17 Zero-Days Found & Fixed in OPC-UA Industrial Protocol Implementations
Researchers discovered 17 zero-day vulnerabilities in a popular framework for secure data transfer between clients and servers in industrial systems — OPC-UA — and applications that use that framework.
OPC-UA (Object Linking and Embedding for Process Control Unified Automation) is an updated, more-secure version of the OPC protocol, and allows the use of SOAP over HTTPS.
However, Kaspersky Lab ICS CERT released findings today that many implementations of OPC-UA had code design flaws that left them open to denial-of-service and remote code execution attacks. Vulnerabilities were found both in the OPC Foundation’s own applications as well as third-party applications that use the OPC-UA Stack.
All vulnerabilities were reported to developers, and were fixed as of March, according to Kaspersky Lab. See the full report here.
Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio