At least nine vulnerabilities in the approach three leading IoT vendors used to implement the open platform communication (OPC) network protocol created conditions that could potentially expose product users to denial-of-service (DoS) attacks, remote code execution, and sensitive data leakage.

The three IoT vendors – Softing Industrial Automation GmbH, Kepware PTC, and Matrikon Honeywell – all provided fixes for their respective products after security firm Claroty privately disclosed them during 2020.

OPC functions as the middleman of operational technology (OT) networks, ensuring operability between industrial control systems (ICS) and proprietary devices, such as programmable logic controllers (PLCs) responsible for the correct operation of field devices. Standardized communication protocols such as OPC and its specifications guarantee that management and oversight of devices and processes can happen from a centralized server.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.