Heartbleed : No Effect on NovaTech Automation Products
PUBLISHED ON Apr 23, 2014
Heartbleed is a security bug in an OpenSSL cryptography library, widely used to implement the Internet’s Transport Layer Security (TLS) protocol. This recent and much publicized vulnerability is due to a missing bounds check in the handling of the Transport Layer Security (TLS) heartbeat extension.
NovaTech Automation OrionLX, OrionLXm, Orion5rL, Distributed Digital and Combination I/O (DDIO and DCIO) have never used a version of OpenSSL that is open to this vulnerability (CVE-2014-0160). NovaTech Automation Orion5r and Orion5 products are not open to this vulnerability since they do not utilize OpenSSL.
Bitronics Meters and Event Recorders don’t use TLS or SSL protocols so vulnerabilities specific to the OpenSSL implementation don’t apply.
The D/3 system software (including FlexBatch, Paperless Procedures, and other layered applications) does not use OpenSSL therefore it is not affected by Heartbleed. The only true web component we have in our system is D3Express and it uses Microsoft IIS of which the encryption component (called Secure Channel) is not susceptible to the Heartbleed vulnerability.
Therefore no action is required regarding NovaTech Automation products; this bulletin is for informational purposes only.
Feb 24, 2014
Online Ethernet Configuration
Adding a new 8000 Series I/O drop or adding modules to an existing rack? Want to communicate with a new PLC in the plant or expand the amount of data transferred between the D/3 and a PLC? With changes made in v14.1, it is no longer necessary to...
Feb 24, 2014
D/3 Version 14.1 Software Update
The upcoming D/3® Maintenance Release, V14.1-2, incorporates all known patches to the system software from our last release and adds the following functionality: P1, P2, and P3 alarm integration into ProcessVision™ D/3 Keyboard horn and contacts...