Security Vulnerability Corrected in version 08.0.00

Regarding the Java vulnerability CVE-2018-2942, for Java SE: 7u181, 8u172; in the Windows DLL subcomponent: A remote user can exploit a flaw in the Java SE Windows DLL subcomponent to gain elevated privileges. The vulnerability has been corrected in this release.

Issues fixed in version 08.0.00

• You can find the problems, workarounds and fixes related to this release in the issue list.

Changes in version 08.0.00

• The ActiveX software for SCADA applications is no longer offered as a part of the Industrial HiVision software starting with version 08.0.00.

New features in version 08.0.00

• New features:
  • Advanced EtherNet/IP Support (for Ping devices, PCs and unknown switches)
    Values are requested via EtherNet/IP and displayed as properties in the EtherNet/IP container in the device node.
  • Duplicate manually created or scanned device
    The "Paste as new Network" function is useful for identical networks, where the devices and connections are the same, but the IP addresses are different.
  • Scheduler for saving the IHP file (Project Database)
    Using the Scheduler you can now schedule a backup of the database.
  • Firmware Agent extension
    The Device Agent in the menu tree contains a new folder named "Other Firmware Info". This folder can also be found in the Map and List tabs, and contains the following information: "Back up Firmware", "Boot Code Firmware" and "Stored Firmware".
  • SFP Columns in the Port and Connection Tabs
    New columns were added to the Ports and Connection tabs to display the SFP power.
  • Configurable Services Access ports
    Users can now specify a different value that Industrial HiVision uses to connect to the "Project data server" and "OPC Server" ports. Unmark the new "Use Default Values" checkbox to specify new values. The "Service Access" dialog allows you to change the udp/tcp ports used for various services.
  • Dashboard Re-ordering
    When you have more than one slide, the dashboard lets you change the order of the slides.
  • Start and Stop a network scan using the Scan button
    The Scan Network button now has a toggle function. If you started a scan on a large network and you want to stop the scan, then click the Scan Network button again.
  • Discontinuation of ActiveX support
    As of this version the ActiveX function is no longer supported.
  • 32 Bit Operating System
    As of this version the 32 Bit Operating System is no longer supported.
  • Support for Window Server 2016
    Starting with this version and until further notice Industrial HiVision can be installed on Window Servers with a 2016 operation system.
  • User management LDAP over SSL / TLS
    Industrial HiVision allows you to select between a secure or unsecure connection when logging into a Industrial HiVision client were the authorization is completed using an LDAP server.
  • Icon for Management Station
    The icon of the device representing the Management Station in the Map tab now changes according to its status. The system displays two different icons depending whether it is a local kernel or a remote kernel.
  • HiOS 7.0 Start of Webif with credentials
    When launching the web interface of an HiOS 7+ device from Industrial HiVision, stored credentials will be used to perform an auto-login, so that the user does not have to login manually.
  • Zoom Support for Mouse Wheel
    Zoom support for mouse wheel has been implemented. Users can now use CTRL + scroll mouse wheel to change the zoom factor in Map tab or zoom panel.
  • Add Web/CLI/GUI to Context Menu in Properties Tab
    Users can now open the graphical user interface of a selected device directly in the "Properties" tab. The context menu contains three new options: "Web Interface", "Device Configuration" and "CLI".
  • Notification: Certificate for Push Notification expires in ...
    The "Event History" dialog now displays an event to inform users when a higher version of Industrial HiVision is available. The new system-generated event is displayed every Monday, starting 365 days after the release of the installed version.
  • Start Executable with Arguments
    Users can now run an executable with arguments through an event action. The "New Action Entry" dialog has been enhanced with a new "Parameters" text field and a new drop-down list.
  • Forward all events to the syslog server
    The event forwarding functionality has been enhanced to help users perform event forwarding to a Syslog server for multiple devices at once.
• New devices:
  • Dragon MACH 4000 and 4500
  • Bobcat Rail Switch (BRS)
  • BAT-C2
  • IS30
• MultiConfig™ dialogs added:
  • Device Security - LDAP - Configuration (HiOS, HiSecOS)
  • Device Security - LDAP - Configuration Table (HiOS, HiSecOS)
  • Device Security - LDAP - Role Mapping Global (HiOS, HiSecOS)
  • Device Security - LDAP - Role Mapping (HiOS, HiSecOS)
  • Network Security - Port Security Global (HiOS)
  • Switching - MRP-IEEE - MMRP Configuration (HiOS)
  • Switching - QoS/Priority - DiffServ - Global (HiOS)
  • Switching - TSN - Configuration (HiOS)
  • Switching - TSN - Gate Control List - Configured (HiOS)
  • Switching - TSN - Gate Control List - Current (HiOS)
  • Routing - L3 Relay - Global (HiSecOS)
  • Routing - L3 Relay - Table (HiSecOS)
  • Redundancy - MSTP (Classic Software, HiOS)
  • Diagnostics - Status Configuration - Trap Global (HiOS)
  • Diagnostics - Status Configuration - Trap Selection (Eagle20)
  • Advanced - DHCP Relay Agent (HiSecOS)
  • Advanced - DNS Client - Static (HiOS)
  • Advanced - DNS Client - Static Table (HiOS)
  • Advanced - DNS Client - Static Hosts (HiOS)
  • Advanced - DNS Cache - Global (HiSecOS)
  • Advanced - DynDNS (Eagle20)
  • Advanced - Industrial Protocols - Modbus TCP (HiOS)
  • Advanced - Industrial Protocols - Ethernet/IP (HiOS)
  • Advanced - Industrial Protocols - Profinet IO (HiOS)
  • Advanced - Digital IO Module - IO Input (Classic Software, HiOS)
  • Advanced - Digital IO Module - IO Output (Classic Software, HiOS)
  • Port Dialog: Port - DHCP Snooping (HiOS)
  • Port Dialog: Port - LLDP Configuration (HiOS)
• MultiConfig™ dialogs modified:
  • Basic Settings - Load/Save: Save To Device in separate dialog (Classic Software, HiOS, HiSecOS)
  • Redundancy - Rapid Spanning Tree (Classic Software, HiOS)
  • Redundancy - PRP (HiOS)
  • Advanced - Industrial Protocols - IEC61850 (Classic Software)
  • Port Dialog: Port - Rapid Spanning Tree (HiOS)
  • Security Status - SSH V1 column (Classic Software, HiOS)
  • Connections - SFP Power RX dBm A column (HiOS)
  • Connections - SFP Power TX dBm A column (HiOS)
  • Connections - SFP Power RX dBm B column (HiOS)
  • Connections - SFP Power TX dBm B column (HiOS)

