Security News > 2021 > January > Industrial Firms Informed About Serious Vulnerabilities in Matrikon OPC Product
Industrial organizations have been informed about the existence of several potentially serious vulnerabilities affecting an OPC UA product made by Honeywell subsidiary Matrikon.
As part of their analysis of OPC UA security, researchers at industrial cybersecurity firm Claroty discovered that Matrikon's OPC UA Tunneller product, which is designed for integrating OPC UA clients and servers with OPC Classic architecture, is affected by four critical and high-severity vulnerabilities that can be exploited for remote code execution, DoS attacks, and for obtaining potentially valuable information.
The most serious of the flaws found by Claroty in Matrikon OPC UA Tunneller - based on its CVSS score of 9.8 - is a heap buffer overflow bug that can allow an attacker to remotely execute arbitrary code or cause a DoS condition.
The company told SecurityWeek that exploitation of the vulnerabilities requires network access to the targeted OPC server or OPC tunneller, but authentication is not required.
As part of its research into OPC security, Claroty also identified vulnerabilities in products made by industrial automation solutions providers Kepware and Softing Industrial Automation.
"Also contributing to the expansive use of OPC is the fact that many vendors are already connecting parts of their networks that communicate using OPC to the cloud. This introduces industrial IOT devices into the equation, those that both receive and exchange device and process information," it added.