SAGE RTU'S
  • Home
  • Products
  • Downloads
  • Support
    • Contacts
    • Services
  • Brochures
  • Updates
  • About

Updates and News

Monthly Security Updates, Product News, and more

February 2022 security updates

3/1/2022

1 Comment

 
Summary of security related changes for February 2022.

​Vulnerability Update:
No firmware release this month.

Operational Update:
No firmware release this month.
 
Cybersecurity Update:
No firmware release this month.
february_2022_security_update.pdf
File Size: 723 kb
File Type: pdf
Download File

1 Comment

January 2022 SECURITY UPDATES

2/1/2022

2 Comments

 
Summary of security related changes for January 2022.

​Vulnerability Update:
No firmware release this month.

Operational Update:
No firmware release this month.
 
Cybersecurity Update:
No firmware release this month.
january_2022_security_update.pdf
File Size: 720 kb
File Type: pdf
Download File

2 Comments

December 2021 security updates

1/4/2022

0 Comments

 
Post Date: 1/4/2022
Summary of security related changes for December 2021.

​Vulnerability Update:
No firmware release this month.

Operational Update:

No firmware release this month.

Cybersecurity Update:

No firmware release this month.

december_2021_security_update.pdf
File Size: 722 kb
File Type: pdf
Download File

0 Comments

november 2021 security updates

12/1/2021

0 Comments

 
Summary of security related changes for November 2021.

​Security Enhancement Summary:
K5_P6 Update – 5-Nov-2021:
 
NOTE: For use with “LX-800” CPU (C3414) ONLY. Will not work with 5X86 (C3413) or 486 and disk on chip configuration (C3412).
Operating System
Must update OPERATING SYSTEM to use this update!
 
NOTE: Due to California 2020 cyber-security regulations, users must immediately change the user access account from the default using the Sage User Manager tool. The user account file named “Schneider_Electric_1_USERS.tar.gz” located in the “FW_Update/Secure/updateGen” directory, only has up/download permission to enforce this policy, is delivered on new RTUs and installed when using the Initial Installer to convert a G3_P6 or earlier revision. The user account file named “Schneider_Electric_2.tar.gz”, located in the same path, has the old default “Admin” credentials. Use this user account file at your own risk.



Security Fix Summary:
K5_P6 Update – 5-Nov-2021:
 
NOTE: For use with “LX-800” CPU (C3414) ONLY. Will not work with 5X86 (C3413) or 486 and disk on chip configuration (C3412).
Operating System
Must update OPERATING SYSTEM to use this update!
 
Fixes:
þ Command Log: Fix issue with large number of old command log files causing CPU performance to degrade on startup as command log filenames get cataloged and listed into download menu. Very disk intensive process caused slowdown in GUI performance and configuration downloads. New limit imposed on number of command log files 744 files - 31 days of command log files created once per hour (24 * 31) - is enforced at startup. NOTE: Download any unsaved Command Log files prior to this update. Automatic enforcement of new limitation on number of files may cause unsaved Command Log files to be deleted at startup. 
​
november_2021_security_update.pdf
File Size: 1069 kb
File Type: pdf
Download File

0 Comments

Firmware Release C3414-500-S02K5_P6

12/1/2021

0 Comments

 
Firmware available for download on downloads tab above.

K5_P6 Update – 5-Nov-2021:
NOTE: For use with “LX-800” CPU (C3414) ONLY. Will not work with 5X86 (C3413) or 486 and disk on chip configuration (C3412).
Operating System
Must update OPERATING SYSTEM to use this update!

NOTE: Due to California 2020 cyber-security regulations, users must immediately change the user access account from the default using the Sage User Manager tool. The user account file named “Schneider_Electric_1_USERS.tar.gz” located in the “FW_Update/Secure/updateGen” directory, only has up/download permission to enforce this policy, is delivered on new RTUs and installed when using the Initial Installer to convert a G3_P6 or earlier revision. The user account file named “Schneider_Electric_2.tar.gz”, located in the same path, has the old default “Admin” credentials. Use this user account file at your own risk.

​Fixes:
 Command Log: Fix issue with large number of old command log files causing CPU performance to degrade on startup as command log filenames get cataloged and listed into download menu. Very disk intensive process caused slowdown in GUI performance and configuration downloads. New limit imposed on number of command log files 744 files - 31 days of command log files created once per hour (24 * 31) - is enforced at startup. NOTE: Download any unsaved Command Log files prior to this update. Automatic enforcement of new limitation on number of files may cause unsaved Command Log files to be deleted at startup.
0 Comments

October 2021 Security Updates

11/1/2021

0 Comments

 
​Summary of security related changes for October 2021.

​Security Enhancement Summary:
No security enhancements in firmware release(s).

