Team82 Finds Critical Flaws in OPC Protocol Implementations

Team82/Claroty disclosed multiple critical vulnerabilities in widely used OPC protocol implementations from Softing, Kepware PTC, and Matrikon Honeywell; the flaws include heap and stack overflows, use-after-free, out-of-bounds reads, and resource exhaustion that can cause denial-of-service, sensitive data leaks, and in some cases remote code execution. Affected products and versions are listed and vendors (and ICS-CERT) have published fixes and mitigation guidance—organizations using these OPC components or OEM products that embed them are advised to assess exposure and apply updates immediately.