Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Sponsored By
17 Zero-Days Found & Fixed in OPC-UA Industrial Protocol Implementations17 Zero-Days Found & Fixed in OPC-UA Industrial Protocol Implementations
Vulnerabilities in the framework used for secure data transfer in industrial systems were all fixed by March, says Kaspersky Lab.
Dark Reading Staff
May 11, 2018
1 Min Read
Researchers discovered 17 zero-day vulnerabilities in a popular framework for secure data transfer between clients and servers in industrial systems — OPC-UA — and applications that use that framework.
OPC-UA (Object Linking and Embedding for Process Control Unified Automation) is an updated, more-secure version of the OPC protocol, and allows the use of SOAP over HTTPS.
However, Kaspersky Lab ICS CERT released findings today that many implementations of OPC-UA had code design flaws that left them open to denial-of-service and remote code execution attacks. Vulnerabilities were found both in the OPC Foundation's own applications as well as third-party applications that use the OPC-UA Stack.
All vulnerabilities were reported to developers, and were fixed as of March, according to Kaspersky Lab. See the full report here.
About the Author(s)
You May Also Like
More Insights
Webinars
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and Phishing
Nov 01, 2023SecOps & DevSecOps in the Cloud
Nov 06, 2023What's In Your Cloud?
Nov 30, 2023Everything You Need to Know About DNS Attacks
Nov 30, 2023
