Encryption vulnerabilities in OPC UA protocol affect industrial control systems
Summary
Hide β²
Show βΌ
Multiple vulnerabilities in the OPC UA (Open Platform Communications Unified Architecture) protocol have been disclosed. OPC UA is widely used in industrial settings to facilitate secure communication between operational technology (OT) networks and IT/cloud environments. The vulnerabilities stem from flaws in the protocol's cryptographic design, allowing attackers to bypass authentication and potentially compromise industrial control systems. The issues were discovered by Tom Tervoort, a principal security specialist at Secura. Tervoort presented his findings at DEF CON 33, detailing how the protocol's cryptographic implementation can be exploited. The vulnerabilities affect multiple vendors and have been assigned CVEs: CVE-2024-42512, CVE-2024-42513, and CVE-2025-1468. The OPC Foundation, which administers the protocol, assisted in disclosing the issues to affected vendors and implementing fixes. Organizations using OPC UA are advised to apply relevant patches and consider additional security measures, such as IP allowlisting.
Timeline
-
11.08.2025 19:08 π° 1 articles Β· β± 1mo ago
Multiple vulnerabilities in OPC UA protocol disclosed at DEF CON 33
Tom Tervoort, a principal security specialist at Secura, presented findings on vulnerabilities in the OPC UA protocol at DEF CON 33. The vulnerabilities stem from flaws in the protocol's cryptographic design, allowing for potential exploitation by attackers. Tervoort demonstrated proof-of-concept attacks and disclosed the issues to affected vendors, who have since implemented fixes. The vulnerabilities affect multiple vendors and have been assigned CVEs: CVE-2024-42512, CVE-2024-42513, and CVE-2025-1468. Organizations using OPC UA are advised to apply relevant patches and consider additional security measures.
Show sources
- Utilities, Factories at Risk From Encryption Holes in Industrial Protocol β www.darkreading.com β 11.08.2025 19:08
Information Snippets
-
OPC UA is a standardized, open-source communication protocol used in industrial settings.
First reported: 11.08.2025 19:08π° 1 source, 1 articleShow sources
- Utilities, Factories at Risk From Encryption Holes in Industrial Protocol β www.darkreading.com β 11.08.2025 19:08
-
OPC UA includes its own cryptographic authentication and transport security layer.
First reported: 11.08.2025 19:08π° 1 source, 1 articleShow sources
- Utilities, Factories at Risk From Encryption Holes in Industrial Protocol β www.darkreading.com β 11.08.2025 19:08
-
The protocol is interoperable between different vendors and is used in OT and IT/cloud environments.
First reported: 11.08.2025 19:08π° 1 source, 1 articleShow sources
- Utilities, Factories at Risk From Encryption Holes in Industrial Protocol β www.darkreading.com β 11.08.2025 19:08
-
Tervoort discovered vulnerabilities in OPC UA's cryptographic design, allowing for potential exploitation.
First reported: 11.08.2025 19:08π° 1 source, 1 articleShow sources
- Utilities, Factories at Risk From Encryption Holes in Industrial Protocol β www.darkreading.com β 11.08.2025 19:08
-
The vulnerabilities can enable attackers to bypass authentication and compromise industrial control systems.
First reported: 11.08.2025 19:08π° 1 source, 1 articleShow sources
- Utilities, Factories at Risk From Encryption Holes in Industrial Protocol β www.darkreading.com β 11.08.2025 19:08
-
Tervoort presented his findings at DEF CON 33, detailing the protocol's cryptographic flaws.
First reported: 11.08.2025 19:08π° 1 source, 1 articleShow sources
- Utilities, Factories at Risk From Encryption Holes in Industrial Protocol β www.darkreading.com β 11.08.2025 19:08
-
The issues affect multiple vendors and have been assigned CVEs: CVE-2024-42512, CVE-2024-42513, and CVE-2025-1468.
First reported: 11.08.2025 19:08π° 1 source, 1 articleShow sources
- Utilities, Factories at Risk From Encryption Holes in Industrial Protocol β www.darkreading.com β 11.08.2025 19:08
-
The OPC Foundation assisted in disclosing the issues and implementing fixes.
First reported: 11.08.2025 19:08π° 1 source, 1 articleShow sources
- Utilities, Factories at Risk From Encryption Holes in Industrial Protocol β www.darkreading.com β 11.08.2025 19:08
-
Organizations using OPC UA are advised to apply relevant patches and consider additional security measures.
