Introduction
Description
Version 1.8 - October 1, 2018
Version 1.7 - February 14, 2018
Version 1.6 - February 6, 2018
Version 1.5 - February 2, 2018
Version 1.4 - January 26, 2018
Version 1.3 - January 23, 2018
Version 1.2 - January 18, 2018
Version 1.1 - January 10, 2018
Version 1.0 - January 8, 2018
On January 3, 2018, a set of new hardware kernel level vulnerabilities, named "Meltdown" and "Spectre", were announced by researchers. Both Spectre and Meltdown are vulnerabilities that affect modern microprocessors allowing malicious processes to access the contents of restricted memory and therefore affect multiple generations of Central Processing Units (CPUs).
Rockwell Automation is aware of these vulnerabilities and of how they could, if exploited, potentially impact our customers’ environments. Rockwell Automation is diligently working through the process of evaluating how the mitigation techniques will impact the functionality and performance of the Rockwell Automation hardware, software, and pre-engineered products and solutions that incorporate third party microprocessors. Rockwell Automation will continue to provide updated information as soon as reliable performance tests are completed.
AFFECTED PRODUCTS
Rockwell Automation Products
Rockwell Automation is currently investigating its product portfolio in order to identify which of its products may be directly affected by the "Meltdown" and "Spectre" vulnerabilities. Rockwell Automation will continue to monitor this situation, and will update this advisory if necessary.
UPDATE: Oct 01, 2018
Rockwell Automation has released new BIOS for certain Industrial Environment Computers that address the Meltdown and Spectre vulnerabilities. See below for details.
UPDATE: Feb 06, 2018
As of this writing, Rockwell Automation has evaluated many of our product families. Depending on the products’ architectures, effects of the Meltdown and Spectre vulnerabilities may significantly vary. Below is more information on Rockwell Automation’s evaluation.
NOTE: Rockwell Automation may continue to evaluate additional products that we suspect to be affected and will update this advisory accordingly.
I. Rockwell Automation has concluded that the following Active or Active Mature products contain a microprocessor that is affected by the Meltdown and Spectre vulnerabilities. Please see Knowledgebase Article ID 1071234 for detailed information about which Rockwell Automation-qualified Microsoft patches to apply to your products based on the Windows Operating System in use. As BIOS updates become available, Rockwell Automation will continue to update this advisory. The products are as follows:
| Product Family | Affected Versions | Bul. # |
| 6181X Hazardous Location Computers | Series H, All Versions | Bul. 6181X |
| 6181P Integrated Display Computers | Series F, All Versions | Bul. 6181P |
| 6177R Non-Display Computers | Series C, All Versions | Bul. 6177R |
| VersaView® 5400 Industrial Computers | Series A, All Versions | Bul. 6200P |
| VersaView® 5200 ThinManager® Thin Clients | Series A, All Versions | Bul. 6200T |
In addition, Rockwell Automation has also determined the following discontinued products are similarly affected. Customers with discontinued products are encouraged to contact their local distributor or Sales Office to discuss a migration path to Active product lines.
| Product Family | Affected Versions | Bul. # |
| 6181X Hazardous Location Computers | Series E, F, G, All Versions | Bul. 6181X |
| 6181P Integrated Display Computers | Series A-E, All Versions | Bul. 6181P |
| 6177R Non-Display Computers (750R & 1450R) | Series A, B, All Versions | Bul. 6177R |
| 6155R/F Compact Non-Display Computers (200R) | All Versions | Bul. 6155R & Bul. 6155F |
| 6180P Integrated Display Computer with Keypad (1200P & 1500P) | All Versions | Bul. 6180P |
| 6180W VersaView Industrial Workstations (1200W & 1500W) | All Versions | Bul. 6180W |
| 6181F Integrated Display Computer (NDM, 1200P, 1500P, 1700P) | All Versions | Bul. 6181F |
| 6181H Integrated Display Computer (1500P) | All Versions | Bul. 6181H |
| 6183H Hazardous Location Computer (1200P) | All Versions | Bul. 6183H |
Please see the Microsoft Patch Qualification section below for additional mitigation strategies.
