RFL is dedicated to assisting customers with NERC CIP regulatory requirements, and currently offers a multitude of information for our products' cyber assets and customer information protection.
RFL provides automatic Cyber Security Bulletin update notifications, which will save you from having to check for updates every 35 days. You will need to register for an RFL Download Account to have access to the Bulletins and other NERC CIP information.
Notice: Spectre and Meltdown CPU Potential Vulnerability
HPS/RFL is aware of the recent announcement from Google regarding the Spectre and Meltdown CPU potential vulnerability affecting various processors. HPS/RFL is in the process of reviewing our products for potential risks and will provide updates as necessary relating to this matter going forward.
Customer Information Protection Policy Statement
NERC CIP - Bulk Electric System Cyber System Information (BES CSI)
RFL's product models with the ability to store BES CSI are currently the: eXmux, GARD, IMUX and 9745 family of products. Please click here to view the Bulletin (requires logging into the Downloads space).
Cyber Security Bulletins
To download Cyber Security bulletins, you must log in with your customer account.
RFL Product Cyber Security Patch Status
You must be logged in to review the RFL Product Cyber Security Patch Status table. Please log in with your customer account below, or click here to register for a customer account.
Security Patch Status
|Product||Last Patch Firmware||Patch Description||Date|
Powerline Carrier System
|GARD 8000® Protection System with 500400-1 Controller||System Firmware 8.5.2||Disable HTTP Put command on front and rear Ethernet ports||04/01/2017|
|GARD 8000® Protection System with 500400-2 Controller||None||-||-|
|GARD 8000® Protection System with 500400 Controller||System Firmware 8.3.5||Disable HTTP Put command on front and rear Ethernet ports||04/01/2017|
|GARD Pro™ Protection System||System Firmware 18.104.22.168 & 22.214.171.124||SNMPv3 Authentication and Privacy changes including new SNMP user account and separate privacy password. HTTPS certificate update including change to SHA256 encryption. TCP port 21 and 23 now show closed rather than filtered. Ping requests with timestamp now rejected.||10/01/2022|
IEC 61850 Gateway
|System Firmware 126.96.36.199||TMW 61850 stack DOS vulnerability patch||9/20/2022|
|eXmux® 3500/3500M||7.0.9512||Addressed Security Issue related to receiving UDP packets with port number 1024 & 1025 and length 0||10/1/2017|
IP Access Multiplexer
|7.0.9512 / 7.0.9542||Addressed Security Issue related to receiving UDP packets with port number 1024 & 1025 and length 0||10/1/2017|