Device Specific Information

• Dragon PTN:
  
  • The Dragon PTN sends SNMP V3 Traps. They are not encrypted.
  • The Windows Trap Service cannot handle SNMP V3 Traps. The Windows Trap Service has to be deactivated so that Industrial HiVision receives the traps.
• RSP, MSP, Eagle30:
  MultiConfig™: Security - User Management - Users:
  After changes to the access parameters of the device it might be necessary to change the SNMP configuration within the program:
  MultiConfig™: Program Settings - SNMP Configuration
• BAT 54 Rail:
  • Supported firmware versions:
    • 7.xx (before 7.52): autotopology per WLAN (not per LLDP)
    • 7.52, 7.60, 8.0:  autotopology per WLAN and LLDP
  • Before you scan a network which is located behind a BAT you should
    • optimize the SNMP Guess List by removing unnecessary entries  (Preferences - SNMP Configuration) or
    • set the SNMP Configuration manually
  • Signal to Noise Ratio: the value 63 means 63dB or more
    
  • The SNTP/NTP status will be displayed as "Warning" regardless of the actual server configuration
    
• BAT devices:
  • The BAT family of devices supports IP address configuration through HiDiscovery only. Please make sure that your management station is in the same subnet as the device before opening the "IP Configuration" dialog.
  • SNMP guessing: Write access to BAT devices will be locked after five incorrect guesses.
  • BAT devices configure the Management Access settings different from those defined in "Restricted management Access". Therefore, "Restricted Management Access" of BAT devices now display the "Unsecurable" value.
• BAT C (Firmware version 2.3.3):
  • The name cannot be set on the device
  • After setting the IP parameters the device has to be rebooted
  • Port Speed is always displayed as 0
• MIKE:
  It is possible that Industrial HiVision fails to guess the SNMP passwords of the MIKE. In that case these devices are displayed as ping devices. To correct this:
  • Delete these devices completely.
  • Add the SNMP-Configuration for these devices manually.
  • Restart the detection of these devices.
• MACH 3000:
  Topology discovery with link aggregation:
  If you use link aggregation with the MACH 3000, then only one connection between the two devices will be discovered because of missing LLDP information in the MACH 3000.
  Workaround: Insert the second connection manually.
• MACH 4000, OpenRail, PowerMICE, Octopus:
  Polling of Out Load and Interface counters:
  The polling interval should not be set to less than 30 seconds because that is the frequency at which the Agents update these values.
• EAGLEmGuard/RR-EPL/EAGLE20:
  • If you
    - use Industrial HiVision in a layer 3 network and
    - the layer 3 network is decoupled with an EAGLEmGuard/RR-EPL/EAGLE20 which is configured as default gateway,
      then increase the "Maximum number of incoming 'ping' frames (ICMP Echo Request) per second" in the Firewall dialog: Extended Settings of the EAGLEmGuard/RR-EPL/EAGLE20.
  • Industrial HiVision discovers devices in the network with ping requests. With the default value of 3 pings per second the EAGLEmGuard/RR-EPL/EAGLE20 blocks all ping requests exceeding the configured value. As a result Industrial HiVision does not get an answer from some devices and cannot discover them.
  • If the network is not discovered completely by the Auto-Topology the value of the "Maximum number of incoming 'ping' frames (ICMP Echo Request) per second" should be increased or the feature should be disabled.
    