II. The following products are Active or Active Mature and contain a microprocessor that is affected by the Meltdown and Spectre vulnerabilities. However, as a result of the product architecture, Rockwell Automation has concluded that the Meltdown and Spectre vulnerabilities do not pose a significant risk to these products:
| Product Family | Affected Versions | Bul. # |
| ControlLogix® 5580 Controllers | All Versions | • 1756-L8 |
| 5069 CompactLogix™ 5380 Controllers | All Versions | • 5069-L3 |
| 5069 Compact I/O™ EtherNet/IP Adapters | All Versions | • 5069-AENTR • 5069-AEN2TR |
| 5069 Compact I/O™ Modules | All Versions | • 5069-Ix • 5069-Ox |
| ControlLogix® EtherNet/IP Modules | All Versions | • 1756-EN2F, Series C • 1756-EN2T, Series D • 1756-EN2TP, Series A • 1756-EN2TR, Series C • 1756-EN2TRXT, Series C • 1756-EN2TSC, Series B • 1756-EN2TXT, Series D • 1756-EN2TK, Series D • 1756-EN2TRK, Series C |
| FactoryTalk® Analytics for Devices | All Versions | • 6200P-NS3C6 |
| FactoryTalk® Historian Machine Edition (ME) Module | All Versions | • 1756-HIST |
| PowerFlex® 755T Drive Solutions | All Versions | • Bul. 20G |
| Kinetix® 5700 Modules (Single Axis, Double Axis) | All Versions | • 2198-Sxxx • 2198-Dxxx |
| PowerFlex® 750 Series EtherNet/IP Option Module - Dual Port | All Versions | • 20-750-ENETR |
| PowerFlex® 750 Series Safe Speed Monitor Option Module | All Versions | • 20-750-S1 |
| PowerFlex® 527 Compact-Class AC Drives | All Versions | • Bul. 25C |
| PowerFlex® 753 Architecture-Class AC Drives | All Versions | • Bul. 20F |
| PowerFlex® 7000 Medium Voltage AC Drives | All Versions | • Catalogs 7000, 7000A, 7000L |
| PowerFlex® 6000 Medium Voltage AC Drives | All Versions | • Catalogs 6000, 6000U |
| PanelView™ 5310 Operator Interface Terminal | All Versions | • 2713P-xx |
| PanelView™ Plus 7 Standard | All Versions | • 2711P-XXXXXXXX8S |
| PanelView™ 5500 | All Versions | • 2715-xx |
| PanelView™ Plus 7 Performance | All Versions | • 2711P-XXXXXXXX9P |
| PanelView™ Plus 6 400-600 | All Versions | • 2711P-X*XXX8 and 2711P-X*XXX9 |
| PanelView™ Plus 6 Compact 400 and 600 | All Versions | • 2711PC-X4XXXD8 • 2711PC-X6XXXD8 |
| MobileView™ | All Versions | • 2711T-B10I1N1 • 2711T-B10R1K1 • 2711T-B10R1M1 • 2711T-F10G1N1 • 2711T-T10G1N1 • 2711T-T10R1N1 |
III. Lastly, Rockwell Automation has concluded that the following products do not to contain a microprocessor that is affected by the Meltdown and Spectre vulnerabilities. Therefore these products are not affected by the reported vulnerabilities.
