Is StruxureWare Data Center Expert (DCE) vulnerable to the crime vulnerability. (CVE-2012-4929)
Crime vulnerability CVE-2012-4929 and StruxureWare Data Center Expert.
StruxureWare Data Center Expert
Any Version 7.x
The "Crime" vulnerability ia a man in the middle attack using SSL. Some versions of openssl are vulnerable.
The version of openssl containing the fix for CVE-2012-4929 was included in StruxureWare DCE 7.2.4. Earlier versions of DCE may be vulnerable. Schneider Electric recommends upgrading to the latest version of DCE.