Security Experts:

Details Disclosed for OPC UA Vulnerabilities Exploited at ICS Hacking Competition

Software development and security solutions provider JFrog has disclosed the details of several vulnerabilities affecting the OPC UA protocol, including flaws exploited by its employees at a hacking competition earlier this year.

OPC UA (Open Platform Communications United Architecture) is a machine-to-machine communication protocol that is used by many industrial solutions providers to ensure interoperability between various types of industrial control systems (ICS).

JFrog’s researchers discovered several vulnerabilities in OPC UA and disclosed some of them at the Pwn2Own Miami 2022 competition in April, where participants earned a total of $400,000 for hacking ICS.

In the OPC UA server category at Pwn2Own, the maximum prize was $40,000, for bypassing a trusted application check, and participants could earn $20,000 for remote code execution flaws.

The JFrog researchers earned $5,000 for each of two denial-of-service (DoS) exploits targeting the OPC UA .NET Standard server, an open source server used by hundreds of other repositories on GitHub, and the Unified Automation OPC UA C++ demo server.

The two vulnerabilities presented at Pwn2Own can be used to crash the OPC UA server. DoS flaws can have a significant impact in the case of ICS as they can lead to the disruption of critical processes.

JFrog disclosed its findings in a blog post published last week.

In addition, JFrog researchers reported eight other vulnerabilities to Unified Automation. The issues were found in the Unified Automation C++-based OPC UA Server SDK and they were fixed with the release of version 1.7.7 of the SDK.

Learn More About Vulnerabilities in Industrial Products at 

SecurityWeek’s ICS Cyber Security Conference

Two of these vulnerabilities can allow an attacker with elevated privileges to achieve remote code execution on the server. These security holes did not qualify for Pwn2Own due to time and stability constraints, but their details were disclosed last week in a separate blog post by JFrog.

The remote code execution exploits are not stable, but the researchers believe they can be improved.

The technical details disclosed by JFrog could be useful to other researchers who want to analyze the security of the OPC UA industrial stack.

Related: Industrial Firms Informed About Serious Vulnerabilities in Matrikon OPC Product

Related: Many Vulnerabilities Found in OPC UA Industrial Protocol

Related: ICS Vendors Assessing Impact of New OPC UA Vulnerabilities

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.