| Product Family | Bul. # |
| ControlLogix® 5570 Controllers | • 1756-L7 |
| GuardLogix® 5570 Controllers | • 1756-L7S |
| ControlLogix® 5560 Controllers | • 1756-L6 |
| GuardLogix® 5560 Controllers | • 1756-L6S |
| ControlLogix® L55 Controllers | • 1756-L55x |
| CompactLogix™ 5370 L1, L2, L3 | • 1769-L1 • 1769-L2 • 1769-L3 |
| ControlLogix® EtherNet/IP Modules | • 1756-ENBT |
| ControlLogix® Web Server Modules | • 1756-EWEB |
| 1769 CompactLogix™ L23x Controllers | • 1769-L23 |
| 1769 CompactLogix™ L3x Controllers | • 1769-L31 • 1769-L32 • 1769-L35 |
| 1768 CompactLogix™ L4x Controllers | • 1768-L4x |
| PanelView™ Plus 6 700-1500 | • 2711P-X*XXX8 and 2711P-X*XXX9 (where * is either 7, 10, 12, or 15) |
| PanelView™ Plus 6 Compact 1000 | • 2711PC-T10C4D8 |
| Kinetix 5500 Servo Drives | • 2198-Hxxx |
| Stratix® 8000 Modular Managed Switches | • 1783-MS |
| Stratix® 8300 Modular Managed Switches | • 1783-RMS |
| Stratix® 5400 Industrial Ethernet Switches | • 1783-HMS |
| Stratix® 5410 Industrial Distribution Switches | • 1783-IMS |
| Stratix® 5700 Industrial Managed Ethernet Switches | • 1783-BMS |
| ArmorStratix™ 5700 Industrial Managed Ethernet Switches for extreme environments | • 1783-ZMS |
| Stratix® 2500 Lightly Managed Switches | • 1783-LMS |
| Stratix® 5900 Services Router | • 1783-SRKIT |
| Stratix® 5950 Security Appliance | • 1783-SAD |
| Stratix® 5100 Wireless Access Point/Workgroup Bridge | • 1783-WAP |
| PowerFlex® 523 Compact-Class AC Drives | • Bul. 25A |
| PowerFlex® 525 Compact-Class AC Drives | • Bul. 25B |
| PowerFlex® 4M Compact-Class AC Drives | • Bul. 22F |
| PowerFlex® 40 Compact-Class AC Drives | • Bul. 22B |
| PowerFlex® 40P Compact-Class AC Drives | • Bul. 22B |
| PowerFlex® 400 Compact-Class AC Drives | • Bul. 22C |
| PowerFlex® 70 Architecture-Class AC Drives | • Bul. 20A |
| PowerFlex® 700 Architecture-Class AC Drives | • Bul. 20B |
| PowerFlex® 700L Architecture-Class AC Drives | • Bul. 20L |
| PowerFlex® 700S Architecture-Class AC Drives | • Bul. 20D |
| ArmorStart® Distributed Motor Controllers | • Bul. 280 • Bul. 281 • Bul. 283 • Bul. 284 |
| ArmorStart® LT Distributed Motor Controller | • Bul. 290 • Bul. 291 • Bul. 294 |
| ArmorStart® ST Motor Controllers: Safety and Standard Versions | • Bul. 281E • Bul. 284E |
| Mega DySC® Three-Phase Voltage Sag Correction System | • Bul. 1608M |
| Mini DySC® Single-Phase Voltage Sag Correction | • Bul. 1608N |
| ProDySC® Three-Phase Voltage Sag Correction | • Bul. 1608P |
UPDATE: Oct 01, 2018
A new BIOS was released to address the Meltdown and Spectre vulnerabilities that affect these specific series for the following products:
| Product Family | Bul. # | Series with new BIOS |
| 6181X Hazardous Location Computers | Bul. 6181X | Series H, All Versions |
| 6181P Integrated Display Computers | Bul. 6181P | Series F, All Versions |
| 6177R Non-Display Computers | Bul. 6177R | Series C, All Versions |
The new BIOS is available for download in the Product Compatibility and Download Center (PCDC). To find the new BIOS, search for each individual catalog number and go to the download page for the corresponding series listed above. Note that there is only one BIOS version available on PCDC under each of these products; this BIOS version that is available is the updated version that addresses the Meltdown and Spectre vulnerabilities.
UPDATE: Jan 10, 2018
Industrial Data Center (IDC)
Rockwell Automation is currently working with its software and hardware partners that make up the E1000, E2000 and E3000 Industrial Data Center (IDC) solution to obtain appropriate patches and updates to address the "Meltdown" and "Spectre" vulnerabilities. Rockwell Automation will continue to monitor this situation and provide updates in Knowledgebase Article ID 1071279. For IDC customers with a monitoring and administration contract, please contact Tech Support for assistance with this issue.
Microsoft Patch Qualification
Microsoft has released guidance for Windows Client and Windows Server Operating Systems. As of this writing, the Rockwell Automation MS Patch Qualification team is currently executing their validation processes on security updates related to the "Meltdown" and "Spectre" vulnerabilities. When these tests have been successfully completed, the test results will be made available through the Rockwell Automation MS Patch Qualification site: https://www.rockwellautomation.com/ms-patch-qualification/start.htm.
