|
Summary of security related changes for November 2021. Security Enhancement Summary: K5_P6 Update – 5-Nov-2021: NOTE: For use with “LX-800” CPU (C3414) ONLY. Will not work with 5X86 (C3413) or 486 and disk on chip configuration (C3412). Operating System Must update OPERATING SYSTEM to use this update! NOTE: Due to California 2020 cyber-security regulations, users must immediately change the user access account from the default using the Sage User Manager tool. The user account file named “Schneider_Electric_1_USERS.tar.gz” located in the “FW_Update/Secure/updateGen” directory, only has up/download permission to enforce this policy, is delivered on new RTUs and installed when using the Initial Installer to convert a G3_P6 or earlier revision. The user account file named “Schneider_Electric_2.tar.gz”, located in the same path, has the old default “Admin” credentials. Use this user account file at your own risk. Security Fix Summary: K5_P6 Update – 5-Nov-2021: NOTE: For use with “LX-800” CPU (C3414) ONLY. Will not work with 5X86 (C3413) or 486 and disk on chip configuration (C3412). Operating System Must update OPERATING SYSTEM to use this update! Fixes: þ Command Log: Fix issue with large number of old command log files causing CPU performance to degrade on startup as command log filenames get cataloged and listed into download menu. Very disk intensive process caused slowdown in GUI performance and configuration downloads. New limit imposed on number of command log files 744 files - 31 days of command log files created once per hour (24 * 31) - is enforced at startup. NOTE: Download any unsaved Command Log files prior to this update. Automatic enforcement of new limitation on number of files may cause unsaved Command Log files to be deleted at startup. 
0 Comments
Firmware available for download on downloads tab above.
K5_P6 Update – 5-Nov-2021: NOTE: For use with “LX-800” CPU (C3414) ONLY. Will not work with 5X86 (C3413) or 486 and disk on chip configuration (C3412). Operating System Must update OPERATING SYSTEM to use this update! NOTE: Due to California 2020 cyber-security regulations, users must immediately change the user access account from the default using the Sage User Manager tool. The user account file named “Schneider_Electric_1_USERS.tar.gz” located in the “FW_Update/Secure/updateGen” directory, only has up/download permission to enforce this policy, is delivered on new RTUs and installed when using the Initial Installer to convert a G3_P6 or earlier revision. The user account file named “Schneider_Electric_2.tar.gz”, located in the same path, has the old default “Admin” credentials. Use this user account file at your own risk. Fixes: Command Log: Fix issue with large number of old command log files causing CPU performance to degrade on startup as command log filenames get cataloged and listed into download menu. Very disk intensive process caused slowdown in GUI performance and configuration downloads. New limit imposed on number of command log files 744 files - 31 days of command log files created once per hour (24 * 31) - is enforced at startup. NOTE: Download any unsaved Command Log files prior to this update. Automatic enforcement of new limitation on number of files may cause unsaved Command Log files to be deleted at startup. Summary of security related changes for October 2021. Security Enhancement Summary: No security enhancements in firmware release(s). Security Fix Summary: No security fixes in firmware release(s).
Summary of security related changes for September 2021. Security Enhancement Summary: No security enhancements in firmware release(s). Security Fix Summary: No security fixes in firmware release(s).
Summary of security related changes for August 2021. Security Enhancement Summary: Firmware C3414-500-S02K5_P5 released with these enhancements: GUI: Configuration – CPU: Additional network service checkbox provided to allow customer to enable the ISaGRAF ETCP task, which will open listening ports to connect with ISaGRAF workbench. Configuration – CPU: Non-secure networking services Telnet and FTP are disabled by default. Customer must enable them to use them and therefore assumes risk of using them. Security Fix Summary: Firmware C3414-500-S02K5_P5 released to fix: VxWorks: Vulnerability CVE-2020-28895 malloc/calloc fix. Applied Wind River patch to bring code libraries current to 6.9.4.12 RCPL3 revision. This corrects issues with overflow causing malloc/calloc to return valid pointer when it should return fail indication NULL pointer. VxWorks: Vulnerabilities CVE-2020-25176, CVE-2020-25182, CVE-2020-25184, CVE-2020-25178, CVE-2020-25180. Provide a way for users to manually disable the comm path the ISaGRAF Workbench uses to communicate with the ISaGRAF Runtime in the RTU when not downloading new ISaGRAF RLL programs or debugging those programs. This prevents unauthorized access using this comm path. Command Log: Fix bug where command log fails to close Syslog socket on RTU side when it detects Syslog server has closed its end. Unclosed sockets could collect eventually to point where it affects system resources, causing RTU reset.
The latest firmware is available for download on the Downloads tab above.
Summary of security related changes for July 2021. |
|||||||||||||||||
| july_2021_security_update.pdf |
Summary of security related changes for June 2021.
Security Enhancement Summary:
No security enhancements in firmware release(s).
Security Fix Summary:
Vulnerability found if using ISaGRAF functionality. Fix to resolve vulnerability currently scheduled to release by August 2021. Mitigation instructions are as follows, note that if you are not using ISaGRAF functionality the default is to have all ports disabled and there is no vulnerability.
If you are using ISaGRAF RLL programs in the SAGE RTU, the ports will be open, and the firewall will be needed to block access to those ports. If the Firewall rules are employed, you can verify they are working by trying to connect to the RTU with the ISaGRAF development system. If the Firewall is implemented and working correctly, the ISaGRAF development system will fail to connect.
Firewall rules used to block access to TCP ports 1113 and 1131:
Security Enhancement Summary:
No security enhancements in firmware release(s).
Security Fix Summary:
Vulnerability found if using ISaGRAF functionality. Fix to resolve vulnerability currently scheduled to release by August 2021. Mitigation instructions are as follows, note that if you are not using ISaGRAF functionality the default is to have all ports disabled and there is no vulnerability.
If you are using ISaGRAF RLL programs in the SAGE RTU, the ports will be open, and the firewall will be needed to block access to those ports. If the Firewall rules are employed, you can verify they are working by trying to connect to the RTU with the ISaGRAF development system. If the Firewall is implemented and working correctly, the ISaGRAF development system will fail to connect.
Firewall rules used to block access to TCP ports 1113 and 1131:
| june_2021_security_update.pdf |
Summary of security related changes for May 2021.
Security Fix Summary:
No security fixes in firmware release(s).
Security Enhancement Summary:
No security enhancements in firmware release(s).
Security Fix Summary:
No security fixes in firmware release(s).
Security Enhancement Summary:
No security enhancements in firmware release(s).
| may_2021_security_update.pdf |
Summary of security related changes for April 2021.
Security Fix Summary:
No security fixes in firmware release(s).
Security Enhancement Summary:
No security enhancements in firmware release(s).
Security Fix Summary:
No security fixes in firmware release(s).
Security Enhancement Summary:
No security enhancements in firmware release(s).
| april_2021_security_update.pdf |
Categories
All
Bulletins
Security Updates
Archives
November 2021
October 2021
September 2021
July 2021
June 2021
April 2021
March 2021
February 2021
January 2021
November 2020
October 2020
August 2020
July 2020
June 2020
April 2020
March 2020
February 2020
January 2020
November 2019
October 2019
September 2019
August 2019
July 2019
June 2019
April 2019
March 2019
February 2019
January 2019
December 2018
November 2018
October 2018
August 2018
July 2018
June 2018
May 2018
RSS Feed