Abstract
In recent years, OPC UA has risen in popularity as an abstraction technology for legacy protocols used in OT (Operational Technology) and SCADA systems, which often lack the security features required for secure remote communication with devices and sensors. However, deploying secure OPC UA servers is not trivial, and many servers end-up facing the Internet in a vulnerable state. To better understand their security challenges, we conduct an Internet-wide scan of OPC UA servers and evaluate the security properties they implement. Our analysis reveals that 62% of the 1,812 OPC UA servers facing the Internet on port 4840 suffer from various vulnerabilities associated with misconfigurations and abandonment, such as outdated software, broken access control, and certificate management issues. In addition, a comparison of our findings with previous work suggests that 25% of these servers have received either none or minor updates in the past years. This paper offers an overview of common and recurrent security challenges in OPC UA deployments, emphasizing the need for robust security measures to protect these and new servers from the same vulnerabilities.
| Original language | English |
|---|---|
| Title of host publication | Proceedings at the 10th International Workshop on Traffic Measurements for Cybersecurity (WTMC 2025) : Co-located with the 10th IEEE European Symposium on Security and Privacy (Euro S&P) |
| Number of pages | 8 |
| Publisher | IEEE |
| Publication status | Accepted/In press - 2025 |
| Event | 10th International Workshop on Traffic Measurements for Cybersecurity - Venice, Italy Duration: 30 Jun 2025 → 30 Jun 2025 |
Workshop
| Workshop | 10th International Workshop on Traffic Measurements for Cybersecurity |
|---|---|
| Country/Territory | Italy |
| City | Venice |
| Period | 30/06/2025 → 30/06/2025 |
Keywords
- OPC UA
- Internet-wide sans
- OT
- ICS