UPDATE: Feb 14, 2018
Rockwell Automation evaluated the performance of FactoryTalk® View Site Edition and FactoryTalk® View Point actions on Windows systems updated with the Microsoft Meltdown and Spectre updates. Many factors are involved in affecting the performance of systems with these mitigations; these can include but are not limited to the CPU version, the age of the operating system, and the burden of the workload on the system. In addition to the performance data provided below, customers may also find the Microsoft blog post Understanding the performance impact of Spectre and Meltdown mitigations on Windows Systems helpful, as it provides rough estimates on the performance impact as it relates to the class of CPU and the Windows operating system.
FactoryTalk View SE
Test Environment
| Rockwell Automation:Test Setup Information | ||
| Server Details | Client Details | |
| OS | Windows Server 2008 R2 Standard SP1 | Windows 7 Pro SP1 |
| CPU | Intel E5-2699A v4 @ 2.4GHz, 1 socket, 4 cpus/socket | Intel E5-2699A v4 @ 2.4GHz, 1 socket, 4 cpus/socket |
| RAM | 8GB | 8GB |
| Tested Version | 10.00.00.290 | 10.00.00.290 |
| Microsoft Patches Installed | KB4056894: January Monthly Roll-up | KB4056894: January Monthly Roll-up |
Test Results
| Operating System | Test Case: Display Update Rate | Before Patch: Avg (seconds) | After Patch: Avg (seconds) | Change (%) |
| Windows 7 Pro SP1 x64 | Load Display with 3000 numeric values (HMI tags) | 1 | 1.1 | 10.000% |
| Load Display with 3000 numeric values (Direct Reference tags) | 1.4 | 1.2 | -14.286% | |
| Load Display with 3000 animations | 3 | 4.3 | 43.333% | |
| Download 3000 tags from recipe | 17.9 | 23.5 | 31.285% | |
| Windows 2008 R1 Std | Load Display with 3000 numeric values (HMI tags) | 1.1 | 1.2 | 9.091% |
| Load Display with 3000 numeric values (Direct Reference tags) | 1.3 | 1.1 | -15.385% | |
| Load Display with 3000 animations | 3.3 | 4.4 | 33.333% | |
| Download 3000 tags from recipe | 18.4 | 17.2 | -6.522% |
FactoryTalk ViewPoint
Test Environment
| Rockwell Automation:Test Setup Information | ||
| Server Details | Client Details | |
| OS | Windows Server 2008 R2 Standard SP1 64-bit | Windows 7 Enterprise SP1 64-bit |
| CPU | Intel Xeon CPU E5-1607 v3 @3.10GHz | Intel Core i3-4150 CPU @3.50GHz |
| RAM | 8GB | 4GB |
| Browser | N/A | Chrome v63.0.3239.84 |
| Tested Version | 10.00.00.290 | 10.00.00.290 |
| Microsoft Patches Installed | KB4056894: January Monthly Roll-up | KB4056894: January Monthly Roll-up |
Test Results
| Overview: Test Case | Details | Before Patch: Avg (seconds) | After Patch: Avg (seconds) | Change (%) |
| Switching displays, recording loading time for each display | Overview Display | 2.78 | 2.85 | 2.518% |
| Image Heavy Display | 3.15 | 3.90 | 23.810% | |
| Data Heavy Display | 2.18 | 2.51 | 15.138% | |
| Recording 10,000 recipes downloading and refreshing time | Download 10,000 recipes | 96.54 | 98.96 | 2.507% |
| Refresh 10000 recipes | 18.22 | 17.80 | -2.305% | |
| Color Animation Blinking Rate (Rate = 1 second) | Blink Rate (actual) | 1.16 | 1.19 | 2.586% |
| Color Animation Blinking Rate (Rate = 0.5 second) | Blink Rate (actual) | 0.71 | 0.77 | 8.451% |
| Recording time for 2000 Alarm Trigger | Recording Time for 2000 Alarm Trigger | 10.38 | 10.57 | 1.830% |
| Rendering time for 1000 Tags | Rendering Time for 1000 Tags | 2.29 | 2.45 | 6.987% |
UPDATE: Feb 2, 2018
Knowledgebase Article ID 1071234 has been updated to include new patches for Windows 10 that have been qualified by the Rockwell Automation MS Patch Qualification team.
