Meltdown and Spectre Vulnerabilities

Latest update from Rockwell Automation as of February 6, 2018.

As of this writing, Rockwell Automation has evaluated many of their product families. Depending on the products’ architectures, effects of the Meltdown and Spectre vulnerabilities may significantly vary.  Below is more information on Rockwell Automation’s evaluation.

Rockwell Automation has concluded that the following Active or Active Mature products contain a microprocessor that is affected by the Meltdown and Spectre vulnerabilities. Please see Knowledgebase Article ID 1071234 for detailed information about which Rockwell Automation-qualified Microsoft patches to apply to your products based on the Windows Operating System in use. As BIOS updates become available, Rockwell Automation will continue to update this advisory. The products are as follows:

 Product Family  Affected Versions  Bul. #
 6181X Hazardous Location Computers  Series H, All Versions  Bul. 6181X
 6181P Integrated Display Computers  Series F, All Versions  Bul. 6181P
 6177R Non-Display Computers  Series C, All Versions  Bul. 6711R
 VersaView® 5400 Industrial Computers  Series A, All Versions  Bul. 6200P
 VersaView® 5200 ThinManager® Thin Clients  Series A, All Versions  Bul. 6200T

In addition, Rockwell Automation has also determined the following discontinued products are similarly affected.

 Product Family  Affected Versions  Bul. #
 6181X Hazardous Location Computers  Series E, F, G, All Versions  Bul. 6181X
 6181P Integrated Display Computers  Series A-E, All Versions  Bul. 6181P
 6177R Non-Display Computers (750R & 1450R)  Series A, B, All Versions  Bul. 6711R
 6155R/F Compact Non-Display Computers (200R)  All Versions  Bul. 6155R & Bul. 6155F
 6180P Integrated Display Computer with Keypad (1200P & 1500P)  All Versions  Bul. 6180P
 6180W VersaView Industrial Workstations (1200W & 1500W)  All Versions  Bul. 6180W
 6181F Integrated Display Computer (NDM, 1200P, 1500P, 1700P)  All Versions  Bul. 6181F
 6181H Integrated Display Computer (1500P)  All Versions  Bul. 6181H
 6183H Hazardous Location Computer (1200P)  All Versions  Bul. 6183H

 

GENERAL SECURITY GUIDELINES

For further information on the Vulnerability Handling Process for Rockwell Automation, please refer to our Product Security Incident Response FAQ document.

Refer to Rockwell Automation’s Industrial Network Architectures Page for comprehensive information about implementing validated architectures designed to complement security solutions.

Refer to the Industrial Security Services website for information on security services from Rockwell Automation to assess, protect, detect, respond and recover from incidents. These services include assessments, designs, implementations, industrial anomaly detection, patch management, and remote infrastructure monitoring and administration.

To stay informed of product security advisories, subscribe to updates on the Security Advisory Index for Rockwell Automation, located at Knowledgebase Article ID 54102 – Industrial Security Advisory Index.

Rockwell Automation has provided an email inbox dedicated to product security related questions: secure@ra.rockwell.com.

ADDITIONAL LINKS

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.