Multiple issues in the SCADA OPC-UA TCP protocol could allow an unauthenticated, remote attacker to spoof network communications or exploit input validation flaws on vulnerable systems using the affected protocol.
The issues in the affected protocol are due to insecure transmission and insufficient sanitization of the following:
- Error Message - Request Interrupted
- Error Message - Request Timeout
- Error Message - Secure Channel Token Unknown
- Error Message - Security Checks Failed
- Error Message - TCP Message Type Invalid
- Error Message - TCP Message Too Large
- Error Message - TCP Not Enough Resources
- Error Message - TCP Secure Channel Unknown
- Error Message - TCP Server Too Busy
- Error Message - TCP Timeout
- Error Message - TCP Internal Error
- Malformed Acknowledge Message - Invalid Send Buffer Size
- Malformed Hello Message - Invalid Send Buffer Size
- Malformed Hello Message - Invalid EndPoint URL
- Malformed Hello Message - Invalid Receive Buffer Size
- Malformed SecureChannel Open - Invalid Receiver Certificate Length
- SecureChannel Open - Invalid Supplied SecurityPolicyUri Length
- SecureChannel Open - Missing Sender Certificate
- SecureChannel Open - Missing Reciever Certificate
- SecureChannel Open - Security Policy - None
An attacker could exploit these issues by sending malicious network requests to the affected software. An exploit could allow the attacker to spoof the source or type of communications or exploit other issues as a result of processing messages on the targeted system.
Administrators may consider using IP-based access control lists (ACLs) to allow only trusted systems to access the affected systems.
Administrators are advised to implement an intrusion prevention system (IPS) or intrusion detection system (IDS) to help detect and prevent attacks that attempt to exploit these issues.
The vendor has not confirmed these issues. Software updates are not available.