Exele OPC Products and Hardening DCOM Changes (KB5004442)

Exele OPC Products and Hardening DCOM Changes (KB5004442)

November 2021 (updated June 2022)

Introduction

“OPC Classic” is the term for OPC technology that relies on DCOM.

Due to a vulnerability detailed in CVE-2021-26414, Microsoft released a security update in June 2021 which will change the level of DCOM security required between OPC Classic clients and remote OPC servers. Once implemented, this change will cause connection failures between many OPC clients and remote OPC servers.

Details of managing this change are available in Microsoft KB5004442.

Windows DCOM Security change

The new DCOM security level required by OPC Classic clients is “Packet Integrity” which authenticates and verifies that the transferred data has not been modified. In order to use this new DCOM security level, it must be implemented in the client application. If the client application does not currently support Packet Integrity Authentication Level, updates from the OPC client vendor must be obtained to support Packet Integrity.

Which OPC clients will not be affected by this change?

The following OPC classic clients/servers are not affected by this change:

How are Exele OPC client products affected by this change?

OPC client products installed before January 2022 may not implement the required client security level “Packet Integrity”, depending on when the installations were downloaded. We have created a patch to address this issue.

The installation for the current release of TopView v6.36 has been updated to include the patch. Later TopView versions will also support packet integrity.

Patching will be available for customers with an active Software Support Agreement. To obtain the patch users can send an email to support@exele.com requesting the “Exele DCOM security 2021 patch”. Please include your current product license file.

The patch can be applied to the following Exele OPC products:

Earlier versions of TopView and OPCcalc will need to be upgraded to a version that supports the patch.

Read the full details of this change and impact on Exele OPC products