Siemens has reported to ICS-CERT a list of products affected by the Heartbleed OpenSSL vulnerability, and the company has produced an update and a security advisory that mitigates this vulnerability in each of the affected products listed below:
Researcher John Leitch, working with HP’s Zero Day Initiative (ZDI), has identified an SQL injection vulnerability in CSWorks’ CSWorks software framework. CSWorks has produced an updated version that mitigates this vulnerability. This vulnerability could be exploited remotely.
AFFECTED PRODUCTS
The following CSWorks software versions are affected:
CSWorks Version 2.5.5050.0 and prior.
Schneider Electric Wonderware’s Cyber Security Team has identified an OpenSSL Heartbleed vulnerability in the Wonderware Intelligence application, caused by a third-party component. Schneider Electric Wonderware has produced a patch that mitigates this vulnerability. This vulnerability could be exploited remotely. Exploits that target this vulnerability are known to be publicly available.
AFFECTED PRODUCTS
On April 09, 2014, Unified Automation GmbH announced that its OPC UA Software Development Kits (SDKs) for Windows included vulnerable OpenSSL libraries. HTTPS support is disabled by default in Unified Automation SDK products. However if HTTPS is used, Unified Automation recommends replacing the OpenSSL library with a current version (1.01.g or later) to mitigate this vulnerability.
This vulnerability could be exploited remotely. Exploits that target this vulnerability are known to be publicly available.
This update to ICS-ALERT 14-099-01E covers affected products and impacts of the OpenSSL vulnerability and provides background details, a vulnerability characterization. It also provides information on mitigation, OpenSSL scanning in ICS environments, detection signatures and use of specialized search engines.
In July 2012, the EPA released a Cyber Security 101 document for water utilities that provides a quick overview of the key features of any active and effective cyber security program. The document addresses potential types of cyber attacks on water systems, how cyber attacks can affect water systems, and basic recommendations for preventing cyber attacks.
This guide, produced by the Centre for the Protection of National Infrastructure and the U.S. Department of Homeland Security's National Cyber Security Division - Control Systems Security Program, aims to assists asset owners to maximise the return on their investment when commissioning assessments of their industrial control systems (ICS).
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
