A Broken Chain - Discovering OPC UA Attack Surface and Exploiting the Supply Chain

Explore the potential security vulnerabilities of OPC Unified Architecture (OPC-UA) in this 29-minute Black Hat conference talk. Delve into the emerging importance of OPC-UA in industrial communication and Industry 4.0 transformation, examining its platform-independent nature and growing adoption. Investigate the protocol's attack surface and potential for exploitation in the supply chain. Learn about automation protocols, OPC Classic, and OPC UA specifications. Analyze previous research and independent findings on risks associated with OPC-UA. Examine specific vulnerabilities in DotnetReadVariant, Extension Objects, and XML processing. Understand attack scenarios involving TNT5 Stack, C Structures, and PubSub. Review OPC Foundation code, OPC UA SDK, and Unified Automation SDK. Gain insights into the security implications of this widely trusted industrial communication protocol and its potential impact on cybersecurity in industrial environments.