Researchers from Claroty this week disclosed multiple critical vulnerabilities in vendor implementations of the Open Platform Communications (OPC) network protocol that is widely used in operational technology (OT) networks.
The flaws affect products from three vendors whose technologies are also being used as third-party components in multiple other white-label products running the OPC protocol. Claroty privately reported its vulnerability discoveries to the three vendors in 2020. The products have since been patched, prompting Claroty to publicly disclose the issue for the first time this week.
In a blog post, the vendor described the security issues as exposing organizations using the vulnerable products to distributed denial-of-service attacks, remote code execution, and leaks and theft of sensitive data.
“Many commercial [industrial control system] products use the OPC protocol for the secure…