Is StruxureWare Data Center Expert (DCE) vulnerable to the crime vulnerability. (CVE-2012-4929)

Issue:

Crime vulnerability CVE-2012-4929 and StruxureWare Data Center Expert.

Product Line:

StruxureWare Data Center Expert

Environment:

Any Version 7.x

Cause:

The "Crime" vulnerability ia a man in the middle attack using SSL. Some versions of openssl are vulnerable.

Resolution:

The version of openssl containing the fix for CVE-2012-4929 was included in StruxureWare DCE 7.2.4. Earlier versions of DCE may be vulnerable. Schneider Electric recommends upgrading to the latest version of DCE.