No VPN Needed? Cryptographic Attacks Against the OPC UA Protocol

Name: No VPN Needed? Cryptographic Attacks Against the OPC UA Protocol
Duration: 41 min
Description: Tom Tervoort of Bureau Veritas Cybersecurity found two cryptographic vulnerabilities in the OPC UA industrial protocol that allow an attacker to bypass device authentication without knowing any private key. Five of seven tested implementations were vulnerable in their default configurations, including products from Siemens (WinCC) and Codesys, prompting patches with high CVSS scores. ---

Black Hat USA 2025 · Day 1 · Briefings

Tom Tervoort of Bureau Veritas Cybersecurity found two cryptographic vulnerabilities in the OPC UA industrial protocol that allow an attacker to bypass device authentication without knowing any private key. Five of seven tested implementations were vulnerable in their default configurations, including products from Siemens (WinCC) and Codesys, prompting patches with high CVSS scores. ---

AI review

Tervoort found two cryptographic breaks in OPC UA — a relay attack bypassing session authentication and a Bleichenbacher timing oracle completing in 15 minutes — against a protocol running Siemens WinCC and Codesys PLCs. Five of seven implementations vulnerable in default configuration. This is old cryptography applied in a new environment, and the timing amplification trick is genuinely elegant.

Watch on YouTube