On April 13, 2022, Cybersecurity and Infrastructure Security Agency (CISA) published National Cyber Awareness System (NCAS) Alert AA22-103A.
As mentioned in the OPC UA Foundation’s response to AA22-103A, there is no known vulnerability in OPC UA Servers connected to this alert. This alert does not directly refer to Inductive Automation’s OPC UA Server, and there are no direct concerns raised about Inductive Automation’s OPC UA Server.
Ignition 8.1’s OPC UA server ships with both authentication and client certificate approval required by default, so external systems can't connect unless both a proper username/password combination are used, and the client certificate is explicitly approved by an Ignition administrator with proper authentication and authorization.
No action is required by Ignition 8.1 and 8.0 users with reference to AA22-103A.
Users of Ignition 7.9 and prior may have systems with default OPC UA credentials. For these systems, Inductive Automation recommends updating credentials following their company’s best practices for password complexity. All communication to OPC UA servers is encrypted when using Ignition’s default settings, and it is recommended to keep encryption enabled.
Although not directly related to AA22-103A, Ignition 7.9 users are recommended to follow the advice above for general OPC UA Server security.
As always, following security best practices are recommended. Refer to the Ignition Security Hardening Guide for general guidance on securing Ignition Gateways. Network segmentation is recommended through an approach known as “whitelisting” by blocking all traffic to an Ignition Gateway, such as with a network firewall, then allowing only needed traffic (by port, source, and destination). It is also recommended to keep Ignition up to date in order to have the greatest protection from known vulnerabilities.
Article is closed for comments.