Security information

IndraWorks - Installation problem


Important product information for IndraWorks


Microsoft has released important security updates (ThreatCon 6) for the Windows10 (KB4522015) and Windows 7 (KB4522007) operating systems.

The installation of these security updates led to an interrupt termination of an IndraWorks installation.


Reason: Security updates published by Microsoft lead to incorrect IndraWorks installations:

  • Windows 10: KB4522015
  • Windows 7: KB4522007, KB452415


Solution: Replace the above Microsoft security updates with newer versions:

  • Windows 10: KB4519338
  • Windows 7: KB4519976


Embedded Controls


Important Product Information for embedded Controls

For the VxWorks operating systems used in embedded controls by Bosch Rexroth, information about several critical vulnerabilities in the network protocol stack has been published on July 29, 2019. [1],[2]

The following devices are affected by the vulnerabilites:

- Embedded controls CML75 with an MLC/XLC firmware version < 14V22 Patch 4,

- Embedded controls XM21, XM22, XM42 with an MLC firmware version < 14V22 Patch 4,

- Industrial PC VPB40.4 with a firmware version < 14V22 Patch 4,

- Embedded controls CML75, CML85 with an MTX firmware version (all versions)

More information


IndraWorks Operation (WinStudio)


Important Product Information for Bosch Rexroth IndraWorks Operation (WinStudio)

IndraWorks, the Bosch Rexroth Engineering and operating software, provides WinStudio to develop visualization applications. WinStudio contains the InduSoft Web Studio technology. On February 4, 2019 , AVEVA Software, LLC. "("AVEVA"), the InduSoft Web Studio manufacturer published a security bulletin [1] containing information about a critical security vulnerability in Web Studio.

This vulnerability also affects:

- all projects created with Winstudio versions prior to 7.4 SP1.

- all projects created with IndraWorks versions prior to 15V02.

More information

Security Manual

IndraWorks Operation (WinStudio)


Important product information for Bosch Rexroth IndraWorks Operation (WinStudio)

The Bosch Rexroth engineering- and operating software IndraWorks provides WinStudio for the development of visualization applications. WinStudio includes technology from InduSoft Web Studio. On 10/31/2018 AVEVA Software, LLC. (“AVEVA”), the vendor of InduSoft Web Studio, published a security bulletin [2] with information about a critical security vulnerability in Web Studio.

More Information


Meltdown / Spectre


General Information on Meltdown / Spectre

Meltdown and Spectre can be used to steal sensitive information. Basic measures to protect against malware are described in the DC Security-guideline. According to the actual state of knowledge embedded systems like CML75 only have a higher risk of vulnerability in case the device is additionally infected with malicious code.

More information


Important product information for Bosch Rexroth IndraWorks Engineering

The Windows-Security-Patches for the risks Meltdown and Spectre seriously compromise the usability and functionality of the Bosch Rexroth engineering- and operating software IndraWorks.

It prevents the start of internal service programs and dialog fields as well as the communication with controls and drives. Reason for that is a mistake on part of Microsoft. Microsoft is working on a solution. We demand, not to install these patches on devices, which use IndraWorks. The installation of the patches through automatic updates needs to be prevented in cooperation with the responsible IT specialists. Instead, it has to be waited until an accurate patch from Microsoft is available.

More information


Updated product information for Bosch Rexroth IndraWorks Engineering and IndraWorks Operation

This malfunction does only affect the operating systems Windows 8 and Windows 10. The operating system Windows 7 is not, like we orginally published, affected.

More information



How Rexroth HMI products are at risk from WannaCry ransomware

Industrial PC and embedded PC devices with Windows operating systems Windows XP, Windows 7 and Windows 10 and an operating system version older than March 2017, are susceptible to remote code execution via SMB.

Currently, “WannaCry” ransomware exploits this weakness in order to distribute malware and to encrypt data of affected systems.

More information