"Meltdown&Spectre" Security Vulnerabilities

Meltdown Spectre en

15.01.2018 - Informationen to "Meltdown/Spectre" Vulnerabilities

You may have heard recently from relevant media about the publicized security vulnerabilities (CVE-2017-5715, CVE-2017-5753 and CVE-2017-5754) which are caused by speculative out-of-order program executions of modern processors of various manufacturers.

These vulnerabilities can only be exploited if malicious software is executed locally on the affected PC. External attacks are not directly possible through these vulnerabilities. In any case, only unauthorized read access to RAM memory is possible, no write access is realizable.
As an action against these problems Microsoft has provided security updates and also the manufacturers of web browsers have published appropriate updates.

Based on the information available, our software was tested and no negative impact was found in atvise® scada.

In detail, this means:
• The execution of foreign code in the scripting engine of atvise® scada is not possible and therefore unwanted data can’t be read by third parties.
• The Microsoft security update does not have any negative impact on stability and performance.
• The tests found that some manufacturers of OPC COM servers have problems with the updates provided. These problems are not due to atvise® scada and we recommend to contact the manufacturer of the corresponding server before an update.

Certec will continue to monitor these issues and recommends that its customers take the necessary measures suggested by the vendors of browsers and operating systems on their systems.