OTPulse
FeedAboutContact

MatrikonOPC Explorer

Monitor6.7ICS-CERT ICSA-18-130-01May 10, 2018
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionRequired
Summary

MatrikonOPC Explorer versions 5.0 and earlier contain an improper file permissions vulnerability (CWE-552) that allows local attackers to transfer unauthorized files from the host system. An attacker with local access could read and exfiltrate sensitive files, resulting in unauthorized information disclosure. The vulnerability is not remotely exploitable and no known public exploits exist. MatrikonOPC has released a patch (version 5.1.0.0) to address this issue.

What this means
What could happen
An attacker with local access to a system running MatrikonOPC Explorer could read and transfer sensitive files from the host, potentially exposing configuration data, credentials, or other operational information stored on the engineering workstation.
Who's at risk
Organizations using MatrikonOPC Explorer for OPC server management and monitoring should prioritize this fix, particularly those running engineering workstations that handle sensitive process data or system credentials. This affects facility engineers and operators who interact with OPC infrastructure in water, electric, and manufacturing environments.
How it could be exploited
An attacker with local or physical access to a system running vulnerable Explorer software could exploit improper file permissions to read files outside the intended directory scope and copy them to an attacker-controlled location. This requires local shell or file system access to the workstation.
Prerequisites
  • Local access to the workstation (interactive login or physical access)
  • MatrikonOPC Explorer version 5.0 or earlier installed
  • User interaction may be required (based on CVSS vector UI:R)
requires local access (reduces remote risk but increases insider threat concern)low complexity exploitationno authentication required once local access is obtainedaffects data confidentiality
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
Explorer Versions: 5.0 and prior≤ 5.0No fix yet
Remediation & Mitigation
0/3
Do now
0/1
HARDENINGRestrict local access to OPC engineering workstations through physical security controls and access lists; limit who can log in locally
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate MatrikonOPC Explorer to version 5.1.0.0 or later
Long-term hardening
0/1
HARDENINGEnsure OPC workstations are not accessible from the business network or Internet; isolate them behind firewalls and network segmentation
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/7afc8078-f88c-4916-b786-307468e396bd