Integration Objects OPC UA Server Toolkit (Update A)
Monitor5.3ICS-CERT ICSA-24-016-02Jan 16, 2024
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
A log injection vulnerability in the OPC UA Server Toolkit allows a remote attacker to write arbitrary content to the server's log file without authentication. Successful exploitation could allow an attacker to add content to the log file, potentially obfuscating evidence of attacks or tampering with audit records. Versions 1.0.0 and earlier are affected.
What this means
What could happen
An attacker could inject misleading or malicious content into the OPC UA Server's log file, compromising audit trails and making it difficult to detect or investigate other incidents.
Who's at risk
Organizations running the Integration Objects OPC UA Server Toolkit should be concerned. This affects any facility using OPC UA for communication between PLCs, SCADA systems, historians, or engineering workstations—common in water utilities, electrical distribution, manufacturing, and building automation facilities.
How it could be exploited
An attacker with network access to the OPC UA Server could send a specially crafted request over the network to exploit a log injection flaw in the server component, allowing arbitrary content to be written to log files without authentication.
Prerequisites
- Network access to the OPC UA Server (port 4840 or configured OPC UA port)
- No authentication required
remotely exploitableno authentication requiredlow complexityimpacts audit trail integrity
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
OPC UA Server Toolkit: <=1.0.0≤ 1.0.01.0.0 fix 20240123
Remediation & Mitigation
0/4
Do now
0/2HARDENINGMonitor log files for suspicious or unexpected entries that may indicate exploitation attempts
HARDENINGRestrict network access to the OPC UA Server to only authorized engineering and operational networks using firewall rules
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
HOTFIXUpdate OPC UA Server Toolkit to version 1.0.0 fix 20240123 or later
HOTFIXContact Integration Objects sales team to verify support contract status and request the full version security fix (demo version fix is available publicly; full version requires valid support contract)
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/1bbc66af-86fa-46b5-969a-fa09b12c6446