CONFERENCE On Demand: Cyber AI & Automation Summit - Watch Now
Connect with us

Hi, what are you looking for?



Free Tool Helps Industrial Organizations Find OPC UA Vulnerabilities

A new free tool named OpalOPC helps industrial organizations find OPC UA misconfigurations and vulnerabilities.

A free tool helps industrial organizations find OPC UA (Open Platform Communications United Architecture) misconfigurations and vulnerabilities that could expose them to cyberattacks.

OPC UA is a machine-to-machine communication protocol that is used by many industrial solutions providers to ensure interoperability between various types of industrial control systems (ICS). While the protocol is highly useful, it can also pose a serious risk to organizations. 

The new tool, named OpalOPC, was developed by Finland-based cybersecurity and data privacy company Molemmat Oy.

OpalOPC, described as a vulnerability scanner for OPC UA applications, is recommended for developers, auditors, security testers and engineers, and system integrators. It provides a graphical user interface as well as a command-line interface. 

The tool, available for both Windows and Linux, is free for non-profit projects and organizations whose revenue does not exceed $1 million. 

Organizations with an annual revenue of more than $1 million are required to pay for the tool. A monthly license costs €239 ($255), while a yearly license costs €2,388 ($2,550), for a single installation. 

Its creator says the tool is still in early development — new checks and other features will be added in the future and there may be bugs that need to be fixed.

An OPC UA server that has been intentionally configured with insecure settings has been set up to enable users to test OpalOPC.

Advertisement. Scroll to continue reading.

Related: New Project Analyzes and Catalogs Vendor Support for Secure PLC Coding

Related: New Open Source OT Security Tool Helps Address Impact of Upcoming Microsoft Patch 

Related: Details Disclosed for OPC UA Vulnerabilities Exploited at ICS Hacking Competition

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content


The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...


Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.


Wago has patched critical vulnerabilities that can allow hackers to take complete control of its programmable logic controllers (PLCs).


Cybersecurity firm Forescout shows how various ICS vulnerabilities can be chained for an exploit that allows hackers to cause damage to a bridge.

Cybersecurity Funding

Internet of Things (IoT) and Industrial IoT security provider Shield-IoT this week announced that it has closed a $7.4 million Series A funding round,...


More than 1,300 ICS vulnerabilities were discovered in 2022, including nearly 1,000 that have a high or critical severity rating.