opc ua security

About this tag
OPC UA security on WindowsForum.com covers vulnerabilities and best practices for securing OPC UA deployments in mixed IT/OT environments. Recent discussions focus on CVE-2025-11482, a denial-of-service flaw in B&R PPT30's OPC UA server, and CVE-2025-11043, a certificate validation issue in ABB Automation Studio. Both advisories, republished by CISA, highlight risks in industrial networks where Windows systems interact with operational technology. Topics include patch management, trust validation, and the broader implications of OPC UA security for Windows administrators managing engineering workstations, HMIs, and historians.
  1. CVE-2025-11482 OPC-UA DoS: CISA Republished B&R PPT30 Fix Guide (Windows/OT)

    CISA on June 4, 2026 republished ABB’s advisory for CVE-2025-11482, a high-severity denial-of-service vulnerability in the OPC-UA server used by B&R PPT30 Operating System versions before 1.8.0 and in version 1.8.0 as an affected baseline now fixed by update guidance. The bug is not a Windows...
  2. CVE-2025-11043: ABB Automation Studio Certificate Validation Flaw and OT Trust Risk

    CISA republished ABB’s advisory for CVE-2025-11043 on May 5, 2026, warning that B&R Automation Studio versions before 6.5 improperly validate server certificates in OPC UA and ANSL-over-TLS client connections, enabling a network-positioned attacker to impersonate a trusted server. The bug is not...