http://www.nextgov.com/cybersecurity/2014/05/heartbleed-superbug-found-utility-monitoring-systems/84637/
By Aliya Sternstein
NextGov.com
May 16, 2014
Software that monitors utility plants and other operations at several
military installations has been found to be affected by the recently
discovered superbug Heartbleed, when configured a certain way, according
to the Homeland Security Department and the software’s manufacturer.
"The latest release of Schneider Electric Wonderware Intelligence Version
1.5 SP1 is not susceptible to the OpenSSL vulnerability. However, users
have been known to reinstall Tableau Server, the vulnerable third-party
component that is affected. Therefore, Schneider Electric Wonderware has
issued a patch and a security bulletin addressing this vulnerability in
all versions," states a bulletin from the DHS Cyber Emergency Response
Team.
Exploits made by hackers "that target this vulnerability are known to be
publicly available" on the Web, DHS said. Heartbleed is a defect in common
Web encryption software that researchers discovered in early April.
Wonderware servers, made by Schneider Electric, collect and analyze plant
performance data through the Web. The company’s cyber team identified the
bug in the third-party component.
[...]
--
Subscribe to InfoSec News
http://www.infosecnews.org/subscribe-to-infosec-news/
