The serious programming error, become known last week, endangers all Internet connections that are secured with OpenSSL.
None of the ADS-TEC products are affected.
The latest information indicates that the bug has been exploited for some time.
The ADS-TEC Industrial IT products of the IRF2000, IF1000, IWL3000, RAP1000 series as well as Big-LinX® use OpenSSL, in particular to secure VPN or WLAN connections.
Investigations of the Heartbleed bug, immediately initiated by ads-tec, have shown that none of the ADS-TEC products use a vulnerable version of OpenSSL.
For Big-LinX®, in particular, we would, however like to emphasise another important point. Even if a vulnerable version of OpenSSL had been used, the consequences would have been manageable. The reason is that Big-LinX® VPN connections are smart-card based. The private key that uniquely identifies a VPN client never leaves the memory of the smart card. Thus, it could not have been read out via the Heartbleed hole. The Big-LinX® smart cards would not have been compromised.
Even though ADS-TEC customers can now sleep peacefully in this case, security problems must always be reckoned with.