You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
opc ua security
About this tag
OPC UA security on WindowsForum.com covers vulnerabilities and best practices for securing OPC UA deployments in mixed IT/OT environments. Recent discussions focus on CVE-2025-11482, a denial-of-service flaw in B&R PPT30's OPC UA server, and CVE-2025-11043, a certificate validation issue in ABB Automation Studio. Both advisories, republished by CISA, highlight risks in industrial networks where Windows systems interact with operational technology. Topics include patch management, trust validation, and the broader implications of OPC UA security for Windows administrators managing engineering workstations, HMIs, and historians.
CISA on June 4, 2026 republished ABB’s advisory for CVE-2025-11482, a high-severity denial-of-service vulnerability in the OPC-UA server used by B&R PPT30 Operating System versions before 1.8.0 and in version 1.8.0 as an affected baseline now fixed by update guidance. The bug is not a Windows...
CISA republished ABB’s advisory for CVE-2025-11043 on May 5, 2026, warning that B&R Automation Studio versions before 6.5 improperly validate server certificates in OPC UA and ANSL-over-TLS client connections, enabling a network-positioned attacker to impersonate a trusted server. The bug is not...