SAE IT-systems
Im Gewerbegebiet Pesch 14 50767 Köln, Deutschland
0221 598080 0221 5980860 DE812996839 Dipl.-Ing Joachim Schuster

Safety notifications

Heartbleed bug in OpenSSL

Our systems are NOT affected!

Diverse media report a serious leak in the software OpenSSL; the leak is known as "heartbleed" .
OpenSSL is a popular software for encryption of data and communication.

We as well use OpenSSL as serices in https, FTPs and IPsec for VPN tunneling.
The embedded release in our systems is NOT affected.

The encryption with OpenSSL is offered starting with release setIT V4.008.001 to comply with the need of secured IT according to BDEW whitepaper e.g..  The services may be activated to secure the communication and data links inbetween RTU and central control stations or diagnostics with a web-server. Plants using elder releases do not use OpenSSL and therefore are not affected.

Anyway, installations may be vulnerable, if external components such as router and GPRS-modems are installed, using OpenSSL release 1.0.1 to 1.0.1f. We currently collect the information and promise to inform you spontaneously, if any vulnerability may be detected.

Dr. Neuhaus reports, the models TAINY-EMOD and TAINY-HMOD series are NOT affected.

The newest information from Lucom: Modems of type ER75i are not affected.

LANCOM Router as well are NOT affected LANCOM announces:
LCOS uses the encryption algorithm of OpenSSL library but does not carry the Heartbleed-bug since the the functionality of TLS-stacks is done by an own development of LANCOM Systems.

Astaro/sophos Router of the new releases may be affected, if release UTM 9.1 or 9.2 is installed.
At our point of view, none of the installed routers in our projects carries this releases.

A brandnew post announces an update by sophos:
UTM Version 9.111-17 available now, Fix: OpenSSL vulnerability: TLS heartbeat read overrun (CVE-2014-0160)

 

The leak is officially known as "CVE-2014-0160". More information my be found in :

heartbleed.com

http://www.heise.de/newsticker/meldung/Der-GAU-fuer-Verschluesselung-im-Web-Horror-Bug-in-OpenSSL-2165517.html

https://www.openssl.org/news/secadv_20140407.txt

http://nakedsecurity.sophos.com/2014/04/08/anatomy-of-a-data-leak-bug-openssl-heartbleed/

Picture credits:© heartbleed.com© Jürgen Fälchle - fotolia.com

Images

Kontakt

SAE IT-systems GmbH & Co. KG
Im Gewerbegebiet Pesch 14
50767 Cologne, Germany

Phone: +49 221 / 59 808-0
Fax: +49 221 / 59 808-60
E-Mail: info( at )sae-it.de

Hotline
Do you have technical problems?
Don't hesitate to contact us!

Phone: +49 221 / 59 808-55
E-Mail: service( at )sae-it.de

Contact Form

May we help you?
Do you have a question, like to get further information or just speak your mind?
*=mandatory

Repair application
If you want to report a faulty or damaged component, please use our repair application.

If you have questions, please contact our Repair and Service department: +49 221/59808-55

Top