- V01.08.01
Behaviour of the new version:
When authenticating at the OPC UA Server with user and password, all steps of the authentication are followed. If user management is activated, access to the OPC UA Server is only granted after successful authentication.
Description of behaviour:
When authenticating at the OPC UA Server with user and password, important steps of the authentication are skipped. As a result, cases can occur where users can establish communication without correct authentication.
Insufficient authentication can lead to unauthorised use of the OPC-UA interface (especially unauthorised access to published IEC variables).
Under what conditions does the behaviour occur?
- User management on the control unit has been activated (is deactivated by default)
- The OPC-UA Server is active.
- IEC variables are published via the symbol configuration for specific user groups (is not available by default)
Affected products:
c520 from V01.07
c550 from V01.07
c750 from V01.07
Short-term measures:
none
Rating/Recommendations:
As part of a security strategy, Lenze SE recommends the following general defensive measures to reduce the risk of exploits:
- Only use the products in a protected and controlled environment to minimise the impact on the network and to ensure that they are not accessible from the outside.
- Use external firewalls to protect the automation system network and separate it from other networks. Note: One measure should be to block port 4840 via the external firewall and open this port only for authenticated access.
- Use Virtual Private Networks (VPN) tunnels when remote access is required.
- Use IDS (Intrusion Detection Systems) wherever possible to detect anomalies in the network.
- Activate and use the user administration and password functions.
- Use encrypted communication links.
- Restrict access to both the development tools and their projects and to the automation system products by physical means, operating system functions, etc.
- Protection of the development tool through the use of up-to-date virus detection solutions.
- Use of certificate-based communication via the message security modes Sign or Sign&Encrypt and trust of the corresponding client certificates on the machine control by the OPC-UA Server.
This can reduce the risk of exploitation of this vulnerability.
All Lenze security advisories can be viewed at the CERT(at)VDE under the following link.
https://cert.vde.com/de/advisories/vendor/LENZE/
