• Replies 4 replies
  • Subscribers 586 subscribers
  • Views 786 views
  • Users 0 members are here
Options
Related

Windows DCOM Security Updates

Jacob

Hello

I am trying to determine if Microsoft's planned security updates will affect Citect.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26414

The matrikon white paper on the updates suggests systems with only local connections would not be affected. Has Citect done any testing on this?

Would communications be affected for separate redundant Vijeo 7.50 SP1 servers with OPC IODevices that are local to their respective servers? I do not know if Citect has cross talk between Prim OPC Client and Sec OPC server.

Thank you

Parents

  • Hi Jacob,

    As per the MS timeline for rolling out this security update:

    June 8, 2021 - Hardening changes disabled by default but with the ability to enable them using a registry key.
    Q1 2022 - Hardening changes enabled by default but with the ability to disable them using a registry key.
    Q2 2022 - Hardening changes enabled by default with no ability to disable them. By this point, you must resolve any compatibility issues with the hardening changes and applications in your environment.

    In the coming update (maybe Feb or March security update), the DCOM hardening will be enabled by default.

    The DCOM hardening has been tested with Citect and both the OPC DA Client and OPC DA Server are not affected by this update. They work as per normal.

    The OPC A&E Server does not officially support DCOM.

  • in reply to Olivier

    Thank you for the confirmation Olivier.

  • in reply to Jacob

    No worries. It sounds like your IOServer/IODevice was connecting to the OPC Server locally anyway, so it would have been COM for the interface. Unless the standby IODevice OPC Board form has the remote machine name defined, in which case, it will use DCOM.

Reply Children
No Data
© 2024 AVEVA Group Limited or its subsidiaries. All Rights Reserved.