Security Fix Summary:
No security fixes in firmware release(s).
october_2021_security_update.pdf
File Size: 829 kb
File Type: pdf
Download File

0 Comments

September 2021 Security updates

10/1/2021

0 Comments

 
​Summary of security related changes for September 2021.

​Security Enhancement Summary:
No security enhancements in firmware release(s).

Security Fix Summary:
No security fixes in firmware release(s).
september_2021_security_update.pdf
File Size: 830 kb
File Type: pdf
Download File

0 Comments

AUGUST 2021 SECURITY UPDATES

9/1/2021

0 Comments

 
Summary of security related changes for August 2021.

​Security Enhancement Summary:
Firmware C3414-500-S02K5_P5 released with these enhancements:
GUI: Configuration – CPU: Additional network service checkbox provided to allow customer to enable the ISaGRAF ETCP task, which will open listening ports to connect with ISaGRAF workbench.

Configuration – CPU: Non-secure networking services Telnet and FTP are disabled by default. Customer must enable them to use them and therefore assumes risk of using them.

Security Fix Summary:
Firmware C3414-500-S02K5_P5 released to fix:
VxWorks: Vulnerability CVE-2020-28895 malloc/calloc fix. Applied Wind River patch to bring code libraries current to 6.9.4.12 RCPL3 revision. This corrects issues with overflow causing malloc/calloc to return valid pointer when it should return fail indication NULL pointer.

VxWorks: Vulnerabilities CVE-2020-25176, CVE-2020-25182, CVE-2020-25184, CVE-2020-25178, CVE-2020-25180. Provide a way for users to manually disable the comm path the ISaGRAF Workbench uses to communicate with the ISaGRAF Runtime in the RTU when not downloading new ISaGRAF RLL programs or debugging those programs. This prevents unauthorized access using this comm path.

Command Log: Fix bug where command log fails to close Syslog socket on RTU side when it detects Syslog server has closed its end. Unclosed sockets could collect eventually to point where it affects system resources, causing RTU reset.​
august_2021_security_update.pdf
File Size: 849 kb
File Type: pdf
Download File

0 Comments

C3414-500-S02K5_P5 FIRMWARE UPDATE

9/1/2021

0 Comments

 

The latest firmware is available for download on the Downloads tab above.

Fixes:
VxWorks: Vulnerability CVE-2020-28895 malloc/calloc fix. Applied Wind River patch to bring code libraries current to 6.9.4.12 RCPL3 revision. This corrects issues with overflow causing malloc/calloc to return valid pointer when it should return fail indication NULL pointer.

VxWorks: Vulnerabilities CVE-2020-25176, CVE-2020-25182, CVE-2020-25184, CVE-2020-25178, CVE-2020-25180. Provide a way for users to manually disable the comm path the ISaGRAF Workbench uses to communicate with the ISaGRAF Runtime in the RTU when not downloading new ISaGRAF RLL programs or debugging those programs. This prevents unauthorized access using this comm path.

GUI: Configuration – CPU: Additional network service checkbox provided to allow customer to enable the ISaGRAF ETCP task, which will open listening ports to connect with ISaGRAF workbench.

Configuration – CPU: Non-secure networking services Telnet and FTP are disabled by default. Customer must enable them to use them and therefore assumes risk of using them.

Command Log: Fix bug where command log fails to close Syslog socket on RTU side when it detects Syslog server has closed its end. Unclosed sockets could collect eventually to point where it affects system resources, causing RTU reset.

0 Comments

July 2021 Security update

7/30/2021

0 Comments

 

Summary of security related changes for July 2021.
Security Fix Summary:
No security fixes in firmware release(s).
 
Security Enhancement Summary:
No security enhancements in firmware release(s).

july_2021_security_update.pdf
File Size: 620 kb
File Type: pdf
Download File

0 Comments
<<Previous
Forward>>

    Categories

    All
    Bulletins
    Security Updates

    Archives

    November 2022
    October 2022
    September 2022
    August 2022
    July 2022
    June 2022
    May 2022
    April 2022
    March 2022
    February 2022
    January 2022
    December 2021
    November 2021
    October 2021
    September 2021
    July 2021
    June 2021
    April 2021
    March 2021
    February 2021
    January 2021
    November 2020
    October 2020
    August 2020
    July 2020
    June 2020
    April 2020
    March 2020
    February 2020
    January 2020
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    August 2018
    July 2018
    June 2018
    May 2018

    RSS Feed

Services

RTU System Consulting
Project Management
Design and Install
NERC/CIP Security Support
Complete RTU SUpport
RIG for ISO

​

Company

About
​
​

Support

Contact
​
© COPYRIGHT 2018. ALL RIGHTS RESERVED.
  • Home
  • Products
  • Downloads
  • Support
    • Contacts
    • Services
  • Brochures
  • Updates
  • About