Now Meltdown patches are making industrial control systems lurch

Automation and SCADA-flingers admit fix has affected products

By John Leyden


Patches for the Meltdown vulnerability are causing stability issues in industrial control systems.

SCADA vendor Wonderware admitted that Redmond's Meltdown patch made its Historian product wobble. "Microsoft update KB4056896 (or parallel patches for other Operating System) causes instability for Wonderware Historian and the inability to access DA/OI Servers through the SMC," an advisory on Wonderware's support site explains.

Rockwell Automation revealed that the same patch had caused issues with Studio 5000, FactoryTalk View SE, and RSLinx Classic (a widely used product in the manufacturing sector). "In fairness [this] may be RPC [Remote Procedure Call] change related," said cybersecurity vulnerability manager Kevin Beaumont.

El Reg requested clarification from Rockwell but we're yet to hear back from the vendor.

The expected and well-publicised system slowdown issues from Meltdown and Spectre patches (Reg reports here, here and here) have been accompanied by even more irksome stability problems on some systems. Incompatibility with Microsoft fixes released on January 3 freezes some PCs with AMD chips, as previously reported.

An Ubuntu Linux kernel update prompted by Meltdown caused systems to become unbootable. Patching against CVE-2017-5753, CVE-2017-5715 (Spectre) and CVE-2017-5754 (Meltdown) affected both the PulseSecure VPN client and Sandboxie, the sandbox-based isolation program developed by Sophos.

Beaumont is curating a list of issues with Meltdown security patches here.

Moritz Lipp of Graz Technical University, a security researchers credited in the discovery of both Meltdown and Spectre, praised the vendor response during the disclosure period.

"I think the response of the vendors to us was very professional during the responsible-disclosure process," Lipp told El Reg.

"Also the public response of ARM releasing a list of all vulnerable CPUs was very open as well with ideas and approaches on how to fix these issues. Apple also said that all [its] devices ([except] the watch I think) are affected and release updates for [its] devices."

Browser vendors are now implementing countermeasures that should "decrease the possibility to mount Spectre attacks within the browser successfully to zero," Lipp added.

Spectre will be more difficult to resolve than Meltdown but that too is in hand, according to Lipp.

"We will see what microcode updates can actually do to resolve Spectre attacks; the ideas are there and updates are rolled out for various CPUs," he said. "Software is recompiled with tailored compilers and in the end we will see how performance benchmarks will look, but yes, Spectre is much harder to fix than Meltdown.

"In the long run, processor designs will be adjusted to prevent such attacks with a low(er) performance overhead." ®

Sign up to our NewsletterGet IT in your inbox daily


More from The Register

Azure VMs borked following Meltdown patch, er, meltdown

No ETA yet for West Europe machines

Creaking Chromebooks getting Meltdown protection soon

Chrome OS 66 to protect older Intel units, still working on ARM

Another Meltdown, Spectre security scare: Data-leaking holes riddle Intel, AMD, Arm chips

CPU slingers insist existing defenses will stop attacks – but eggheads disagree

Win 7, Server 2008 'Total Meltdown' exploit lands, pops admin shells

Plus: Xen admins – you need to get patching your patches, too

Meltdown-and-Spectre-detector comes to Windows Analytics

After flubbing its early responses, Microsoft's thrown sysadmins a bone

Meltdown/Spectre fixes made AWS CPUs cry, says SolarWinds

CPU utilization up, throughput down, but a second fix may have restored normal service

OpenBSD releases Meltdown patch

And now to see it's an unwelcome imposition or a mere inconvenience

Intel gives Broadwells and Haswells their Meltdown medicine

Chipzilla and Oracle are working their way back through time to deliver fixes

IBM melts down fixing Meltdown as processes and patches stutter

RHEL servers croaking, reporting in Excel, customer docs in signoff limbo

Congrats to Debbie Crosbie: New CEO at IT meltdown bank TSB has unenviable task ahead

I've heard so much about the team, she burbles. Yes, us too