Heartbleed : No Effect on NovaTech Automation Products

PUBLISHED ON Apr 23, 2014

Heartbleed is a security bug in an OpenSSL cryptography library, widely used to implement the Internet’s Transport Layer Security (TLS) protocol. This recent and much publicized vulnerability is due to a missing bounds check in the handling of the Transport Layer Security (TLS) heartbeat extension.

NovaTech Automation OrionLX, OrionLXm, Orion5rL, Distributed Digital and Combination I/O (DDIO and DCIO) have never used a version of OpenSSL that is open to this vulnerability (CVE-2014-0160).  NovaTech Automation Orion5r and Orion5 products are not open to this vulnerability since they do not utilize OpenSSL.

Bitronics Meters and Event Recorders don’t use TLS or SSL protocols so vulnerabilities specific to the OpenSSL implementation don’t apply.

Therefore no action is required regarding NovaTech Automation products; this bulletin is for informational purposes only.