Important Security Notification
Posted: June 11, 2012
Thank you very much for your continuous use of Pro-face products.
As you are aware, cyber security is changing the business climate for control systems. Digital Electronics has become aware of cyber security vulnerabilities in Pro-Server EX and WinGP on PC for HMI GP series. The vulnerabilities can be exposed in the event of a targeted cyber-attack. An attacker would use a masqueraded node that would use a specially crafted packet sent to Pro-Server EX.
We take these issues seriously and have created the following workaround and solution.
Products and Versions Affected
Product model: | EX-SDV-V1*, PFXEXSDVV13 |
---|---|
Applicable version: | Pro-Server EX Ver. 1.00.00 to Ver. 1.30.000 |
How to check the version: | [Help (H)] → [About this program (A)] |
Product model: | EX-WINGP-IPC, EX-WINGP-PCAT |
---|---|
Applicable version: | WinGP Ver. 2.00.000 to Ver. 3.01.100 |
How to check the version: | [Help (H)] → [About this program (A)] |
Workaround and Solution
The following modules are released.
-> GP-Pro EX (Ver. 3.01.102 or later) Update Module
-> Pro-Server EX Ver. 1.30.100 Update Module
-> WinGP Ver. 3.01.102 Installer
* To download the module, free member registration to our Techical Resources website is required. Click here to register.
Mitigation
- Review all network configurations for control system devices.
- Remove unnecessary PC(s) from control system networks
- Remove unnecessary applications from control system networks - Minimize network exposure for all control system devices. Control system devices should not have a direct connection to the Internet
- Locate control system networks and devices behind firewalls. Isolate the control system from the business network.
- When remote access to a control system is required, employ secure methods, such as Virtual Private Networks (VPNs). However, our customers must recognize that a VPN is only as secure as the connected devices.
Inquiry
If you have any inquiries, please contact our sales office in your region.
For contact information, please refer to the "Contact Us" page.