Unified Automation issued a security advisory warning that its OPC UA software developers kit (SDK) for Windows contains the OpenSSL cryptography library that is vulnerable to Heartbleed. Schneider Electric, another industrial control system (ICS) manufacturer, posted its own advisory with mitigation information for the same bug. The bug was disclosed on April 7; the vulnerability is a missing bounds check that exposes 64 KB of memory with each response. Replaying the attack can eventually leak credentials, and some researchers have managed to grab private encryption keys.
Source: https://threatpost.com/critical-infrastructure-companies-continue-to-patch-heartbleed/106125/