According to the YSAR-14-0005E (SSLv3 protocol vulnerability of decrypting the encrypted data in YOKOGAWA products), SMARTDAC+ GX10/GX20, GP10/GP20, and GM10 are affected by SSLv3 protocol vulnerability. How do I protect the product from the vulnerability

The POODLE attack (Padding Oracle On Downgraded Legacy Encryption) which abused the vulnerability of SSLv3 protocol has become a recent topic. Since the SSL communication has been supported from the release number 2 of SMARTDAC+ series, the following products and the firmware versions are affected.

  • GX10/GX20, GP10/GP20 (from R2.01.01 to R2.02.01)
  • GM10 (R2.02.01)

However, the SMARTDAC+ series can provide encryption connection via the TLS communication strengthened more against vulnerability. Apply the following countermeasures.

  1. Web functions (Server)
    Disable SSL 3.0 in web browser before connection.
  2. FTPS (Server and Client)
    When using as a client: Disable SSL 3.0 on the server side before connection.
    When using as a server: Disable SSL 3.0 on the client side before connection.
  3. Mail functions (Client)