17 Zero-Days Found & Fixed in OPC-UA Industrial Protocol Implementations

  /     /     /  
Publicated : 22/11/2024   Category : security


17 Zero-Days Found & Fixed in OPC-UA Industrial Protocol Implementations


Vulnerabilities in the framework used for secure data transfer in industrial systems were all fixed by March, says Kaspersky Lab.



Researchers discovered 17 zero-day vulnerabilities in a popular framework for secure data transfer between clients and servers in industrial systems — OPC-UA — and applications that use that framework.
OPC-UA (Object Linking and Embedding for Process Control Unified Automation) is an updated, more-secure version of the OPC protocol, and allows the use of SOAP over HTTPS.
However, Kaspersky Lab ICS CERT 
released findings today
 that many implementations of OPC-UA had code design flaws that left them open to denial-of-service and remote code execution attacks. Vulnerabilities were found both in the OPC Foundations own applications as well as third-party applications that use the OPC-UA Stack.
All vulnerabilities were reported to developers, and were fixed as of March, according to Kaspersky Lab. See the full report
here
.
 

Last News

▸ There are plenty of online tools for reporting bugs. ◂
Discovered: 23/12/2024
Category: security

▸ 27 Million South Koreans Hit by Online Gaming Theft. ◂
Discovered: 23/12/2024
Category: security

▸ Homeland Security Background Checks Breach Raises Concerns. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
17 Zero-Days Found & Fixed in OPC-UA Industrial Protocol Implementations