Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Wednesday, 1 February, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Kaspersky Lab discover critical vulnerabilities in a popular industrial protocol, affecting products from multiple vendors

by The Gurus
May 10, 2018
in Editor's News
Share on FacebookShare on Twitter

Kaspersky Lab ICS CERT has analyzed the OPC UA (Object Linking and Embedding for Process Control Unified Automation) protocol, which is designed for secure data transfer between servers and clients in industrial systems, including critical infrastructure. Analysis discovered 17 zero-day vulnerabilities in the protocol’s implementation, leading to denial-of-service threat attacks, as well as remote code execution. In addition, several flaws were found in commercial products built on the protocol. All vulnerabilities were reported to the developers and were fixed by the end of March 2018. 

OPC UA is an industrial protocol, which was developed and released by the OPC Foundation in 2006 for reliable and secure data transmission between various systems on an industrial network. This protocol is widely used by major vendors in modern industrial facilities, in the manufacturing, oil and gas, pharmaceuticals industries and others. Its gateways are installed by a growing number of industrial enterprises, for communication in automated process control and telemetry, and monitoring and telecontrol systems, allowing these enterprises to unify their management processes. The protocol is also used in IIoT and smart city components, which are increasingly attracting hacker attention.

Kaspersky Lab ICS CERT experts analyzed OPC UA architecture and its products. They examined its open-source code (available on GitHub), including a sample sever, and discovered that current implementations of the protocol had code design and writing errors. These errors should not exist in such widespread critical infrastructure software. Overall, 17 zero-day vulnerabilities in the OPC Foundation’s products were identified and reported to the developers, who fixed them accordingly.

In addition, Kaspersky Lab ICS CERT analyzed third-party software based on this industrial protocol, including solutions by leading industry vendors. In most cases, they discovered flaws were caused by the developers not using some of the protocol implementation functions properly. In other cases, vulnerabilities were the result of incorrect modifications applied to the protocol’s infrastructure. Thus, experts discovered the insecure implementation of functions in a commercial product, despite the fact that the original OPC Foundation implementation did not include errors. As a result, such modifications in the protocol’s logic, made by vendors for unknown reasons, was leading to risky functionality.

All the vulnerabilities found in the OPC UA protocol implementations could result in heavy damage to industry. On the one hand there was the risk of denial-of-service (DoS) issues, which could pose serious threats to industrial systems by disrupting or shutting down industrial processes. On the other hand, remote code execution was made possible, allowing attackers to send any kind of server commands to control industrial processes, or continue their intrusion into the network.

“Very often software developers put too much trust in industrial protocols, and implement the technology in their solutions without putting the product code through security checks. Thus, vulnerabilities in the example used can affect complete product lines, so it’s highly important that vendors pay close attention to such widely available technologies. Moreover, they should not be deceived by the idea that they can design their own piece of software. Many think this could be more efficient and secure than existing software, but even a brand new piece of software may still contain numerous vulnerabilities.” said Sergey Temnikov, Senior security researcher at Kaspersky lab ICS CERT.

Kaspersky Lab recommends organizations:

  • pay close attention to security checks and testing as a necessary step during the application development process, and do not fully rely on protocols.
  • conduct audits and pen testing to discover vulnerabilities.
  • isolate software development processes, therefore if an application is hacked, attackers won’t be able to get access to the network.

Read more about OPC UA security analysis on the Kaspersky Lab ICS CERT website.

FacebookTweetLinkedIn
ShareTweetShare
Previous Post

Catching the Blind Spots of Vendor Risk Management

Next Post

16,500 Student Loan Borrowers’ Information Exposed in Data Leak

Recent News

JD Sports admits data breach

JD Sports admits data breach

January 31, 2023
Acronis seals cyber protection partnership with Fulham FC

Acronis seals cyber protection partnership with Fulham FC

January 30, 2023
Data Privacy Day: Securing your data with a password manager

Data Privacy Day: Securing your data with a password manager

January 27, 2023
#MIWIC2022: Carole Embling, Metro Bank

#MIWIC2022: Carole Embling, Metro Bank

January 26, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information