The Cybersecurity and Infrastructure Agency (CISA) issued a security advisory on several vulnerabilities identified in Honeywell’s OPC UA Tunneller, which can be exploited remotely using low levels of skill. These loopholes allow heap-based buffer overflow, out-of-bounds read, improper check for unusual or exceptional conditions, and uncontrolled resource consumption.
Matrikon is a subsidiary of Honeywell and delivers the OPC UA Tunneller, which helps future-proof control infrastructure in anticipation of increased utilization of OPC UA. It delivers reliable OPC Classic/OPC UA interoperability and cross-network communications, and is best suited to get ideal OPC classic-to-classic connectivity and classic-to-UA bridging up-and-running quickly and efficiently. OPC Unified Architecture (OPC UA) is a machine-to-machine communication protocol for industrial automation developed by the OPC Foundation.
The vulnerabilities are present in Matrikon OPC UA Tunneller versions prior to 188.8.131.5233, CISA said in its advisory. Exploitation of these weaknesses could allow an attacker to disclose sensitive information, remotely execute arbitrary code, or crash the device, it added. Uri Katz of Claroty reported these vulnerabilities to CISA.
The OPC UA Tunneller is used across various sectors, and Honeywell recommends upgrading Matrikon OPC UA Tunneller to version 184.108.40.20633.
The affected product is vulnerable to a heap-based buffer overflow, which may allow an attacker to manipulate memory with controlled values and remotely execute code. It is also at risk to an out-of-bounds read, which may allow an attacker to obtain and disclose sensitive data information or cause the device to crash.
Some parsing functions in the affected product do not check the return value of the malloc function, and the thread handling the message is forced to close, which may lead to a denial-of-service condition, CISA said. The library function, malloc, is used to allocate a block of memory on the heap.
The unprotected product also has uncontrolled resource consumption issues, which may allow an attacker to cause a denial-of-service condition, the security agency added.