No VPN Needed? Cryptographic Attacks Against the OPC UA Protocol

Name: No VPN Needed? Cryptographic Attacks Against the OPC UA Protocol
Description: OPC UA (Unified Architecture) is the dominant open-standard protocol for industrial automation, connecting PLCs, SCADA systems, and remote monitoring endpoints in facilities ranging from gas pipelines

Tom Tervoort

DEF CON 33 · Day 3 · Main Stage

OPC UA (Unified Architecture) is the dominant open-standard protocol for industrial automation, connecting PLCs, SCADA systems, and remote monitoring endpoints in facilities ranging from gas pipelines

AI review

Tom Tervoort discovers and demonstrates two practically exploitable cryptographic vulnerabilities in OPC UA, the dominant industrial automation protocol deployed in critical infrastructure globally. Attack 1: a signing oracle relay/reflection attack that bypasses session authentication via a protocol-level design flaw, especially critical in OPC UA over HTTPS deployments. Attack 2: a Bleichenbacher 1998 padding oracle attack against Basic128Rsa15 security policy, made network-feasible through a block-repetition timing amplification technique. Three CVEs assigned. Working PoC tool released…

Watch on YouTube