CEMView 4.0 Security Update Bulletin (CVE-2021-26414)
Microsoft has a security update fixing a vulnerability related to a DCOM Server security feature bypassing CVE-2021-26414.
The Microsoft fix for this vulnerability addresses the authentication used between DCOM clients and servers. All classic OPC Servers and OPC Client applications are affected by this vulnerability.
Microsoft has released an update to Windows which will be forced in June of 2022 to address this security vulnerability. This patch will be part of Windows update KB5004442.
When the Microsoft Windows update patch is installed, the DCOM Security changes will affect communication between OPC Servers and OPC Clients across a network. That is, all OPC Clients including the CEMView Client will fail to communicate to any OPC Server that does not contain the changes to address the DCOM Security vulnerability across a network. This will include all CEMView Remote Clients, Main DAS to Data Buffers as well as High Availability systems.
The latest Build of CEMView 4.0 has been released to address the change in Windows DCOM Security.
CEMView Build 127 or later must be installed prior to installing the KB5004442 Windows update. This CEMView Update is available for any CEMView System with a Comprehensive Support Contract.
Please contact us to discuss scheduling an update.
Email: [email protected]
Web: https://ca.cemview.com/support/
Phone: +1(519)649-6100 Option 3