Vulnerabilities in the framework used for secure data transfer in industrial systems were all fixed by March, says Kaspersky Lab.
Researchers discovered 17 zero-day vulnerabilities in a popular framework for secure data transfer between clients and servers in industrial systems — OPC-UA — and applications that use that framework.
OPC-UA (Object Linking and Embedding for Process Control Unified Automation) is an updated, more-secure version of the OPC protocol, and allows the use of SOAP over HTTPS.
However, Kaspersky Lab ICS CERT released findings today that many implementations of OPC-UA had code design flaws that left them open to denial-of-service and remote code execution attacks. Vulnerabilities were found both in the OPC Foundation's own applications as well as third-party applications that use the OPC-UA Stack.
All vulnerabilities were reported to developers, and were fixed as of March, according to Kaspersky Lab. See the full report here.
About the Author(s)
You May Also Like
Guarding the Cloud: Top 5 Cloud Security Hacks and How You Can Avoid Them
April 4, 2024Cybersecurity Strategies for Small and Med Sized Businesses
April 11, 2024Defending Against Today's Threat Landscape with MDR
April 18, 2024Securing Code in the Age of AI
April 24, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024Black Hat Asia - April 16-19 - Learn More
April 16, 2024