• PowerLION-24TP:
  In a stacked configuration, only the data of the master will be present in Industrial HiVision.
  If a switch is removed from a stack and operated as a single device, it will remember its stack id and the IP address of the master. This may lead to network problems and unexpected results in Industrial HiVision. Therefore, it is recommended to configure a new IP address and to reset its id in the web interface under Home/System/Renumbering.
• Eagle20:
  MultiConfig™ Load/Save and Save Support Info requires firmware 4.4.00 or higher
• MACH, MS, RS, Octopus, RSR:
  Autotopology: the topology cannot be detected correctly, if there are devices with identical system names.
  Remedy: update to a newer firmware version or specify unique system names on the devices.
  Fixed with firmware 4.2.10 (or newer) and 5.0.07 (or newer).
  
• MACH, MS, RS, Octopus, RSR:
  In some cases, the out load of a port is determined as 100% (sometimes over a longer time period). This can be fixed with firmware 5.0.07 or newer.
• Meinberg:
  Configuring values with SNMP results in the device savin the config file. It takes quite a while until the SNMP request is answered completely.
  
  • Therefore the SNMP write password cannot be guessed. Please configure it under Preferences - SNMP Configuration.
  • Industrial HiVision times out while setting values, but in most cases the configuration completes successfully. You can avoid the timeout if you configure the timeout value as 10s.
• Unknown SNMP devices:
  For devices that support the ifXTable: port numbers started with 1. This has changed: the value of the variable ifName is now the instance of the port. Therefore their connections cannot be found. To correct this please restart the auto topology.
  
• New enable/disable FLM via MultiConfig™ function, added for Eagle One and Eagle 20.
  Use MultiConfig™ on a device selected in Folder Frame or in the 'Devices' tab, in Detail Display, to access the FLM enabling/disabling function.
  
• 6k & 10k, MAX, Multilin The device MIB has changed for agent actions, e.g. firmware updates. Due to this change Industrial HiVision returns an error for devices with a firmware version earlier than 15.01.
  

Miscellaneous

• Under unfavorable conditions (e.g. high net and/or system load) the GUI cannot connect to the service. Remedy: Restart of the GUI.
• Importing files from prerelease versions is not possible.
• Restoring the default font size may require a manual restart of the GUI.
• If the program does not react any more: end the GUI with the task manager (HiVision.exe) and restart it. If the problem persists: restart the Industrial HiVision service.
• If you have problems connecting to the Industrial HiVision Web server: delete the browser cache.
• Redundant Network Management System:
  You can find information on how to install Industrial HiVision on a redundant system at www.hivision.de.
  Please consider the system requirements for this installation.
• If you turn back the system clock the GUI may freeze. If this happens, then restart the GUI.
• Connection with Subdomains:
  Version 5.0 under 'Previous version' means 05.0.01 or later. It is not possible to connect with version 05.0.00
• If you want to use the GUI in a Browser, then deactivate the Java Cache:
  System Panel -> Java: General -> Settings: unmark the 'Keep temporary files' checkbox.
• OPC UA/DA installation:
  Later installation of another OPC server variant is not possible with a self extracting bundle. There is no maintenance dialog to install or de-install separate components for a self extracting bundle.
• Project import from 5.X releases or older:
  In rare cases, redundant connections may be displayed as forwarding (solid lines instead of dashed lines) after the project import.
  Remedy: Restart the service.
  
