A Broken Chain - Discovering OPC UA Attack Surface and Exploiting the Supply Chain

Explore the potential security vulnerabilities of OPC Unified Architecture (OPC-UA) in this 29-minute Black Hat conference talk. Delve into the emerging importance of OPC-UA in industrial communication and Industry 4.0 transformation, examining its platform-independent nature and growing adoption. Investigate the protocol's attack surface and potential for exploitation in the supply chain. Learn about automation protocols, OPC Classic, and OPC UA specifications. Analyze previous research and independent findings on risks associated with OPC-UA. Examine specific vulnerabilities in DotnetReadVariant, Extension Objects, and XML processing. Understand attack scenarios involving TNT5 Stack, C Structures, and PubSub. Review OPC Foundation code, OPC UA SDK, and Unified Automation SDK. Gain insights into the security implications of this widely trusted industrial communication protocol and its potential impact on cybersecurity in industrial environments.

Introduction
Overview
Automation protocols
OPC Classic
OPC UA
Motivation
Previous Research
Independent Research
Specifications
Risks
Dotnet
ReadVariant
Extension Objects
Xml
Exploit
XML Processing
XML Document Loading
Attack Scenario
TNT5 Stack
C Structures
Extensions
Body
Object setters
Type ID
Object Setter
PubSub
Demo
OPC Foundation Code
OPC UA SDK
Unified Automation SDK
Our Father
Summary