On Thursday, September 25, 2014 US-CERT published an alert, TA14-268A, regarding a critical vulnerability in the GNU Bourne-Again Shell (Bash), the common command-line shell used in many Linux/UNIX operating systems and Apple’s Mac OS X.
After a thorough review of Honeywell products, we want to reassure our customers that no versions of NiagaraAX Framework software or any other Honeywell products are affected by the Shellshock bug.
The NiagaraAX Framework utilizes QNX, a UNIX-like operating system, and does not contain the GNU Bourne-Again Shell (Bash). As a result, no patch or update to NiagaraAX Framework software is necessary. Customers using Linux should update their Linux distribution.
Cyber security of our products is a top priority at Honeywell. As soon as we learned of the alert, we evaluated our portfolio and wanted to notify customers as quickly as possible of the results of that evaluation. More information about the Shellshock bug can be found at http://www.kb.cert.org/vuls/id/252743.