SINUMERIK 810D/840Di/840D: Compatibility of Microsoft security updates with SINUMERIK PCU 50/70 and CNC Shopfloor Management Software
The availability of Microsoft security updates is published via the Microsoft security bulletins. The decision as to whether the security updates should be used is exclusively left to the responsibility of the customer and can be made on the basis of the "Evaluation of the maximum severity" specified in the Microsoft security bulletin. Microsoft publishes information regarding security updates and downloads on the Internet under the following link: http://www.microsoft.com/technet/security.
Microsoft has officially terminated support for Windows NT for Workstations; this also applies to the security updates for Windows NT. However, an agreement was made with Microsoft for our components concerning the provision of further security updates for Windows NT. This agreement ended on 31. December 2006. That is why no new security updates for Windows NT can be provided by Siemens from January 2007.
The Siemens specific security updates available until 31 December 2006 are provided by ePS Network Services and are not free of charge as a result of our expenses. The ePS Network Services are provided by the company ePS & RTS Automation Software GmbH, a 100% subsidiary of Siemens AG. Information regarding ePS can be found in Catalog NC 61, 2009 and at the Internet address http://www.siemens.de/sinumerik/eps. Therefore, among other things, you are authorized to download the relevant security updates for Windows NT for Workstations, which have been provided to us by Microsoft until 31. December 2006.
The security updates that can be obtained via ePS can be found in the compatibility list (attachment). The licensing regulations valid for the provided security updates must be observed. These licensing regulations can be viewed on the download page.
Please notice that Microsoft Windows XP and all Service Packs are subjected to their lifecycle. For further informations visit: http://support.microsoft.com/gp/lifeselect.
- In general, Microsoft publishes safety updates once a month (every second tuesday of the month); these updates will be available in Europe on the following Wednesday.
- Relevance check: Every Microsoft security update is carefully checked by Siemens as to whether it is relevant for Siemens SINUMERIK software (also with regard to product liability). In general, this check has to be performed manually since all development departments involved have to be coordinated. The results have to be prepared for distribution.
Siemens will communicate the relevance of the patches for SINUMERIK PCUs one week later.
- Siemens will perform acceptance tests immediately after checking the relevance. We will diligently test various Siemens system versions and the HMI functions. The results of these tests have to be evaluated and prepared for further actions. In general, the acceptance test results which have been prepared will be published two weeks after release of the Microsoft updates.
- Various add-on products developed by Siemens will be tested. After approx. five weeks, Siemens will publish the final test results. Experience has shown that problems with Microsoft safety updates only occur in exceptional cases on SINUMERIK controllers. Since we cannot exclude such problems, each safety update has to be diligently checked in a time-consuming manner. Siemens checks both the SINUMERIK system software and any add-on software developed by Siemens. After installing the safety update, the functions of customized systems have to be tested on system-specific configurations.
- After performing the test stated under 4., the security updates will be integrated additionally in later PCU-Base versions.
The results of the relevance test, acceptance test and all final test results will be published in this update.
No special PCU-Base versions are available for the Security Patches.
If you wish to update your system using safety updates, you have to install the Patches provided by Microsoft on your PCU-Base system.
The below displayed compatibility list will be updated and published on a regular basis.
Update 05/13/2014 The compatibility list was updated to the status of 04/11/2014.
/cs/pool/xls.gif MS-Sec-Updates140411_d_e_sinumerik.xlsx ( 102 KB )
MS-Sec-Updates140411_d_e_sinumerik.pdf ( 95 KB )
It is recommended to secure the installation of Microsoft security updates by means of the following measures:
- Prior to the installation of one or several security updates, the system must be secured with the data backup software Symantec Norton Ghost. If a problem arises, the backup can be used.
- The functioning of the security updates must be ensured via tests on the system-specific configurations. The tests performed at Siemens do not simulate the exact software environment on the system.
Suggestion for reducing the total duration
In order to reduce the process duration, we recommend that you check a test system (!) already after publishing the relevance of patches for SINUMERIK PCUs. If no problem occurs, you have to decide whether you can await completion of the tests performed at Siemens or whether to distribute the patches to the systems (depending on the potential threat). Please inform Siemens asap if a problem occurs.
The new Microsoft Security Patches can be installed on a test system (!) immediately after being published (irrespective of whether you know if they are really relevant for the SINUMERIK PCU). If a patch is relevant for the controller concerned, the installation process is completed successfully. If the patch is not relevant, the installation routine aborts the installation process and outputs an error message.
- The Security Patches tested have to be compared with the relevant Security Patches published by Siemens; final system roll-out.
For further information, please contact your local Siemens office.
As described in the notification 88819016, the extended Microsoft Windows XP support was discontinued as of April 8, 2014. The monthly check of the Microsoft Windows Security Patches for compatibility with PCU50, will be continued with Windows 7 based on Windows Server Update Services (WSUS).
A notification about the compatibility of the WIndows 7 Security Patches with our software will be carried out , only if necessary, via this web page.
Siemens has tested the Microsoft Security Patch for Windows XP (KB4012598) related to "WannaCry" in a shortened process ("Smoke-Test") regarding compatibility with standard SINUMERIK PCU 50 and with related products of CNC Shopfloor Management Software (this test does not cover the full scope of the test described above under "evaluation method"). The Smoke-Test has been succeeded without any issues.
Siemens has tested the Microsoft Security Patch for Windows XP SP3 (KB4500331) related to the "Windows Security vulnerability regarding remote code execution (Remote Desktop Service)" in a shortened process ("Smoke-Test") regarding compatibility with standard SINUMERIK PCU 50.5 and with related products of CNC Shopfloor Management Software (this test does not cover the full scope of the test described above under "evaluation method"). The Smoke-Test has been succeeded without any issues.
Remark: With PCU50 the english version of the Microsoft Patch must be installed.