First reported: 11.08.2025 19:08π° 1 source, 1 articleShow sources
- Utilities, Factories at Risk From Encryption Holes in Industrial Protocol β www.darkreading.com β 11.08.2025 19:08
Similar Happenings
Microsoft September 2025 Patch Tuesday fixes 81 vulnerabilities, including two zero-days
Microsoft released updates for 80 vulnerabilities on September 2025 Patch Tuesday. None of these vulnerabilities were zero-days. The updates address eight critical flaws, including five remote code execution vulnerabilities, one information disclosure, and two elevation of privilege vulnerabilities. The vulnerabilities span various categories: 38 elevation of privilege, 2 security feature bypass, 22 remote code execution, 14 information disclosure, 3 denial of service, and 1 spoofing. One zero-day vulnerability was fixed in Windows SMB Server. The updates also include hardening features for SMB Server to mitigate relay attacks, with recommendations for administrators to enable auditing. The patch includes 38 elevation of privilege vulnerabilities, the highest number among all categories. CVE-2025-54918 is an EoP vulnerability in Windows NT LAN Manager (NTLM) marked as critical. CVE-2025-54111 and CVE-2025-54913 are EoP flaws in Windows UI XAML, allowing privilege escalation via phished credentials or malicious Microsoft Store apps. CVE-2025-55232 is an RCE vulnerability in the Microsoft High Performance Compute (HPC) Pack with a CVSS score of 9.8. CVE-2025-54916 is an RCE vulnerability in Windows NTFS that can be triggered by authenticated users. Microsoft's patch update includes recommendations for preparing for the end-of-life of Windows 10 and mandatory multifactor authentication (MFA) for Azure in October 2025.
Critical SAP NetWeaver vulnerabilities patched, including remote code execution flaw
SAP has fixed 21 vulnerabilities, including three critical flaws in its NetWeaver software. The most severe, CVE-2025-42944, is an insecure deserialization flaw allowing unauthenticated remote code execution. The second critical flaw, CVE-2025-42922, enables arbitrary file uploads by authenticated users. The third, CVE-2025-42958, allows unauthorized access to sensitive data and administrative functions. The vulnerabilities affect various SAP products, including ERP, CRM, SRM, and SCM, which are widely used in large enterprise networks. The flaws could lead to full system compromise and unauthorized data manipulation. SAP products are frequently targeted by threat actors due to their handling of mission-critical data. A high-severity missing input validation bug in SAP S/4HANA (CVE-2025-42916) could allow an attacker with high privilege access to delete the content of arbitrary database tables. A critical security defect in SAP S/4HANA (CVE-2025-42957) has come under active exploitation in the wild.
Critical SAP S/4HANA Command Injection Vulnerability Exploited
A critical command injection vulnerability in SAP S/4HANA (CVE-2025-42957) is being actively exploited in the wild. The flaw, with a CVSS score of 9.9, allows attackers with low-privileged user access to execute arbitrary ABAP code, bypass authorization checks, and fully compromise the SAP environment. This can lead to data theft, fraud, or ransomware installation. The vulnerability affects both on-premise and Private Cloud editions of SAP S/4HANA, as well as several other SAP products and versions. SecurityBridge Threat Research Labs discovered the vulnerability and reported it to SAP on June 27, 2025. The vendor fixed the vulnerability on August 11, 2025, but several systems have not applied the available security updates and are now being targeted by hackers. Exploitation activity surged dramatically after the patch was released. Organizations are advised to apply patches immediately, monitor logs for suspicious activity, and implement additional security measures.
WhatsApp Zero-Day Exploited in Targeted Attacks
WhatsApp patched a zero-day vulnerability (CVE-2025-55177) in its messaging apps for Apple iOS and macOS. The flaw allowed unauthorized users to process content from arbitrary URLs on targeted devices. The issue was exploited in conjunction with a recently disclosed Apple flaw (CVE-2025-43300) in targeted zero-day attacks. WhatsApp notified less than 200 users who may have been targeted as part of the spyware campaign. The vulnerability relates to insufficient authorization of linked device synchronization messages. The exploitation involved chaining the WhatsApp flaw with the Apple vulnerability, enabling sophisticated attacks against specific users. The CISA has added the vulnerability to its Known Exploited Vulnerabilities catalog and is advising federal agencies to apply mitigations by September 23, 2025.
Active Exploitation of FreePBX Zero-Day Vulnerability CVE-2025-57819
A zero-day vulnerability in FreePBX, identified as CVE-2025-57819, is being actively exploited. The flaw allows unauthenticated access to the FreePBX Administrator, leading to arbitrary database manipulation and remote code execution. The vulnerability affects specific versions of FreePBX, and exploitation began on or before August 21, 2025. Sangoma has released emergency patches for the vulnerability. Users are advised to update to the latest versions, restrict public access to the administrator control panel, and follow additional security recommendations. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-57819 to its Known Exploited Vulnerabilities (KEV) catalog, mandating federal agencies to apply patches by September 19, 2025.