Exele OPC Products and Hardening DCOM Changes (KB5004442)

Exele OPC Products and Hardening DCOM Changes (KB5004442)

November 2021 (updated February 2023)

Introduction

“OPC Classic” is the term for OPC technology that relies on DCOM.

Due to a vulnerability detailed in CVE-2021-26414, Microsoft released a security update in June 2021 which will change the level of DCOM security required between OPC Classic clients and remote OPC servers. Once implemented, this change will cause connection failures between many OPC clients and remote OPC servers. This security update will become permanent in March 2023.

Details of managing this change are available in Microsoft KB5004442.

Windows DCOM Security change

The new DCOM security level required by OPC Classic clients is “Packet Integrity” which authenticates and verifies that the transferred data has not been modified. In order to use this new DCOM security level, it must be implemented in the client application. If the client application does not currently support Packet Integrity Authentication Level, updates from the OPC client vendor must be obtained to support Packet Integrity.

Which OPC clients will not be affected by this change?

The following OPC classic clients/servers are not affected by this change:

  • OPC clients and servers on the same machine
  • OPC clients that implement Packet Integrity authentication level
  • Remote OPC clients and servers that use an OPC tunneller if the tunneller makes local OPC connections on both machines

How are Exele OPC client products affected by this change?

OPC client products installed before January 2022 may not implement the required client security level “Packet Integrity”, depending on when the installation was downloaded. We have created a patch to address this issue for the affected versions.

The following product versions include the patch (no further action is required):

  • TopView version 6.37 and later
  • OPCcalc version 4.7 and later

The installation for TopView v6.36 has been updated to include the patch.

Patching will be available for customers with an active Software Support Agreement. To obtain the patch users can send an email to support@exele.com requesting the “Exele DCOM security 2021 patch”. Please include your current product license file.

The patch can be applied to the following Exele OPC products:

  • TopView OPC/SCADA and OPC A&E versions 6.25.3 through 6.36
  • OPCcalc versions 4.5 and 4.6

Earlier versions of TopView and OPCcalc will need to be upgraded to a version that supports or includes the patch.

Read the full details of this change and impact on Exele OPC products