Claroty discloses vulnerabilities in two popular OPC UA clients

The Claroty Team82 research team has announced that it has recently uncovered a number of vulnerabilities in popular OPC UA clients: Inductive Automation Ignition and Softing edgeAggregator.

The team was able to chain different vulnerabilities in order to successfully exploit each client and gain full control over them, including dangerous remote code execution capabilities. These OPC UA clients are critical to industrial automation processes across many industries: engineers use them to build and deploy automation systems, and collect and visualise data, and each client supports numerous OT protocols.

All users of Softing and Inductive Automation software are advised to immediately patch and update their installation.

The team says they combined classic OPC UA and OT knowledge with run-of-the-mill web vulnerabilities — combining old and new attack vectors — to uncover zero day vulnerabilities in both clients. During the research, the team managed to find similar vulnerable code patterns in both applications, exploiting the OPC UA client’s trust in the data it receives from the OPC UA server.

In the end, Team82 exploited Inductive Automation Ignition and Softing edgeAggregator in a similar manner: in both cases exploiting a cross-site scripting (XSS) vulnerability stemming from improper sanitisation of data coming from the OPC UA protocol. Then the XSS vulnerability was utilised to perform actions on behalf of the user, leveraging this primitive into code execution.

The exploit chains garnered the team full control over each client, including dangerous remote code execution capabilities.

All users of Softing and Inductive Automation software are advised to immediately patch and update their installation. Both vendors addressed the vulnerabilities disclosed by Team82.

More detailed information about the exploits can be found here.

Image credit: iStock.com/Suppachok Nuthep