UPDATE: Jan 26, 2018
As of January 26, 2018, the Rockwell Automation MS Patch Qualification team has successfully qualified several Microsoft patches related to the "Meltdown" and "Spectre" vulnerabilities. For detailed and useful information about which qualified Microsoft patches to apply based on your Windows Operating System, please see Knowledgebase Article ID 1071234 under "Solution". Rockwell Automation will continue to test Microsoft patches related to "Meltdown" and "Spectre" and will update Knowledgebase Article ID 1071234 accordingly.
Note: Applying certain Microsoft patches released in early January have been found to cause anomalous behavior in several Rockwell software products, including Studio 5000, FactoryTalk View SE, and RSLinx Classic. If you have been experiencing software issues after installing a Microsoft update to patch "Meltdown" and "Spectre", and/or you would like to see a list of patches known to cause this irregular behavior, please see Knowledgebase Article ID 1071234.
Additionally, Rockwell Automation recommends:
- Contact your PC/Server vendor for any associated firmware updates that may also be required to further reduce risk.
- Before implementing any Microsoft updates, the updates should be verified on a non-production system, or when the facility is non-active, to help ensure that there are no unexpected results or side effects.
Lastly, we recommend customers continue to monitor the situation by monitoring this advisory, Knowledgebase Article ID 35530 for updates to Microsoft Patch Qualifications Reports, and by monitoring additional updates from both Microsoft and your PC/Server vendor(s).
GENERAL SECURITY GUIDELINES
For further information on the Vulnerability Handling Process for Rockwell Automation, please refer to our Product Security Incident Response FAQ document.
Refer to our Industrial Network Architectures Page for comprehensive information about implementing validated architectures designed to complement security solutions.
Refer to the Industrial Security Services website for information on security services from Rockwell Automation to assess, protect, detect, respond and recover from incidents. These services include assessments, designs, implementations, industrial anomaly detection, patch management, and remote infrastructure monitoring and administration.
We also recommend concerned customers continue to monitor this advisory by subscribing to updates on the Security Advisory Index for Rockwell Automation, located at Knowledgebase Article ID 54102 - Industrial Security Advisory Index.
Rockwell Automation remains committed to making security enhancements to our systems in the future. For more information and for assistance with assessing the state of security of your existing control system, including improving your system-level security when using Rockwell Automation and other vendor controls products, you can visit the Rockwell Automation Security Solutions web site.
If you have questions regarding this notice, please send an email to our product security inbox at: secure@ra.rockwell.com.
ADDITIONAL LINKS
- Microsoft: ADV180002 Guidance to mitigate speculative execution side-channel vulnerabilities
- Microsoft: Windows Client Guidance for IT Pros to protect against speculative execution side-channel vulnerabilities
- Microsoft: Windows Server guidance to protect against speculative execution side-channel vulnerabilities
- Security Advisory Index, Knowledgebase Article ID 54102
- Microsoft: KB4056897 2018-01 Security-only Update for Windows Server 2008 R2 SP1 and Windows 7 SP1
- Microsoft: KB4056894 2018-01 Monthly Rollup for Windows Server 2008 R2 SP1 and Windows 7 SP1
- Microsoft: KB4057401 2018-01 Preview of Monthly Rollup for Windows 8.1, Windows Server 2012 R2 Standard
- Microsoft: KB4057142 2018-01 Cumulative Update for Windows Server 2016
REVISION HISTORY
| Date | Version | Details |
| 01-Oct-2018 | 1.8 | Update: Patches for Industrial PCs |
| 14-Feb-2018 | 1.7 | Update: FactoryTalk Software Performance Statistics |
| 06-Feb-2018 | 1.6 | Update: Affected Hardware Products Listed |
| 02-Feb-2018 | 1.5 | Update: Windows 10 Patch Qualification Information posted to Article ID 1071234. |
| 26-Jan-2018 | 1.4 | Update: Moved and clarified location for MS Patch Qualification details (Article ID 1071234). |
| 23-Jan-2018 | 1.3 | Update: Microsoft Patch Qualification for Windows 8.1, Windows Server 2012 R2 / Windows Server 2012 R2 SP1, and Windows Server 2016. |
| 18-Jan-2018 | 1.2 | Update: Microsoft Patch Qualification for Windows 7 and Windows Server 2008 R2. |
| 10-Jan-2018 | 1.1 | Update: Affected Products. |
| 05-Jan-2018 | 1.0 | Initial release. |
KCS Status
