Rockwell Automation AADvance Standalone OPC-DA Server

Act Now9.8ICS-CERT ICSA-24-226-02Aug 13, 2024

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

AADvance Standalone OPC-DA Server versions 2.01.510 and later contain multiple vulnerabilities (CWE-20 improper input validation, CWE-134 use of externally-controlled format string) that allow unauthenticated remote attackers to execute arbitrary code on the affected product. The product is a core data provider for industrial automation systems that expose real-time process data and control access to PLCs and other field devices via OPC-DA protocol.

What this means

What could happen

An attacker who reaches the OPC-DA Server over the network could run arbitrary commands on it, potentially allowing them to read or modify process data, disconnect critical controls, or escalate access to connected PLCs and automation devices.

Who's at risk

Manufacturing plants, utilities (electric, water, gas), and any organization running Rockwell Automation AADvance Standalone OPC-DA Server v2.01.510 or later should prioritize this fix. The OPC-DA Server is often a central hub connecting engineering workstations, SCADA systems, and field devices (PLCs, drives, sensors). Compromise of this server threatens the entire control architecture downstream.

How it could be exploited

An attacker sends a specially crafted network request to the OPC-DA Server port without authentication. The request exploits improper input validation (CWE-20) or format string handling (CWE-134) to achieve code execution. From the compromised server, the attacker can interact with connected industrial devices via OPC-DA protocol.

Prerequisites

Network connectivity to the AADvance OPC-DA Server listen port
No authentication credentials required

Remotely exploitableNo authentication requiredLow complexityHigh EPSS score (49%)Affects data/control gateway (OPC-DA is central to many automation networks)

Exploitability

High exploit probability (EPSS 49.0%)

Affected products (1)

ProductAffected VersionsFix Status

AADvance Standalone OPC-DA Server: >=v2.01.510≥ v2.01.5102.02

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGMinimize network exposure: ensure the OPC-DA Server is not accessible from the internet or untrusted networks

HARDENINGIsolate the OPC-DA Server behind a firewall; restrict inbound access to only trusted engineering workstations and SCADA systems that require OPC-DA connectivity

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate AADvance Standalone OPC-DA Server to v2.02 or later

Long-term hardening

0/1

HARDENINGIf remote access to the OPC-DA Server is required, implement a VPN with up-to-date security patches

CVEs (2)

CVE-2018-1285 CVE-2006-0743

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/dab30991-7c06-4ba1-9f9e-a9a2f83110ad