"Critical Vulns Discovered in Vendor Implementations of Key OT Protocol"

The Claroty Research Team's analysis of the Open Platform Communications (OPC) network protocol uncovered several security vulnerabilities and vendor implementation issues. This protocol is widely implemented in Operational Technology (OT) networks. The flaws discovered by Claroty impact products from three vendors whose products are integrated into other vendors' white-label products as a third-party component. The three vendors have patched the vulnerabilities. According to Claroty, the security issues expose organizations to Distributed Denial-of-Service attacks, remote code execution, the theft of sensitive data, and more. The vulnerabilities were found in Softing's Industrial Automation OPC library, Kepware PTC's ThingWorx Kepware Edge and KEPServerEX OPC servers, and the MatrikonOPC Tunneller. This article continues to discuss what the OPC protocol is designed to do, the flaws found in the vendor implementations of this protocol, and the growing interest in OT security. 

Dark Reading reports "Critical Vulns Discovered in Vendor Implementations of Key OT Protocol"