MOVIPRO® SDC/ADC and customer-specific variants of these devices
According to current knowledge, only the engineering interface of these devices is affected if the device was produced before July 2021 and delivered with firmware V19 or earlier. The industrial Ethernet interfaces of the devices are not affected.
Products with firmware V20 or later are not affected.
The engineering interface is available under the cover screw fitting with the "Service" designation under the 7-segment display for temporary connection, and in devices with certain communication packages also via an M12 port on the side of the device with the connector designation "X4224".
Engineering interfaces should be used only for temporary engineering and usually not be connected to the network. In applications where engineering interfaces are used e.g. for the visualization of process values, the PCs/controls must be protected from third-party access or, if possible, disconnected from the rest of the network. The fieldbus interfaces of the devices are not affected.
In some customer-specific device variants, a WLAN modem is also present inside the device, which makes the engineering interface accessible via WLAN. These device variants are identified in the table in section Type designations and part numbers with a '*' after the part number. This leads to the indicated vulnerabilities also being present when the device is connected to a higher-level network via WLAN.
