Softing Industrial Automation OPC

Act Now9.8ICS-CERT ICSA-20-210-02Jul 28, 2020

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A buffer overflow vulnerability in Softing OPC versions before 4.47.0 could allow a remote attacker to crash the OPC server or execute arbitrary code. The vulnerability has a CVSS score of 9.8, requires no authentication, and can be exploited from the network. This affects the OPC interface used for communication between industrial control systems, SCADA platforms, and engineering applications in manufacturing environments.

What this means

What could happen

A remote attacker could crash the OPC server or execute arbitrary code on it, potentially disrupting data access and control communications between manufacturing systems and industrial applications that rely on the OPC interface.

Who's at risk

Manufacturing facilities using Softing OPC software for communication between SCADA systems, HMIs, and industrial control devices should prioritize this. Any plant that relies on OPC as the data backbone for process monitoring or integration with engineering tools is at risk.

How it could be exploited

An attacker with network access to the OPC server (typically port 135 or 445 for COM-based access, or port 4840 for OPC UA) sends a crafted message that triggers a buffer overflow. This allows the attacker to inject and run code on the OPC server with the same privileges as the application.

Prerequisites

Network access to the OPC server on relevant COM/DCOM ports (135, 445) or OPC UA port (4840)
No authentication required for exploitation
OPC version earlier than 4.47.0

Remotely exploitableNo authentication requiredLow complexity attackHigh CVSS score (9.8)Buffer overflow can lead to remote code executionAffects data integration and control communications

Exploitability

Moderate exploit probability (EPSS 1.1%)

Affected products (1)

ProductAffected VersionsFix Status

OPC: All< 4.47.04.47.0

Remediation & Mitigation

0/4

Do now

0/3

HARDENINGIsolate OPC servers from the Internet and restrict network access to only authorized engineering workstations and control systems using firewall rules

HARDENINGPlace OPC servers behind firewalls and separate them from business networks

WORKAROUNDIf remote access to OPC servers is required, use VPN with current security patches

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Softing OPC to version 4.47.0 or later

CVEs (2)

CVE-2020-14524 CVE-2020-14522

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/dce49982-11f9-47b2-afb4-06c1e5a7f505