OPC UA encryption and handshake flaws (multiple vulnerabilities)
Vulnerability
Summary
Hide ▲
Show ▼
New OPC UA vulnerability disclosures at DEF CON 33 expose industrial OT deployments to authentication-bypass and message-reuse attacks across seven products. The findings include CVE-2024-42512, CVE-2024-42513, and CVE-2025-1468. Vendors have begun applying fixes, including software updates, feature disables, and configuration advisories.
Timeline
-
11.08.2025 19:08 1 articles · 9mo ago
OPC UA vulnerability disclosure
Initial DisclosureTom Tervoort of Secura disclosed OPC UA security research affecting industrial OT environments, including a proof-of-concept for message-context reuse, an HTTPS-based handshake bypass, and weak PKCS #1 handling that could let a threat actor make two servers log in to each other or misuse signed traffic. The findings affected seven different products, produced CVE-2024-42512, CVE-2024-42513, and CVE-2025-1468, and prompted vendor fixes ranging from software updates and feature disablement to configuration advisories and IP allowlisting guidance.
Show sources
- Utilities, Factories at Risk From Encryption Holes in Industrial Protocol — www.darkreading.com — 11.08.2025 19:08