Security News > 2021 > May > ICS Vendors Assessing Impact of New OPC UA Vulnerabilities
Multiple companies that develop industrial systems are assessing the impact of two new OPC UA vulnerabilities on their products, and German automation technology firm Beckhoff is the first to release a security advisory.
NET based OPC UA client/server SDK. The OPC Foundation released a patch in March.
Beckhoff, whose advisory was also published by Germany's , said the vulnerabilities can be exploited by an unauthenticated attacker to cause a denial of service condition or to obtain information by sending specially crafted OPC UA packets.
"For both kinds of attacks the attacker needs to use a specifically crafted OPC UA client when attacking an OPC UA server, respectively needs to use a specifically crafted OPC UA server when attacking an OPC UA client," Beckhoff explained.
Jacob said it's possible to exploit the vulnerabilities remotely from the internet "If the vulnerable OPC UA server is accessible through the internet, or a vulnerable client accesses a server controlled by an attacker through the internet."
"Theoretically, an attacker performing DoS to an OPC UA server may impact connectivity between control systems, which can result in loss of visibility and possibly loss of control on the process," Jacob explained.