Claroty finds critical flaws in OPC protocol implementations
Due to its popularity as an embedded protocol operating in devices across the industrial control systems (ICS) domain, the Claroty Research Team decided to analyze the Open Platform Communications (OPC) for security vulnerabilities and implementation issues. In a blog, they shared some details about a number of vulnerabilities that emerged from their intensive investigation of the protocol.
The OPC network protocol is the middleman of operational technology (OT) networks, ensuring operability between industrial control systems (ICS) and proprietary devices, such as programmable logic controllers (PLCs) responsible for the correct operation of field devices. Having standardized communication protocols such as OPC and its specifications (OPC DA, AE, HDA, XML DA, DX, and OPC UA) guarantees that management and oversight of devices and processes can happen from a centralized server, says researcher Uri Katz.