On April 09, 2014, Unified Automation GmbH announced that its OPC UA Software Development Kits (SDKs) for Windows included vulnerable OpenSSL libraries. HTTPS support is disabled by default in Unified Automation SDK products. However if HTTPS is used, Unified Automation recommends replacing the OpenSSL library with a current version (1.01.g or later) to mitigate this vulnerability.
This vulnerability could be exploited remotely. Exploits that target this vulnerability are known to be publicly available.
Read ICS-CERT Advisory 14-135-04.
Visit WaterISAC's OpenSSL page with previously reported updates and resources.