General corrective measures

• Since the vulnerabilities are present in the TCP/IP stack, an active network connection is required to be able to manipulate the devices. Therefore, the risk of an attack can be minimized by restricting the network access to the devices.
• Unless absolutely necessary, devices/systems should be disconnected from the higher-level network.
• Prevent unauthorized people or devices from gaining access to affected devices and network segments in which affected devices are being operated.
• When accessing these devices with a laptop, the laptops should ideally not be connected to the network. Rather, a point-to-point Ethernet connection is preferable, if possible (e.g. the engineering interface of the MOVIPRO^® SDC/ADC).

• Network security and access protection