View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Kaspersky Lab Finds 17 Critical Vulnerabilities in Popular Industrial Protocol

Attackers could have taken over industrial controls

By CBR Staff Writer

The industrial protocol OPC UA is widely used by major vendors in modern industrial facilities, including in the manufacturing, oil and gas, pharmaceuticals and smart city sectors. This morning however, Kaspersky Lab announced that it had identified 17 zero-day vulnerabilities that could result crippling cyberattacks, including the ability to take over industrial processes.

The protocol – developed and released by the OPC Foundation in 2006 for secure data transmission between various systems on an industrial network – is installed by a growing number of industrial enterprises. It is used in automated process control, monitoring and telecontrol systems and the Industrial Internet of Things (IIoT).

Russian cyber attack could kills ‘thousands’ warns Defence Secretary

They examined its open-source code (available on GitHub), including a sample sever, and discovered that current implementations of the protocol had code design and writing errors.

“Very often software developers put too much trust in industrial protocols, and implement the technology in their solutions without putting the product code through security checks. Vulnerabilities in the example used can affect complete product lines, so it’s highly important that vendors pay close attention to such widely available technologies”, Kaspersky Lab’s Sergey Temnikov said in a release.

Several additional flaws were found in commercial products built on the protocol, Kaspersky Lab added, saying that it had reported vulnerabilities to the developers and they had been fixed by the end of March 2018. The Romania-headquartered cybersecurity company recommended users conduct regular audits and penetration tests to discover vulnerabilities and isolate software development processes.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester


The finding comes just weeks after Tripwire’s survey found a massive 70 percent of IT and OT specialists in the energy sector were concerned that a successful cyberattack “could cause a catastrophic failure, such as an explosion.”

Last year multiple security groups published findings on malware built specifically to attack industrial equipment.

 Stuxnet, uncovered in 2010 by Kaspersky Lab, caused substantial damage to Iran’s nuclear programme. Other such weapons have since followed fast.

Grid-hacking tool Industroyer, or Crash Override, was revealed by the security firmsESET and Dragos Inc in mid-2017 and is believed to have caused a blackout in Kiev at the end of 2016, following an attack on Ukrainian electric utility Ukrenergo.

Triton, discovered by the firm FireEye and Dragos meanwhile, was identified in late 2017and reported to be an attack framework built to interact with Triconex Safety Instrumented System (SIS) controllers. (“It could prevent safety mechanisms from executing their intended function, resulting in a physical consequence”, FireEye said.)


Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.