Automation.com, a leading online publisher of automation-related content, recently ran a commentary on a new report from Kaspersky Labs about OPC UA. The Kaspersky report identified 17 critical security flaws in OPC UA software. But although the Kaspersky methodology may be sound, the commentary in Automation.com suggested caution in drawing conclusions.
It turns out that the flaws noted by Kaspersky were simply because an OPC UA must listen for connections on a network, just like any other server on a TCP/IP network. The real problem is deeper, according to the commentary. Put simply, the standard approach to industrial data communications is not suitable for untrusted networks like the Internet. A better solution is not to allow any inbound connections at all.