In June 2021, Microsoft released a security update for fixing a vulnerability related to a DCOM Server security feature bypassing CVE-2021-26414.
The patch fixes and strengthens the authentication used between DCOM clients and servers. Specifically, it phases in stronger authentication (RPC_C_AUTHN_LEVEL_PKT_INTEGRITY) on the DCOM client. The new DCOM security level required by OPC Classic clients is Packet Integrity; this level of integrity ensures that none of the data transferred between the client and server has been modified. Once implemented, this change will cause connection failures between many OPC clients and remote OPC servers.
Microsoft strongly recommends to conduct testing in the environment and implement security enhancements as soon as possible. In case any issues are identified during testing, it is necessary to contact the vendor of the affected client or server software for an update or workaround before the release of the March 2023 update.
More details about managing this change are available in Microsoft KB5004442.
N3uron’s OPC DA Client module is not affected by this security upgrade since it already supports The Package Integrity Authentication Level.
Alternatives
In order to use this new security level, it must be implemented in the client application. If the client application is not updated to support Package Integrity Authentication Level, those users that still want to keep on using their OPC Classis Servers may use a N3uron node to connect to those Classic OPC Servers and expose the data through any of the available protocols in the platform, such as OPC UA Server, MQTT Client, Sparkplug Client, REST API Server, etc.
If you need us to help you with this issue, don’t hesitate to send us an email at [email protected].
For further information, visit www.n3uron.com and download the fully-functional trial version.
