To address the increasing security demands of industrial deployments, OPC UA is one of the first industrial protocols explicitly designed with security in mind. However, deploying it securely requires a thorough configuration of a wide range of options. Thus, assessing the security of OPC UA deployments and their configuration is necessary to ensure secure operation, most importantly confidentiality and integrity of industrial processes. In this work, we present extensions to the popular Metasploit Framework to ease network-based security assessments of OPC UA deployments. To this end, we discuss methods to discover OPC UA servers, test their authentication, obtain their configuration, and check for vulnerabilities. Ultimately, our work enables operators to verify the (security) configuration of their systems and identify potential attack vectors.

中文翻译：

---

评估 OPC UA 部署的安全性

为了满足工业部署日益增长的安全需求，OPC UA 是第一个明确设计时考虑到安全性的工业协议之一。然而，安全地部署它需要对广泛的选项进行彻底的配置。因此，评估 OPC UA 部署及其配置的安全性对于确保安全操作是必要的，最重要的是确保工业流程的机密性和完整性。在这项工作中，我们展示了流行的 Metasploit 框架的扩展，以简化基于网络的 OPC UA 部署安全评估。为此，我们讨论了发现 OPC UA 服务器、测试其身份验证、获取其配置和检查漏洞的方法。最终，我们的工作使运营商能够验证其系统的（安全）配置并识别潜在的攻击媒介。