Now Meltdown patches are making industrial control systems lurch

Automation and SCADA-flingers admit fix has affected products

By John Leyden

Posted in Security, 15th January 2018 18:07 GMT

Patches for the Meltdown vulnerability are causing stability issues in industrial control systems.

SCADA vendor Wonderware admitted that Redmond's Meltdown patch made its Historian product wobble. "Microsoft update KB4056896 (or parallel patches for other Operating System) causes instability for Wonderware Historian and the inability to access DA/OI Servers through the SMC," an advisory on Wonderware's support site explains.

Rockwell Automation revealed that the same patch had caused issues with Studio 5000, FactoryTalk View SE, and RSLinx Classic (a widely used product in the manufacturing sector). "In fairness [this] may be RPC [Remote Procedure Call] change related," said cybersecurity vulnerability manager Kevin Beaumont.

El Reg requested clarification from Rockwell but we're yet to hear back from the vendor.

The expected and well-publicised system slowdown issues from Meltdown and Spectre patches (Reg reports here, here and here) have been accompanied by even more irksome stability problems on some systems. Incompatibility with Microsoft fixes released on January 3 freezes some PCs with AMD chips, as previously reported.

An Ubuntu Linux kernel update prompted by Meltdown caused systems to become unbootable. Patching against CVE-2017-5753, CVE-2017-5715 (Spectre) and CVE-2017-5754 (Meltdown) affected both the PulseSecure VPN client and Sandboxie, the sandbox-based isolation program developed by Sophos.

Beaumont is curating a list of issues with Meltdown security patches here.

Moritz Lipp of Graz Technical University, a security researchers credited in the discovery of both Meltdown and Spectre, praised the vendor response during the disclosure period.

"I think the response of the vendors to us was very professional during the responsible-disclosure process," Lipp told El Reg.

"Also the public response of ARM releasing a list of all vulnerable CPUs was very open as well with ideas and approaches on how to fix these issues. Apple also said that all [its] devices ([except] the watch I think) are affected and release updates for [its] devices."

Browser vendors are now implementing countermeasures that should "decrease the possibility to mount Spectre attacks within the browser successfully to zero," Lipp added.

Spectre will be more difficult to resolve than Meltdown but that too is in hand, according to Lipp.

"We will see what microcode updates can actually do to resolve Spectre attacks; the ideas are there and updates are rolled out for various CPUs," he said. "Software is recompiled with tailored compilers and in the end we will see how performance benchmarks will look, but yes, Spectre is much harder to fix than Meltdown.

"In the long run, processor designs will be adjusted to prevent such attacks with a low(er) performance overhead." ®

Sign up to our NewsletterGet IT in your inbox daily

25 Comments

More from The Register

Azure VMs borked following Meltdown patch, er, meltdown

No ETA yet for West Europe machines

Meltdown-and-Spectre-detector comes to Windows Analytics

After flubbing its early responses, Microsoft's thrown sysadmins a bone

Meltdown/Spectre fixes made AWS CPUs cry, says SolarWinds

CPU utilization up, throughput down, but a second fix may have restored normal service

IBM melts down fixing Meltdown as processes and patches stutter

RHEL servers croaking, reporting in Excel, customer docs in signoff limbo

VMware sticks finger in Meltdown/Spectre dike for virtual appliances

Proper patches under way, but for now - to your command lines, vAdmins!

Industrial systems scrambling to catch up with Meltdown, Spectre

Some confessions, but 'watch this space' is the more common reaction - when there is one

Intel adopts Orwellian irony with call for fast Meltdown-Spectre action after slow patch delivery

For now, have some code that won't crash Skylakes and stay close to your Telescreens

More stuff broken amid Microsoft's efforts to fix Meltdown/Spectre vulns

This is going to take a while

Intel’s Meltdown fix freaked out some Broadwells, Haswells

Customers say PCs and servers reboot a lot after fixes. Meanwhile, AMD admits to Spectre problems

Hands up who HASN'T sued Intel over Spectre, Meltdown chip flaws

Chipzilla says class-action lawsuit tally stands at 32