Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
17 Zero-Days Found & Fixed in OPC-UA Industrial Protocol Implementations
Vulnerabilities in the framework used for secure data transfer in industrial systems were all fixed by March, says Kaspersky Lab.
1 Min Read
Researchers discovered 17 zero-day vulnerabilities in a popular framework for secure data transfer between clients and servers in industrial systems — OPC-UA — and applications that use that framework.
OPC-UA (Object Linking and Embedding for Process Control Unified Automation) is an updated, more-secure version of the OPC protocol, and allows the use of SOAP over HTTPS.
However, Kaspersky Lab ICS CERT released findings today that many implementations of OPC-UA had code design flaws that left them open to denial-of-service and remote code execution attacks. Vulnerabilities were found both in the OPC Foundation's own applications as well as third-party applications that use the OPC-UA Stack.
All vulnerabilities were reported to developers, and were fixed as of March, according to Kaspersky Lab. See the full report here.
About the Author
You May Also Like
More Insights
Webinars
