10000-002: Security - Change Log
Released 2025-01-14
- 0009874: [Spec] Need to Address ARP Poisoning and Spanning Tree Protocol (STP) attacks (Paul Hunkar)
- 0009351: [Spec] Race conditions for user contexts after the handover of a session to a new user. (Paul Hunkar)
- 0009363: [Spec] Proposal to add advanced security validation to the first hello/reverse hello message (Paul Hunkar)
- 0009606: [Spec] Part 2 could use more description of SKS functionality (Paul Hunkar)
- 0010362: [Spec] IEC requested text updates (to follow their rules) (Paul Hunkar)
- 0010318: [Spec] IEC requested updated to 62443 mapping (Paul Hunkar)
- 0010317: [Spec] IEC Feedback - sections of specification need to be updated to reflect current standards (Paul Hunkar)
- 0010316: [Spec] IEC updates for terms and Abbreviations (Paul Hunkar)
- 0010315: [Spec] IEC generated Reference Updates (Paul Hunkar)
9 issues View Issues
Released 2023-07-18
- 0009607: [Spec] Updated the 62443 mapping table (Paul Hunkar)
- 0006657: [Spec] Part 4 6.2 Authorization Services (Paul Hunkar)
- 0006912: [Spec] 5.1.11 Compromising user credentials (Paul Hunkar)
- 0008976: [Spec] Security level evaluation of the updated certificates compared to the endpoint should be specified (Paul Hunkar)
- 0006939: [Spec] Algorithm for KeyLifetime limits (min and max) for OPC UA PubSub /Part 14/ with AES-CTR (Paul Hunkar)
- 0006909: [Spec] 5.1.4 Message spoofing and 5.1.6 Message replay (Paul Hunkar)
- 0008012: [Spec] Restrictions on DiagnosticInfo.AdditionalInfo with unauthenticated Clients (Paul Hunkar)
- 0006918: [Spec] 7.3.3 Threats against a GDS (Paul Hunkar)
- 0006911: [Spec] 7.36.4 UserNameIdentityToken (Paul Hunkar)
- 0006754: [Spec] 8 Certificate management (Paul Hunkar)
- 0006599: [Spec] 8.1.4 GDS Certificate Management - Needs to Define CertificateGroups (Randy Armstrong)
- 0006899: [Spec] 4.5.3.3 Broker (Paul Hunkar)
- 0006921: [Spec] 4.12 Roles (Paul Hunkar)
- 0009350: [Spec] Update to Part 2 5.1.10 Rogue Server or Publisher (Paul Hunkar)
- 0006763: [Spec] 4.3 Security threats to OPC UA systems (Paul Hunkar)
- 0006874: [Spec] 4.3 Security threats to OPC UA systems - Downgrade attack should be added (Paul Hunkar)
- 0006876: [Spec] 4.3 Security threats to OPC UA systems - add message suppression (Paul Hunkar)
- 0006902: [Spec] 4.9 User Authentication (Paul Hunkar)
- 0006913: [Spec] 5.2.3 User Authentication (Paul Hunkar)
- 0009358: [Spec] Add a discussion on zero trust architectures (Paul Hunkar)
- 0006910: [Spec] 5.1.8 Server profiling (Paul Hunkar)
- 0006875: [Spec] 4.3.4 Message spoofing - affected security objectives are incomplete: Authenticity (Paul Hunkar)
- 0006496: [Spec] 4.8.2 There should be a definition of what is considered a security relevant setting for SecurityAdmin role (Paul Hunkar)
- 0009310: [Spec] Asymmetric Cryptography definition note wrong for ECC (Paul Hunkar)
- 0004647: [Spec] Add Discussion of ECC (Paul Hunkar)
- 0004681: [Spec] Add Support for ECC to UA Secure Conversation (Paul Hunkar)
- 0006879: [Spec] 4.5.2 Client / Server (Paul Hunkar)
- 0008702: [Spec] Move definition for SecureChannel from Part 2 to Part 1 (Paul Hunkar)
28 issues View Issues
Released 2022-09-29
- 0009023: [Spec] Reverse Connect: Denial of Service protection not clear (Paul Hunkar)
1 issue View Issues
Released 2022-06-30
- 0007255: [Spec] 6.13 Remove references to specific TLS versions (Paul Hunkar)
- 0006916: [Spec] 6.13 HTTPs, SSL/TLS & Websockets (Paul Hunkar)
- 0009013: [Spec] Unclear and/or misleading wording in the ECC Amendment - Need to describe the EccEncryptedSecret Signature for AEAD Ciphers (Paul Hunkar)
3 issues View Issues
Released 2022-06-29
- 0006297: [Spec] User Authentication or Authorization (Paul Hunkar)
- 0007202: [Spec] Need Discussion of Password (Paul Hunkar)
- 0006917: [Spec] 6.14 Reverse Connect (Paul Hunkar)
- 0006915: [Spec] 5.2.8 Availability (Paul Hunkar)