• Scanning IP ranges of the network has been improved and simplified. The description in the manual (References/8.4 Basics) does not yet cover the new options.
  
• The OPC UA server of Industrial HiVision was tested with UaExpert by Unified Automation and the OPC UA Client by Prosys.
• To update the display language of the Event History Timeline, restart the application after you change the display language of the GUI.
• When you select objects for example, devices, ports, or connections, to configure with MultiConfig™, it is recommended that you only select objects with the following matching characteristics, Device Class, Product, Chassis, Firmware version. The reason for matching the characteristics is that MultiConfig™ only displays the common supported dialogs. Displaying only common dialogs leads to a smaller number of dialogs. A smaller number of dialogs leads to fewer number of functions available for the selected objects.
  Note: With different software versions on the devices, MultiConfig™ can display dialogs which are available for the selected objects. In this case, you can configure the functions in the dialogs. However, when you configure functions on devices with different software, this can result in warning and error messages depending on the object you are configuring.
• Enabling both "Determine" and "Forward Status Up" in the dialog "MultiConfig™ -> Program settings -> Container Properties" can display a warning. In this case, click the "Write" button again to complete the configuration.
• In some cases, the dialog "MultiConfig™ -> Switching -> Advanced" can display a value different from the actual value on the device for the field "Frame Size". Specifing the value works as expected.
• Devices which were discovered as members of the device class "Switch" are not officially supported by Industrial HiVision. Industrial HiVision has no information about the actual structure and configuration of these devices. For these devices Industrial HiVision probes a set of standard MIBs and interprets the data to the best of its ability. There is no guarantee that these devices will work correctly in Industrial HiVision.

Additions to the manual

• Support for Window Server 2016
  Starting with this version and until further notice Industrial HiVision can be installed on Window Servers with a 2016 operation system.
• User management LDAP over SSL / TLS
  The Use Secure Connection checkbox in the Preferences> Basic> User Management> LDAP Server Configuration dialog, allows you to select between a secure or unsecure connection when logging into a Industrial HiVision client were the authorization is completed using an LDAP server. When the checkbox is unmarked, the client authenticates by sending the passwords as clear text and without verifying the identity of the server. When you mark the checkbox the client authenticates using a secure SSL connection to the server and the passwords are sent encrypted. The identity of the server will be accepted in the background, and the event log displays the certificate and other information of the LDAP server.
• Disable polling button in the Monitor dialog
  There is a new button in the Monitor dialog, Disable Polling. If you click on the button, then you stop the current polling.
  Note: The function deletes the list in the window. Save the polling list before you click on the button.
• Forward all events to the syslog server
  The event forwarding functionality has been enhanced to help users perform event forwarding to a Syslog server for multiple devices at once. The new "Forward events of all devices" checkbox and "Event type" combo-box in the ""Preferences> Event Forwarding" dialog, allows users to filter the events sent to the Syslog server based on their type and severity.
• Icon for Management Station
  The icon of the device representing the Management Station in the Map tab now changes according to its status. The system displays two different icons depending whether it is a local kernel or a remote kernel. Users have the option to disable this functionality with the new "Do not Change Management Station Icon" checkbox found in the "Preferences> Management Station" dialog. Note that users should restart the device after enabling or disabling the functionality in order for the changes to be visible.
• HiOS 7.0 Start of Webif with credentials
  The existing context menu entry "Open Web Interface" will be used, but additional steps will be performed in the background before launching the browser. When launching the web interface of an HiOS 7+ device from Industrial HiVision, the stored credentials will be used to perform an auto-login, so that the user does not have to login manually.
• Zoom Support for Mouse Wheel
  Zoom support for mouse wheel has been implemented. Users can now use CTRL + scroll mouse wheel to change the zoom factor in Map tab or zoom panel.
• Add Web/CLI/GUI to Context Menu in Properties Tab
  Users can now open the graphical user interface of a selected device directly in the "Properties" tab. The context menu contains three new options: "Web Interface", "Device Configuration" and "CLI".
• Notification: Certificate for Push Notification expires in ...
  The "Event History" dialog now displays an event to inform users when a higher version of Industrial HiVision is available. The new system-generated event is displayed every Monday, starting 365 days after the release of the installed version.
• Start Executable with Arguments
  Users can now run an executable with arguments through an event action. The "User defined Actions> New Action Entry" dialog has been enhanced with a new "Parameters" text field and a new drop-down list. It is recommended that users verify that the specified parameters comply with the command line syntax prior to choosing the executable option. Note that the Alarm message is appended to the executable as a parameter.