Advisories

DCOM Hardening

• Microsoft DCOM Hardening (CVE-2021-26414, KB5004442) Technical Resources
• TOP Server / KEPServerEX and DCOM Hardening (CVE-2021-26414, KB5004442)
• OmniServer and DCOM Hardening (CVE-2021-26414, KB5004442)
• Cogent DataHub and DCOM Hardening (CVE-2021-26414, KB5004442)
• OPC Router and DCOM Hardening (CVE-2021-26414, KB5004442)
• OPC Data Client Applications and DCOM Hardening (CVE-2021-26414, KB5004442)
• OPC Data Logger and DCOM Hardening (CVE-2021-26414, KB5004442)
• OPC Quick Client and DCOM Hardening (CVE-2021-26414, KB5004442)
• Software Toolbox OPC Test Client and DCOM Hardening (CVE-2021-26414, KB5004442)
• SLIK-DA OPC Server Toolkit and DCOM Hardening (CVE-2021-26414, KB5004442)

See less ▼

2024

• CVE-2024-6098 / ICSA-24-228-11 KEPServer, TOP Server ControlLogix Automatic Tag Generation Vulnerability
• CVE-2024-38095 Fixed in OPC Data Client and Excel Connector Maintenance Release (Aug 8, 2024)
• NEW ADVISORY (Updated: 04/19/2024) - KEPServerEX V5 Known Licensing Issues
• Possibility for Incompatible Hardware Key Drivers on Windows 10/11 for OmniServer and SLIK-DA

2023

• ICSA-23-208-02, CVE-2023-3825 Vulnerability Report regarding KEPServer-EX and TOP Server 6.0 to 6.14, Resolved in 6.15
• ICSA-23-334-03, CVE-2023-5908 & 5909 Vulnerability Report regarding KEPServer-EX and TOP Server 6.0 to 6.14, Resolved in 6.15
• OmniServer Trusted OPC UA Client Certificates Require SHA-256 Algorithm

2022

• NIST Advisory CVE-2022-2274 - OpenSSL 3.0.4 Vulnerability - How are Software Toolbox Products Affected?
• CVE-2022-1096 Google V8 Open Source JavaScript Engine Vulnerability
• NIST Advisory CVE-2022-3602/2022-3786 - OpenSSL V3.0.0-V3.0.6 Vulnerability - How are Software Toolbox Products Affected?
• Cybersecurity & Infrastructure Security Agency (CISA) Reports Vulnerabilities in TOP Server OPC UA server interface for all Releases Prior to V6.12.325.0
• Cybersecurity & Infrastructure Security Agency (CISA) Alert AA22-103A (aka PIPEDREAM) and Software Toolbox OPC UA Server Products
• ZDI-CAN-16596 Connectivity Explorer File Vulnerability

See less ▼

2021

• CVE-2021-44228 log4j Vulnerability - Software Toolbox products NOT Affected
• National Institute of Standards and Technology (NIST) Reports Vulnerability in Components used in OmniServer OPC UA server interface

2020

• Cybersecurity & Infrastructure Security Agency (CISA) Reports Vulnerability in TOP Server OPC UA server interface for all V6.x Releases
• CISA Advisory ICSA-20-352-03 - PTC Kepware LinkMaster Incorrect Default Permissions Vulnerability (NIST CVE-2020-13535)
• EKANS Malware Awareness and Guidance

2018

• Meltdown and Spectre Vulnerability Guidance for Operations Technology (OT) professionals - (US CERT VU#584653,TA18-004A)
• OmniServer Event Log and/or IO Monitor is blank after installing Meltdown/Spectre Patches
• Problems making OPC DA connections using the TOP Server OPC DA Client Driver after applying Meltdown/Spectre Patches
• Quick Client unable to browse or connect after Meltdown/Spectre Patches

2015 and older

• OpenSSL Security Vulnerabilities and OPC UA
• Does the Heartbleed security issue affect TOP Server?
• Does the Heartbleed security issue affect OmniServer?
• ICSA-13-234-02 - ICS-CERT Advisory for TOP Server DNP3 Client Suite Drivers Only (NIST Reference CVE-2013-2804)
• Wonderware Cyber Security Notice ID LFSEC00000038 and ICS-CERT Vulnerability ICS-ALERT-12-136-01 for SuiteLink
• Wonderware SuiteLink Users - Wonderware Hotfix L00117361

See less ▼