OPC Security White Paper #2 - OPC Exposed

Abstract: In this second White Paper of the OPC  Security Series, we describe the vulnerabilities typically found in OPC hosts, based on OPC’s current architecture and the typical underlying operating system. We also investigate common misconfiguration vulnerabilities found in OPC server or client computers both at the operating system and OPC application level. Finally, using these vulnerabilities we propose four possible risk scenarios for OPC-based attacks.

This sample of scenarios suggests several interesting conclusions. First, they highlight the fact that attacking OPC deployments does not require special skills or esoteric process controls knowledge. All the tools and information needed to carry out attacks can be downloaded from the Internet.

The second conclusion is that two core vulnerabilities, namely excessively open firewalls and overly permissive DCOM access rights, lay at the heart of many scenarios. If either vulnerability is addressed then the chance of these scenarios occurring is significantly reduced. What is especially interesting is that these vulnerabilities could be considered within the control of the knowledgeable OPC end user. Finally, since the typical OPC host configuration is strongly influenced by the guidance provided by the software vendor, we discuss the quality of installation utilities and guidance provided to end-users by the OPC vendor community. In general we find that the guidance from vendors on OPC security could be significantly improved.OPCPaper_2.jpg

The good news is that there are well-proven operating system hardening practices  in the IT security community which we believe can be adopted by the controls community to significantly reduce these risks. In addition there are a number of DCOM specific security settings that can also be applied by the knowledgeable end-user. We will discuss these solutions in our final report in this series, OPC Security White Paper #3 – Hardening Guidelines for OPC Hosts which is scheduled to be released June 12th.

Downloadable PDF Data sheet for the Modbus TCP Enforcer - describes features and benefits for modbus security OPC Exposed - White Paper (175kb)