Security updates to AUTOSOL software are detailed on this page.
Known Security Vulnerabilities:
The following table lists the known security vulnerabilities in AUTOSOL software. More details about each can be found below under “Advisories and Updates”
Product | Version | Vulnerability | Addressed in |
---|---|---|---|
ACM | 9.1 | ACM 9.1.1* | |
ACM | 9.0.1 | ACM 9.1* | |
ACM | 9.0 | OPC UA Standard Stack (CVE-2022-29862 through CVE-2022-29866) | ACM 9.0.1* |
* Contact AUTOSOL support to discuss other upgrade options to mitigate this issue.
There are currently no known security vulnerabilities within eACM. |
AUTOSOL recommends upgrading to the newest release of our software.
This latest version of AUTOSOL Communication Manager (ACM) 9.1.1 integrates the OPC UA .NET Standard Stack Version 1.4.371.96 from the OPC Foundation. This fixes the following vulnerabilities: These vulnerabilities are fixed in the ACM versions shown here:
Affected Products:AUTOSOL ACM 9.0, ACM 9.0.1, ACM 9.1 Alternative Mitigation:
|
This latest version of AUTOSOL Communication Manager (ACM) 9.1 integrates the OPC UA .NET Standard Stack Version 1.4.370.12 from the OPC Foundation. This fixes the following vulnerabilities:
These vulnerabilities are fixed in the ACM versions shown here:
Affected Products:AUTOSOL ACM 9.0, ACM 9.0.1 Alternative Mitigation:
|
ACM Update for Emerson FloBoss 107TM with firmware version 2.0 We now have an updated version of the ROC protocol for ACM 9.0.1 and later that will support the firmware upgrade of the following devices:
If you have already upgraded the firmware for the Emerson FloBossTM 107 to version 2.0 and are unable to retrieve history this update will correct that. Please contact your sales representative or AUTOSOL Customer Support to gain access to this fix.
Explanation In November 2022, Emerson released new firmware for the Emerson FloBossTM 107 (version 2.0), Emerson ROC 800L (version 1.70) and Emerson ROC 800 (version 3.90). In the new firmware for the Emerson ROC FloBoss 107s, point types 6, 7, 10, 41 & 42 were removed due to storage constraints in the device, and because their data was duplicated elsewhere. ACM 9.0.1 and earlier are not compatible with this change. Enabling security in the Emerson FloBossTM 107 , Emerson ROC 800s or ROC 800Ls in ACMThis support will formally be released in ACM 9.1 but if you wish to upgrade your firmware today and enable the security, AUTOSOL can provide a beta version of the new feature that makes use of the new security requirements. The beta version will only work in 9.0 and later, and will be formally released in ACM 9.1 late spring/early summer 2023. If this is something you are interested in, please contact your sales representative or AUTOSOL Customer Support. |
ACM 9.0.1 and earlier cannot retrieve history or meter configuration data from an Emerson FloBoss 107 with firmware version 2.0. ExplanationIn November 2022, Emerson released new firmware for the Emerson FloBossTM 107 (ver. 2.0), Emerson ROC 800L (ver. 1.70) and Emerson ROC 800 (ver. 3.90). In the new firmware for the Emerson ROC FloBoss 107s, point types 6, 7, 10, 41 & 42 were removed due to storage constraints in the device, and because their data was duplicated elsewhere. Current ACM releases rely on these point types and as a result, cannot retrieve meter configuration data or history from the Emerson ROC FloBoss 107. What is being done about itAUTOSOL is working on a solution. When it is complete, AUTOSOL will provide hotfixes for all supported versions of ACM. If you require assistance or additional information regarding the updated Emerson Firmware, please contact Emerson Support. What about the Emerson ROC 800 and firmware version 1.70You can upgrade your ROC 800s to firmware version 1.70 today and ACM will continue to work as normal as long as you have the security disabled in the device. What if you want to enable security in the Emerson ROC 800s or ROC 800Ls and use ACMIf you wish to use ACM and enable the security, AUTOSOL can provide a beta version of the new feature that makes use of the new security requirements. The new feature for the Emerson ROC 800s and 800Ls will only work in 9.0 and later, and will be formally released in ACM 9.1 late spring 2023. If this is something you are interested in, please contact your sales representative or AUTOSOL Customer Support. We will provide updates to this issue on this page. |
Summary:This latest version of AUTOSOL Communication Manager (ACM) 9.0.1 integrates the OPC UA .NET Standard Stack Version 1.4.369.30 from the OPC Foundation. This fixes the following vulnerabilities:
These vulnerabilities are fixed in the ACM versions shown here:
Affected Products:AUTOSOL ACM 9.0 Alternative Mitigation:
|
16055 Space Center Boulevard, Suite 450
Houston, Texas 77062
281.286.6017
All information contained herein is considered proprietary. Any unauthorized disclosure or use is prohibited.