Security

Fresh Meltdown-Spectre warning as factory systems hit by post-patch glitches

Errors have been reported in industrial systems produced by major manufacturers, including ABB, Siemens and Rockwell, after installing Meltdown and Spectre updates.

Firms that run industrial equipment have been warned that installing patches for the Meltdown and Spectre CPU flaws may make systems unstable.

Spectre and Meltdown are design flaws in modern processors that could allow hackers to bypass system protections on a wide range of devices, allowing attackers to read sensitive information, such as passwords, from memory.

Errors have been reported in industrial systems produced by major manufacturers, including ABB, Siemens and Rockwell, after installing Meltdown and Spectre updates.

Rockwell Automation identified a dozen errors that occured in its FactoryTalk-based products after Microsoft's patches for the flaws were applied.

Among the reported errors were difficulties logging on to Rockwell's security server and issues with the FactoryTalk admin console.

SEE: Incident response policy (Tech Pro Research)

"Rockwell Automation is aware of anomalies in FactoryTalk-based software products that were introduced by the application of some of these updates. Some of the affected products include Studio 5000, FactoryTalk View SE, and RSLinx Classic," said Rockwell.

"Rockwell Automation is currently working with Microsoft to resolve these anomalies, and more information will be posted here when available."

Rockwell E1000, E2000 and E3000 Industrial Data Center are vulnerable to the attacks exploiting the Spectre and Meltdown flaws.

Microsoft's patches have also caused stability issues with some Siemens systems.

"Siemens is aware that some updates can result in compatibility, performance or stability issues on certain products and operating systems. Operating system vendors, such as Microsoft, are still working to address these compatibility issues with their updates. Siemens will therefore continue to evaluate the applicability of those updates," the firm said.

Other post-patch problems were reported by SCADA/ICS software vendor Wonderware, part of Schneider Electric, whose UK subsidiary warned customers running its Historian software not to install Microsoft's patch.

"Microsoft update KB4056896 (or parallel patches for other Operating System) causes instability for Wonderware Historian and the inability to access DA/OI Servers through the SMC," Wonderware said.

"Customers running the Wonderware Historian software SHOULD NOT apply the Microsoft patch. Issues have been found with the Historian System Driver. See tech Alert 287 (attached) or here: https://softwaresupportsp.schneider-electric.com/Pages/OKMArticleResult.aspx?docId=TA287 (customer account required) for more information."

While tech firms have been preparing updates to mitigate the Spectre and Meltdown flaws for months, details of the vulnerabilities leaked out early.

In the rush to issue patches there have been various instances of Spectre and Meltdown updates causing problems of their own.

Microsoft recently said that Windows PCs won't receive any further security updates until third-party AV software is verified as compatible with Windows patches for Spectre and Meltdown.

Last week Intel admitted that PCs and servers with older, Broadwell and Haswell era, processors were experiencing unexpected reboots after applying firmware updates designed to address Meltdown and Spectre. And chipmaker AMD has been working with Microsoft to resolve problems after patches caused PCs running on some older AMD Opteron, Athlon and AMD Turion X2 Ultra processors to refuse to boot.

meltdown-spectre-header.png

Also see

About Nick Heath

Nick Heath is chief reporter for TechRepublic. He writes about the technology that IT decision makers need to know about, and the latest happenings in the European tech scene.

Editor's Picks

Free Newsletters, In your Inbox