Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Details Disclosed for OPC UA Vulnerabilities Exploited at ICS Hacking Competition

Software development and security solutions provider JFrog has disclosed the details of several vulnerabilities affecting the OPC UA protocol, including flaws exploited by its employees at a hacking competition earlier this year.

Software development and security solutions provider JFrog has disclosed the details of several vulnerabilities affecting the OPC UA protocol, including flaws exploited by its employees at a hacking competition earlier this year.

OPC UA (Open Platform Communications United Architecture) is a machine-to-machine communication protocol that is used by many industrial solutions providers to ensure interoperability between various types of industrial control systems (ICS).

JFrog’s researchers discovered several vulnerabilities in OPC UA and disclosed some of them at the Pwn2Own Miami 2022 competition in April, where participants earned a total of $400,000 for hacking ICS.

In the OPC UA server category at Pwn2Own, the maximum prize was $40,000, for bypassing a trusted application check, and participants could earn $20,000 for remote code execution flaws.

The JFrog researchers earned $5,000 for each of two denial-of-service (DoS) exploits targeting the OPC UA .NET Standard server, an open source server used by hundreds of other repositories on GitHub, and the Unified Automation OPC UA C++ demo server.

The two vulnerabilities presented at Pwn2Own can be used to crash the OPC UA server. DoS flaws can have a significant impact in the case of ICS as they can lead to the disruption of critical processes.

JFrog disclosed its findings in a blog post published last week.

In addition, JFrog researchers reported eight other vulnerabilities to Unified Automation. The issues were found in the Unified Automation C++-based OPC UA Server SDK and they were fixed with the release of version 1.7.7 of the SDK.

Advertisement. Scroll to continue reading.

Learn More About Vulnerabilities in Industrial Products at 

SecurityWeek’s ICS Cyber Security Conference

Two of these vulnerabilities can allow an attacker with elevated privileges to achieve remote code execution on the server. These security holes did not qualify for Pwn2Own due to time and stability constraints, but their details were disclosed last week in a separate blog post by JFrog.

The remote code execution exploits are not stable, but the researchers believe they can be improved.

The technical details disclosed by JFrog could be useful to other researchers who want to analyze the security of the OPC UA industrial stack.

Related: Industrial Firms Informed About Serious Vulnerabilities in Matrikon OPC Product

Related: Many Vulnerabilities Found in OPC UA Industrial Protocol

Related: ICS Vendors Assessing Impact of New OPC UA Vulnerabilities

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Karl Triebes has joined Ivanti as Chief Product Officer.

Steven Hernandez has joined USAID as CISO and Deputy CIO.

Data security and privacy firm Protegrity has named Michael Howard as its CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.