Heartbleed : No Effect on NovaTech Automation Products
PUBLISHED ON Apr 23, 2014
Heartbleed is a security bug in an OpenSSL cryptography library, widely used to implement the Internet’s Transport Layer Security (TLS) protocol. This recent and much publicized vulnerability is due to a missing bounds check in the handling of the Transport Layer Security (TLS) heartbeat extension.
NovaTech Automation OrionLX, OrionLXm, Orion5rL, Distributed Digital and Combination I/O (DDIO and DCIO) have never used a version of OpenSSL that is open to this vulnerability (CVE-2014-0160). NovaTech Automation Orion5r and Orion5 products are not open to this vulnerability since they do not utilize OpenSSL.
Bitronics Meters and Event Recorders don’t use TLS or SSL protocols so vulnerabilities specific to the OpenSSL implementation don’t apply.
The D/3 system software (including FlexBatch, Paperless Procedures, and other layered applications) does not use OpenSSL therefore it is not affected by Heartbleed. The only true web component we have in our system is D3Express and it uses Microsoft IIS of which the encryption component (called Secure Channel) is not susceptible to the Heartbleed vulnerability.
Therefore no action is required regarding NovaTech Automation products; this bulletin is for informational purposes only.
Feb 24, 2014
Online Ethernet Configuration
Adding a new 8000 Series I/O drop or adding modules to an existing rack? Want to communicate with a new PLC in the plant or expand the amount of data transferred between the D/3 and a PLC? With changes made in v14.1, it is no longer necessary to...
Feb 19, 2014
NovaTech Automation Process Analytics
Let’s face it, we’d all like to have a better understanding of our enterprise and where we’re losing potential profits. In today’s economic environment, we’re all challenged to produce more with less. Therefore, the ability to measure, analyze,...