Feeds

Schneider Electric asks users to patch Heartbleed again

We'd have gotten away with it if it weren't for those meddling kids and their plug-ins

Top 5 reasons to deploy VMware with Tegile

Industrial controller vendor Schneider Electric has found that while its own kit wasn't affected by the Heartbleed OpenSSL bug, there are some third party components that need work.

In an advisory published here (PDF), the company says a third-party software component, Tableau from Wonderware, could re-introduce a Heartbleed vulnerability into its systems.

It affects “Tableau Server, versions 8.0.6 through 8.0.9 or 8.1.0 through 8.1.5. This software is provided as a component of our Wonderware Intelligence and Avantis.DSS products”, the advisory states. “Any installations that did not apply the available Tableau Server updates from Wonderware Development Network (WDN) would not be impacted by HeartBleed vulnerability”

Tableau is an analytical data visualisation suite. The vulnerable server component has now been upgraded by Tableau Software, but users that applied a recent update from Schneider may have reverted to an older version of the server.

The company continues to review its own products, and says that “no evidence of the vulnerable versions of OpenSSL were identified”.

Schneider's advisory also says the version of McAfee ePO (the policy orchestrator) that ships with its Invensys control systems is vulnerable. McAfee released patches for its vulnerable products in April. ®

Internet Security Threat Report 2014

More from The Register

next story
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Attack reveals 81 percent of Tor users but admins call for calm
Cisco Netflow a handy tool for cheapskate attackers
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
Oi, Europe! Tell US feds to GTFO of our servers, say Microsoft and pals
By writing a really angry letter about how it's harming our cloud business, ta
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Choosing a cloud hosting partner with confidence
Download Choosing a Cloud Hosting Provider with Confidence to learn more about cloud computing - the new opportunities and new security challenges.