Technical FAQs

Ask a Question

Is StruxureWare Data Center Expert (DCE) vulnerable to the crime vulnerability. (CVE-2012-4929)

Issue:

Crime vulnerability CVE-2012-4929 and StruxureWare Data Center Expert.

Product Line:

StruxureWare Data Center Expert

Environment:

Any Version 7.x

Cause:

The "Crime" vulnerability ia a man in the middle attack using SSL. Some versions of openssl are vulnerable.

Resolution:

The version of openssl containing the fix for CVE-2012-4929 was included in StruxureWare DCE 7.2.4. Earlier versions of DCE may be vulnerable. Schneider Electric recommends upgrading to the latest version of DCE.
 
Was this helpful?
What can we do to improve the information ?