« All blog posts

OPC UA Manger's Attack Exploit

25.10.2019


We were brought into attention of a known security vulnerability, called Manger’s Attack, that concerns all OPC UA server applications built with Prosys OPC UA SDK for Java. It is related to the Bouncy Castle library that the SDK uses for it’s security implementation by default.

The problem affects Bouncy Castle version 1.60 and earlier as described in the following discussion.

“If an adversary can iteratively submit a few thousands messages for decryption and detect the exception or the faster execution, s/he can decipher a ciphertext, or make a signature. The private key itself does not leak.”

In context of OPC UA communication, it concerns the used implementation of RSA OAEP during the creation of a Secure Channel (that is during the connection handshake) and thus all of the recommended security policies. With the help of Manger’s Attack an attacker can compromise the encryption between the client and server.

Prosys OPC UA products affected

The vulnerability affects directly:

  • All applications built with Prosys OPC UA SDK for Java 4.1.2 and earlier that are using Bouncy Castle version 1.60 or earlier
  • Prosys OPC UA Simulation Server 4.0.0 and earlier
  • Prosys OPC UA Modbus Server 1.3.2 and earlier
  • Prosys OPC UA Historian 1.0.0

Fixed products

The issue has been fixed in

  • Prosys OPC UA Simulation Server 4.0.2
  • Prosys OPC UA Modbus Server 1.3.4

It will also be fixed in Prosys OPC UA SDK for Java and Prosys OPC UA Historian in their next release.

For fixing the issue in the SDK yourself, see below.

If you are concerned about the issue in Prosys OPC UA products, but cannot update them, you will need to replace the existing Bouncy Castle libraries in the installation folder with the latest Bouncy Castle version targeting ‘JDK 1.5-1.8’. Note that you will also need to rename them similar to the existing libraries.

Fixing projects built with Prosys OPC UA SDK for Java

Bouncy Castle implementations have fixed the issue and we recommend all users of Prosys OPC UA SDK for Java to update their applications to always use the latest Bouncy Castle version. The current version at the time of this writing is 1.64 and there are now two variants of the library. One labelled for ‘JDK 1.5-1.8’, which is in practice without Java 9 module info (but which you can use in Java 9+ as well with class path, instead of module path) and one labelled for ‘JDK 1.5 onwards’ with Java 9 module info.

If you have used the Maven integration provided by the OPC UA SDK, you can use one of the following to define the dependency to Bouncy Castle version 1.64:

a) with Java 9 module info (retains the artifactId ‘bcpkix-jdk15on’)

        <dependency>
            <groupId>org.bouncycastle</groupId>
            <artifactId>bcpkix-jdk15on</artifactId>
            <version>1.64</version>
        </dependency>

b) without Java 9 module info (new artifactId ‘bcpkix-jdk15to18’)

         <dependency>
            <!-- 
            Remove the old dependencies to '*-jdk15on' 
            coming from the OPC UA SDK first.

            Verify that artifactId and version match to yours.
            -->
            <groupId>com.prosysopc.ua</groupId>
            <artifactId>prosys-opc-ua-sdk-client-server</artifactId>
            <version>4.1.2-876</version>
            <exclusions>
                <exclusion>
                    <groupId>org.bouncycastle</groupId>
                    <artifactId>*</artifactId>
                </exclusion>
            </exclusions>
        </dependency>
        <dependency>
            <groupId>org.bouncycastle</groupId>
            <artifactId>bcpkix-jdk15to18</artifactId>
            <version>1.64</version>
        </dependency>

See also: Bouncy Castle release notes, which don’t actually mention this fix.

Android applications

The SDK is not using Bouncy Castle in Android. Instead, it looks for Spongy Castle, which is a special build of Bouncy Castle for Android. Unfortunately, Spongy Castle is not getting new updates any more, so we cannot provide an update to that either, although it would be required to fix this issue.

On the other hand, we analyzed that the problem concerns mainly server applications and since Android applications are typically client applications, they should not be affected.

There is also interesting discussion about the future of Spongy Castle that gives hints how to use Bouncy Castle in Android as well.

More security information

You will find the currently announced security issues in Prosys OPC products from the blog under the #Security tag.

You might also like to read about the OPC UA Security Process of the OPC Foundation.

Jouni Aro profile photo

Jouni Aro

Chief Technology Officer

Email: jouni.aro@prosysopc.com

Expertise and responsibility areas: OPC & OPC UA product development, project work and customer support

Tags: OPC UA, Security

comments powered by Disqus

About Prosys OPC Ltd

Prosys OPC is a leading provider of professional OPC software and services with over 20 years of experience in the field. OPC and OPC UA (Unified Architecture) are communications standards used especially by industrial and high-tech companies.

Read more about us »

Newest blog posts

Why Do Standards Matter in Smart Manufacturing?

The blog post discusses the importance of standards in smart manufacturing, envisioning a future where auto-configurable systems in manufacturing rely on standardized data formats for seamless integration and reduced costs, with a focus on the OPC UA standard family as a key enabler.

OPC UA PubSub to Cloud via MQTT

Detailed overview of the demo presented at the OPC Foundation booth

SimServer How To #3: Simulate data changes on a server using an OPC UA client

A two-part step-by-step tutorial on how to write data changes on an OPC UA server using an OPC UA client.

View all blog posts »