Are the Connect ME PNP devices affected by heartbleed?

Are the Connect ME and Connect ME 4 with plug-and-play firmware affected by heartbleed. I have read, but am unsure of where these devices fit in.

Digi ARM Embedded Software Platforms (Various)
OpenSLL “Heartbleed” Vulnerability (CVE-2014-0160) Advisory
Digi Application Development Kit for Android
Windows Embedded Compact 6/7
Digi Embedded Linux Digi Embedded Yocto NET+OS
This product notice provides general advice to customers regarding the recently discovered “Heartbleed” vulnerability affecting OpenSSL versions 1.0.1 through 1.0.1f only. Other OpenSSL versions are not affected.
The table below summarizes the specific Digi embedded software development platform versions and their known exposure to the “Heartbleed” vulnerability as well as applicable mitigation options. Versions that are not listed below are not considered affected. Platform Status Affected Version Mitigation/Comments NET+OS
Not Affected
NET+OS implements OpenSSL v0.9.8g/plus #1276: TLS Extensions/RFC 3546 Patch (or earlier). Digi Embedded Linux
Hotfix available through Digi Package Manager. Digi Embeded Yocto
See Digi Technical Support Knowledgebase Article #3566 Windows Embedded Compact 6/7
Not Affected
SSL/TLS implementations of Windows Embedded Compact are not based on OpenSSL. Digi ADK for Android
Not Affected
All Android platform releases with the exception of 4.1.1 (JB) are not affected.
See official Google Online Security post below for reference:
Please refer to the official Digi “Heartbleed” Security Notice posted at for additional information, including resources to test existing devices and their software for possible exposure.
As a security best practices guideline, Digi still strongly advises all customers to test software builds for exposure to the “Heartbleed” vulnerability and take the appropriate mitigation steps as quickly as possible.

I’m not sure what OS or SSL implementation the Connect ME or Connect ME 4 with plug-and-play firmware uses. Does it implement a version of OpenSSL from v1.0.1 through v1.0.1f?

The operating system for Plug-and-play is called NDS, I’m not sure which version of OpenSSL is implemented on the NDS but if is not listed on this notice, then it should not be affected.

Here is the official statement. There is also a link on the bottom of the page that will have a link to tools for testing if you are concerned.

Connect ME4 running Plug and Play is not affected.