OPC UA Deep Dive Series (Part 9): Chaining Vulnerabilities to Exploit Softing OPC UA Integration Server

Team82 provides a deep technical analysis and PoC of a chained set of vulnerabilities in Softing Secure Integration Server (and related products) that enable pre-auth remote code execution. The chain abuses OPC UA FileDirectory/FileType behaviors and address-space handling to assign filesystem paths and create files, and leverages an nginx/URI path-traversal to write arbitrary XML files, culminating in writing a DLL to C:\Windows\System32 and triggering WerFault to execute it; Softing has since released patches and advisories.