?

NERC CIP Customer Support Center

We speak compliance.

RFL is dedicated to assisting customers with NERC CIP regulatory requirements, and currently offers a multitude of information for our products' cyber assets and customer information protection. RFL provides automatic Cyber Security Bulletin update notifications, which will save you from having to check for updates every 35 days. You will need to register for an RFL Download Account to have access to the Bulletins and other NERC CIP information.

Email us at This email address is being protected from spambots. You need JavaScript enabled to view it. with any questions or requests regarding risk assessments.

Customer Information Protection Policy Statement
NERC CIP - Bulk Electric System Cyber System Information (BES CSI)

RFL's product models with the ability to store BES CSI are currently the: eXmux®, GARD, IMUX and 9745 family of products. Please click here to view the Bulletin (requires logging into the Downloads space).

Cyber Security Bulletins

To download Cyber Security bulletins, you must log in with your customer account.

RFL Product Cyber Security Patch Status

You must be logged in to review the RFL Product Cyber Security Patch Status table. Please log in with your customer account below, or click here to register for a customer account.

?

Security Patch Status

ProductLast Patch FirmwarePatch DescriptionDate
9508 AnalogNone--
9508D (Digital)None--
9745
Teleprotection System		None--
9780/9785
Powerline Carrier System		None--
eXmux 3500/3500MSystem Software
7.0.9512		Addressed Security Issue related to receiving UDP packets with port number 1024 & 1025 and length 0Oct 2017
eXmux® 3501/3501M
IP Access Multiplexer		System Software
7.0.9512 / 7.0.9542		Addressed Security Issue related to receiving UDP packets with port number 1024 & 1025 and length 0Oct 2017
eXmux® Family of ProductseXmux® VNMS
10.1.0.20561
VNMS no longer stores user credentials in the network file when saving the file. Deletion of all network files saved by any prior version to VNMS 10.1.0.20561 is recommended.May 2023
eXmux® Family of ProductseXmux® VNMS
10.2.0.20591
  • Upgraded OpenSSH from OpenSSH_6.6p1, which has been identified to have multiple vulnerabilities, to OpenSSH_7.2p2, to address those vulnerabilities.
  • Added the ability to enable/disable OpenSSH configuration parameters via CLI commands.
  • Also added CLI legacy Mode option to support backward compatibility with OpenSSH_6.6p1.
Sep 2023
eXmux® Family of ProductseXmux® VNMS
10.5.0.20658
  • Added support for OpenSSH_7.2p2 for eXmux 3501 109020-2 Main Board (SS-PPC) to address multiple vulnerabilities that was associated with OpenSSH_6.6p1.
Sep 2024
eXmux® Family of ProductseXmux® VNMS
10.6.0.20673
  • Added support for OpenSSH_9.8p1, Open SSL 1.1.1w for eXmux 3501 109020-3 Main Board and eXmux 4500 to address the Terrapin attack vulnerability in OpenSSH 7.2p2, OpenSSL 1.0.1m.
  • Added support for SQLite to address MS SQL Express 2014 end of life in VNMS.
  • Added support for new Putty version 0.81 to address cyber security vulnerabilities.
  • Added support for new Log4Net version 2.10.0 to address reported cybersecurity vulnerability issue (CVE-2018-1285).
Jan 2025
GARD 8000®
Protection System with 500400 Controller		System Firmware
8.3.5		Disable HTTP Put command on front and rear Ethernet portsApr 2017
GARD 8000®
Protection System with 500400-1 Controller		System Firmware
8.5.2		Disable HTTP Put command on front and rear Ethernet portsApr 2017
GARD 8000®
Protection System with 500400-2 Controller		System Firmware
10.4.2.57 & 11.4.2.108		Final mitigation for cross-site scripting vulnerability as detailed in cyber security bulletin CS-021.Jan 2024
GARD Pro® Protection SystemSystem Firmware 2.6.7.286 & 2.7.7.184Mitigation for SSL vulnerabilities as detailed in cyber security bulletins CS-022 and CS-023.Nov 2023
GARD Pro® 61850System Firmware
3.4.14.288		Mitigation for SSL vulnerabilities as detailed in cyber security bulletins CS-022 and CS-023.
For additional non-cyber security changes, please review Bulletin PBF-023.
Dec 2023
GARD Pro® IEC 61850 GatewaySystem Firmware 3.3.14.161TMW 61850 stack DOS vulnerability patchSep 2022
GARD Pro® IEC 61850 GatewaySystem Firmware 3.4.14.256
  • SNMPv3 Authentication and Privacy changes including new SNMP user account and separate privacy password.
  • HTTPS certificate update including change to SHA256 encryption and addition of rear IP address as subject alternative name.
  • TCP port 21 and 23 now show closed rather than filtered.
  • Ping requests with timestamp now rejected.
Mar 2023
IMUX 2000
T1/E1 Multiplexer		None--
ProductLast Patch FirmwarePatch DescriptionDate
RFL Connect

Past CONNECT Course Archives

Download Videos

Online Training Courses In
Networking, Communications,
Protection & Cyber Security

Learn more

Delivering solutions that work. Period.

Protection and communications equipment for electric utilities and the transportation, oil and gas markets.

Explore Our Featured Products:

eXmux® 4500 MSAT Platform     GARD Pro® Digital Teleprotection    GARD Pro® PLC

Utility industry and electric utility white papers by RFL providing communications and protection solutions to today's challenges, such as migrating data from leased lines.

FEATURED WEBINAR:
Helping Utilities Move Forward in IP Migration

FEATURED SOLUTION:
Multipoint-to-Multipoint Protective Relaying Signaling Using Digital Communications and Built-In Logic

Read our Electric Utility White Papers

Find RFL and Hubbell at an upcoming trade show in your area!

See Upcoming Trade Shows

RFL offers a 24-hour emergency service program that provides specialized service anytime, anywhere in the world. All of RFL's products are engineered and manufactured to the highest-quality standards and are supported by a team of highly trained customer service engineers.

Contact Sales Associate