ICS Advisory (ICSA-14-269-01 (Supplement))

Bash Command Injection Vulnerability (Supplement)

Click to Tweet.
Click to send to Facebook.
Click to Share.

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.



This advisory supplement is to accompany the NCCIC/ICS-CERT advisory titled ICSA-14-269-01 Bash Command Injection Vulnerability and all following updates that were originally published September 26, 2014, on the ICS-CERT web site and posted to the US-CERT secure Portal library. Please refer to the original advisory for all the details of the vulnerability. The purpose of this advisory supplement is to document which products are affected by this vulnerability and suggest how users of these products may mitigate the effects of this vulnerability. This document will be updated as needed.

ICS-CERT thanks the following companies for responding to our inquiry for which of their products were or were not affected:

ABB, Advantech, Alstom, Azeotech, Cogent, Digi, Ecava, eWON, Fox-It, Honeywell, Inductive Automation, Eaton, Elecsys, Festo, Garrettcom, Hirschmann, Innominate, JPCERT, Meinberg, Moxa, Nordex, Ocean Data Systems, Omnimetrix, OPCSystems, OSIsoft, Phoenix Contact, Post Oak Traffic, Progea, Red Lion, Rockwell Automation, Schneider Electric, SEL, Sielco Sistemi, Siemens, Sierra Wireless, SUBNET Solutions, Tofino Security, Tridium, Trihedral, Vista Control, Weidmuller, and Wind River.

ICS-CERT encourages any asset owners/operators, developers, or vendors to coordinate known implementations of the affected products directly with ICS-CERT.


ABB products:

  • Directly affected: ABB Tropos 3000, 4000, 6000, & 7000 series routers
  • Indirectly affected: Ventyx NM EMS/SCADA on RHEL, Ventyx.

Please see ABB’s public notification and mitigation strategies at:


Cisco products:

Please see Cisco’s advisory for full list of affected products at:


Digi products:

  • Connectport LTS, Digi Passport, Digi CM.

Digi says that the vulnerability cannot be exploited remotely on these systems.

eWON products:

Please see eWON’s advisory for full list of affected products at:


Meinberg products:

  • LANTIME V4.x, V5.x and V6.x

Please see Meinberg’s public notification and mitigation strategies at:


Moxa products:

  • All Linux-based computers except EM1220-LX, EM1240-LX, UC7110-LX, UC7112-LX.

Moxa is currently investigating a solution.

Red Lion products:

  • Sixnet BT-5000 and 6000 Series
  • RAM 9000, RAM 6000, SN 6000 and M, A and R Series

These products use the bash shell but are not considered to be vulnerable or exploitable.

Siemens products:

  • ROX 1: All versions <= V1.16.0
  • ROX 2: All versions <= V2.5.0
  • APE Linux V1.0 with ELAN installed

Please refer to SSA-86096 for more details at Siemens’ web site:


Contact Information

For any questions related to this report, please contact the CISA at:

Email: CISAservicedesk@cisa.dhs.gov
Toll Free: 1-888-282-0870

For industrial control systems cybersecurity information:  https://us-cert.cisa.gov/ics 
or incident reporting:  https://us-cert.cisa.gov/report

CISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts.

We recently updated our anonymous product survey; we'd welcome your feedback.