Now Meltdown patches are making industrial control systems lurch
Automation and SCADA-flingers admit fix has affected products
Patches for the Meltdown vulnerability are causing stability issues in industrial control systems.
SCADA vendor Wonderware admitted that Redmond's Meltdown patch made its Historian product wobble. "Microsoft update KB4056896 (or parallel patches for other Operating System) causes instability for Wonderware Historian and the inability to access DA/OI Servers through the SMC," an advisory on Wonderware's support site explains.
Rockwell Automation revealed that the same patch had caused issues with Studio 5000, FactoryTalk View SE, and RSLinx Classic (a widely used product in the manufacturing sector). "In fairness [this] may be RPC [Remote Procedure Call] change related," said cybersecurity vulnerability manager Kevin Beaumont.
El Reg requested clarification from Rockwell but we're yet to hear back from the vendor.
The expected and well-publicised system slowdown issues from Meltdown and Spectre patches (Reg reports here, here and here) have been accompanied by even more irksome stability problems on some systems. Incompatibility with Microsoft fixes released on January 3 freezes some PCs with AMD chips, as previously reported.
An Ubuntu Linux kernel update prompted by Meltdown caused systems to become unbootable. Patching against CVE-2017-5753, CVE-2017-5715 (Spectre) and CVE-2017-5754 (Meltdown) affected both the PulseSecure VPN client and Sandboxie, the sandbox-based isolation program developed by Sophos.
Beaumont is curating a list of issues with Meltdown security patches here.
Moritz Lipp of Graz Technical University, a security researchers credited in the discovery of both Meltdown and Spectre, praised the vendor response during the disclosure period.
"I think the response of the vendors to us was very professional during the responsible-disclosure process," Lipp told El Reg.
"Also the public response of ARM releasing a list of all vulnerable CPUs was very open as well with ideas and approaches on how to fix these issues. Apple also said that all [its] devices ([except] the watch I think) are affected and release updates for [its] devices."
Browser vendors are now implementing countermeasures that should "decrease the possibility to mount Spectre attacks within the browser successfully to zero," Lipp added.
Spectre will be more difficult to resolve than Meltdown but that too is in hand, according to Lipp.
"We will see what microcode updates can actually do to resolve Spectre attacks; the ideas are there and updates are rolled out for various CPUs," he said. "Software is recompiled with tailored compilers and in the end we will see how performance benchmarks will look, but yes, Spectre is much harder to fix than Meltdown.
"In the long run, processor designs will be adjusted to prevent such attacks with a low(er) performance overhead." ®