all InfoSec news
SSA-508677 V1.0: Use of Obsolete Function Vulnerability in SIMATIC WinCC before V8
Siemens ProductCERT Security Advisories cert-portal.siemens.com
Before SIMATIC WinCC V8, legacy OPC services (OPC DA (Data Access), OPC HDA (Historical Data Access), and OPC AE (Alarms & Events)) were used per default. These services were designed on top of the Windows ActiveX and DCOM mechanisms and do not implement state-of-the-art security mechanisms for authentication and encryption of contents.
Starting with WinCC V8.0 the legacy OPC services are no longer enabled by default in new installations. Siemens recommends to use OPC UA instead and to disable the …
access activex alarms amp art authentication data data access default events function legacy opc security services simatic ssa state vulnerability windows