The dangerous Heartbleed bug hasn't been squashed quite yet. If you aren't familiar with my instructions for protecting your computer against Heartbleed, you can take a look at my overview.
It seems that someone forgot about industrial computing when Heartbleed was initially patched. The Industrial Control Systems Cyber Emergency Response Team warned factories and industrial control system administrators that some systems might be vulnerable to Heartbleed.
The exploit opens these massive systems up for intrusion.
The vulnerabilities identified could impact authenticity, integrity, and availability of affected devices. The man-in-the-middle attack could allow an attacker to hijack a session between an authorized user and the device. The other vulnerabilities reported could impact the availability of the device by causing the web server of the product to crash.
That means it could attack chemical processing plants and water treatment facilities, which would affect you and me daily.
Heartbleed is terrifying enough when it's your files at risk. Imagine having to shut down your business for a day because a hacker infiltrated your control system?
Business owners who use systems like these should be sure to go over the list of vulnerable systems as soon as possible.
- APE versions prior to Version 2.0.2 (only affected if SSL/TLS component or Crossbow is used)
- CP1543-1: all versions
- ROX 1: all versions (only affected if Crossbow is installed)
- ROX 2: all versions (only affected if eLAN or Crossbow is installed)
- S7-1500: all versions
- WinCC OA (PVSS): Version 3.8 – 3.12
Hopefully this is the last we'll hear of the Heartbleed vulnerability. You'll be the first to know if this cyberthreat rears its ugly head again.