Schneider Electric is committed to ensuring that our customers and employees are kept current on issues that might affect or improve product, system or process operation. We are dedicated to providing product and application reliability, and exceptional client service.
Customer Advisories are intended to inform you of the possibility of a situation occurring at system installations, and the identified resolution. Schneider Electric recommends that our customers consider taking action to help prevent occurrence of the identified situation during your production process.
Potential Security Vulnerability:
It is recognized that the global threat environment is constantly changing and we are committed to helping our customers protect the security of their installations. We have reviewed the issue described in this Customer Advisory and determined that, if no action is taken, there is potential security vulnerability that could allow an attacker to compromise the integrity, availability, or confidentiality of a product. We strongly advise customers to take note of the actions recommended, to test such actions or patches on non-production systems as able, prior to deployment into production environments. This approach is recommended in order to minimize risk and exposure to announced vulnerabilities.
This advisory applies to all Foxboro Evo™ Process Automation System and I/A Series® MESH Control Network users.
On June 2, 2016 , Homeland Security releasedVulnerability Note VU#321640"NTP.org ntpd is vulnerable to denial of service and other vulnerabilities" Further details can be found within the vulnerability note. The base CVSSvalue assigned to this vulnerability is 7.8.
This NTP software is used in Schneider Electric Foxboro Evo control networks. There are no known exploits of this vulnerability on Foxboro Evo systems at this time.
Schneider Electric has issued a Quick Fix (QF1311987) to incorporate the latest version of ntpd 4.2.8p8 for the following platforms:
For customers using older versions of I/A Series System software, we recommend updating your system to one of the versions listed above and applying the QF at your earliest convenience. In the interim, to mitigate this NTP vulnerability:
|GCS Center||America's GCS||Asia Pacific GCS||EMEA GCS|
|Location||Foxboro MA USA||Shanghai||Baarn NL|
|Phone||+1-866-746-6477||+86 21 37180086||+31-3554-84125|
|Fax||+1-508-549-4999||+86 21 37180196||+31-3554-84230|
|America's GCS||Asia Pacific GCS||EMEA GCS|
Global Customer Support
Distribution to Schneider Electric Customers and Internal Personnel Only
DO NOT REPRODUCE.
All trademarks are registered to their respective owners.
All brand names are property of their respective owners.
Advisory #: 2016036BI
©Schneider Electric. All rights reserved