Is StruxureWare Data Center Expert (DCE) vulnerable to the crime vulnerability. (CVE-2012-4929)
Issue:
Crime vulnerability CVE-2012-4929 and StruxureWare Data Center Expert.
Product Line:
StruxureWare Data Center Expert
Environment:
Any Version 7.x
Cause:
The "Crime" vulnerability ia a man in the middle attack using SSL. Some versions of openssl are vulnerable.
Resolution:
The version of openssl containing the fix for CVE-2012-4929 was included in StruxureWare DCE 7.2.4. Earlier versions of DCE may be vulnerable. Schneider Electric recommends upgrading to the latest version of DCE.