For example, Softing’s OPC library is being used as a third-party OPC protocol stack by some vendors, and the KEPServerEX OPC Server is being used as an OEM shelf solution by other well-known vendors, including Rockwell Automation and GE, both of which have published advisories informing their users of these security issues. These three products are integrated into many other vendors’ offerings as a third-party component. The following sections provide some details on vulnerabilities uncovered by The Claroty Research Team in Softing’s Industrial Automation OPC library, Kepware PTC’s ThingWorx Kepware Edge and KEPServerEX OPC servers, and Matrikon’s Matrikon OPC Tunneller. Here are the ICS-CERT advisories for each of the affected vendors:
#Kepserverex icon update
Update and mitigation information is also available in the advisories. The Industrial Control System Cyber Emergency Response Team (ICS-CERT) has also published advisories, warning users of the affected products about the risks. Users of affected products are urged to determine whether they are vulnerable and update immediately to the latest versions. Three vendors-Softing Industrial Automation GmbH, Kepware PTC, and Matrikon Honeywell-have provided fixes for their respective products.
#Kepserverex icon code
Organizations that use these vendors’ products built on OPC are exposed to attacks that could result in denial-of-service conditions on devices, remote code execution, and information leaks of sensitive device data. Throughout 2020, Claroty privately disclosed critical flaws in several vendor implementations of the OPC protocol. In the coming weeks, we will publish an in-depth report about OPC and its various flavors, but for today, we want to share some details about a number of vulnerabilities that emerged from our intensive investigation of the protocol. The Claroty Research Team decided that due to its popularity as an embedded protocol operating in devices across the ICS domain, OPC was worthy of analysis for security vulnerabilities and implementation issues. Having standardized communication protocols such as OPC and its specifications (OPC DA, AE, HDA, XML DA, DX, and OPC UA) guarantees that management and oversight of devices and processes can happen from a centralized server. The Open Platform Communications (OPC) network protocol is the middleman of operational technology (OT) networks, ensuring operability between industrial control systems (ICS) and proprietary devices, such as programmable logic controllers (PLCs) responsible for the correct operation of field devices.
0 kommentar(er)
