A free tool helps industrial organizations find OPC UA (Open Platform Communications United Architecture) misconfigurations and vulnerabilities that could expose them to cyberattacks.
OPC UA is a machine-to-machine communication protocol that is used by many industrial solutions providers to ensure interoperability between various types of industrial control systems (ICS). While the protocol is highly useful, it can also pose a serious risk to organizations.
The new tool, named OpalOPC, was developed by Finland-based cybersecurity and data privacy company Molemmat Oy.
OpalOPC, described as a vulnerability scanner for OPC UA applications, is recommended for developers, auditors, security testers and engineers, and system integrators. It provides a graphical user interface as well as a command-line interface.
The tool, available for both Windows and Linux, is free for non-profit projects and organizations whose revenue does not exceed $1 million.
Organizations with an annual revenue of more than $1 million are required to pay for the tool. A monthly license costs €239 ($255), while a yearly license costs €2,388 ($2,550), for a single installation.
Its creator says the tool is still in early development — new checks and other features will be added in the future and there may be bugs that need to be fixed.
An OPC UA server that has been intentionally configured with insecure settings has been set up to enable users to test OpalOPC.
Related: New Project Analyzes and Catalogs Vendor Support for Secure PLC Coding
Related: New Open Source OT Security Tool Helps Address Impact of Upcoming Microsoft Patch
Related: Details Disclosed for OPC UA Vulnerabilities Exploited at ICS Hacking Competition