The OPC Foundation reviews the Kaspersky Labs report. identifies security improvements

  The OPC Foundation reviews the Kaspersky Labs report; identifies security improvements

21. May 2018 – Kaspersky Labs' report published on May 10, 2018 has garnered much attention for its claim to identify 17 security issues in some OPC UA implementations. The OPC Foundation has continued to support and ensure that the OPC UA standard offers the highest level of security and has reviewed the claims made in the Kaspersky report and found that

  1. eight issues were assigned to an ANSI C sample server application from OPC Foundation provided in GitHub with the ANSI C batch code. These issues did not affect the ANSI C stack itself or products based on commercial SDKs. Nevertheless, all problems have been resolved.
  2. Six issues have been linked to the server enumerator (LDS) of the OPC Foundation. These were set in 2017 and a CVE published. These issues could not be exploited remotely.
  3. Three issues concerned some products in the field. specifically:

    1. A problem related to a product from a vendor that published a CVE in 2016
    2. The second issue relates to a vendor's product that is working on a fix and will report it to the US ICS CERT soon
    3. The third problem involved a legacy .NET stack that was immediately fixed by the OPC Foundation in 2017. OPC users were made aware of this issue through a CVE in 2017.

Kaspersky Labs report may have reported the safety of the OPC UA standard, emphasizes the OPC Foundation:

  • The OPC UA software ecosystem consists of several commercial OPC UA SDK / Toolkit vendors that have been tested and tested to offer documented products. 19659011] The vast majority of OPC UA products are based on these commercial OPC UA SDK / Toolkits and are unaffected by the issues with the GITHub published ANSI C sample server application.
  • The OPC Foundation cooperates cooperatively with vendors testing the opening source code base of external security organizations and integrates them into GitHub.
More Products  Rockwell Automation Announces Preventative Maintenance Offer as a Service

The global adoption of OPC UA reflects the market's need for secure, open data connectivity and interoperability in manufacturing and beyond. This means that the OPC UA standard and its various open source implementations in the large and active OPC UA community are continually being critically scrutinized by many.

The OPC Foundation is committed to handling any issues encountered by OPC providers to ensure that software is patched and to inform OPC users about the issues and fixes. The OPC Foundation will continue to provide its users with the foundation they expect from an industrial interoperability standard.

About the OPC Foundation

Since 1996, the OPC Foundation has enabled the development and introduction of OPC standards for information exchange. As the supporter and custodian of these specifications, the Foundation's mission is to facilitate the interoperability of their manufacturing and automation resources for industry, end-users and software developers.



 The OPC Foundation reviews the Kaspersky Labs report. identifies security improvements

Leave a Reply