.
  • Home
  • Products
  • Downloads
  • Support
    • Contacts
    • Services
  • Brochures
  • Updates
  • About