- 0008268: [Spec] would could -> would (Paul Hunkar)
- 0008287: [Spec] Numbering of section 8 is error (Paul Hunkar)
- 0006869: [Spec] 3.1.10 Authentication (Paul Hunkar)
7 issues View Issues
Released 2022-03-30
- 0006873: [Spec] Figure 1 - OPC UA network example (Paul Hunkar)
- 0007513: [Spec] rouge -> rogue (Paul Hunkar)
- 0006500: [Spec] Some disccussion of compromised credential handling may be appropriate. (Paul Hunkar)
- 0006253: [Spec] 5.1.11Compromising user credentials (Paul Hunkar)
- 0006908: [Spec] Table 1 - Security Reconciliation Threats Summary (Paul Hunkar)
- 0006906: [Spec] 5.1.1 Overview (Paul Hunkar)
- 0006598: [Spec] Section 6.2 Security in Part 4 should be called out. (Paul Hunkar)
- 0006904: [Spec] Figure 4 - Role overview (Paul Hunkar)
- 0006900: [Spec] 4.7 Security Profiles (Paul Hunkar)
- 0004364: [Spec] Typo (Paul Hunkar)
- 0006499: [Spec] Part 4 nconsistent with the objectives stated in Part 2 that include application authentication. (Paul Hunkar)
- 0006877: [Spec] 4.3.10 Rogue Server - wrong description. (Paul Hunkar)
- 0006920: [Spec] 8.1.4.2 Developers Certificate management (Paul Hunkar)
- 0006919: [Spec] 8.1.1 Overview (Paul Hunkar)
- 0005266: [Spec] Wording incorrect in 6.13 (Paul Hunkar)
- 0006914: [Spec] 5.2.5 Confidentiality (Paul Hunkar)
- 0005490: [Spec] 5.2.4 Authorization does not refer to standard OPC UA mechanisms (Paul Hunkar)
- 0006248: [Spec] Need Text on Client Flooding (Paul Hunkar)
- 0006871: [Spec] 3.1.42 SecurityGroup (Paul Hunkar)
- 0006870: [Spec] 3.1.21 Hash Function (Paul Hunkar)
- 0006868: [Spec] 3.1.1 Access Restriction (Paul Hunkar)
- 0007447: [Spec] Terms Should be PascalCase (Paul Hunkar)
- 0006878: [Spec] missing reference to ISA/IEC 62443 (Paul Hunkar)
- 0005361: [Spec] Editorial comments from IEC (Paul Hunkar)
- 0006903: [Spec] 4.12 Roles (Paul Hunkar)
- 0005716: [Spec] Check all references to Part 5 since it has been split into multiple Parts. (Paul Hunkar)
26 issues View Issues
Not Yet Released
- 0009023: [Spec] Reverse Connect: Denial of Service protection not clear (Paul Hunkar)
1 issue View Issues
Not Yet Released
- 0007255: [Spec] 6.13 Remove references to specific TLS versions (Paul Hunkar)
- 0006916: [Spec] 6.13 HTTPs, SSL/TLS & Websockets (Paul Hunkar)
- 0009013: [Spec] Unclear and/or misleading wording in the ECC Amendment - Need to describe the EccEncryptedSecret Signature for AEAD Ciphers (Paul Hunkar)
3 issues View Issues
Not Yet Released
- 0006297: [Spec] User Authentication or Authorization (Paul Hunkar)
- 0007202: [Spec] Need Discussion of Password (Paul Hunkar)
- 0006917: [Spec] 6.14 Reverse Connect (Paul Hunkar)
- 0006915: [Spec] 5.2.8 Availability (Paul Hunkar)
- 0008268: [Spec] would could -> would (Paul Hunkar)
- 0008287: [Spec] Numbering of section 8 is error (Paul Hunkar)
- 0006869: [Spec] 3.1.10 Authentication (Paul Hunkar)
7 issues View Issues
Not Yet Released
- 0006873: [Spec] Figure 1 - OPC UA network example (Paul Hunkar)
- 0007513: [Spec] rouge -> rogue (Paul Hunkar)
- 0006500: [Spec] Some disccussion of compromised credential handling may be appropriate. (Paul Hunkar)
- 0006253: [Spec] 5.1.11Compromising user credentials (Paul Hunkar)
- 0006908: [Spec] Table 1 - Security Reconciliation Threats Summary (Paul Hunkar)
- 0006906: [Spec] 5.1.1 Overview (Paul Hunkar)
- 0006598: [Spec] Section 6.2 Security in Part 4 should be called out. (Paul Hunkar)
- 0006904: [Spec] Figure 4 - Role overview (Paul Hunkar)
- 0006900: [Spec] 4.7 Security Profiles (Paul Hunkar)
- 0004364: [Spec] Typo (Paul Hunkar)
- 0006499: [Spec] Part 4 nconsistent with the objectives stated in Part 2 that include application authentication. (Paul Hunkar)
- 0006877: [Spec] 4.3.10 Rogue Server - wrong description. (Paul Hunkar)
- 0006920: [Spec] 8.1.4.2 Developers Certificate management (Paul Hunkar)
- 0006919: [Spec] 8.1.1 Overview (Paul Hunkar)
- 0005266: [Spec] Wording incorrect in 6.13 (Paul Hunkar)
- 0006914: [Spec] 5.2.5 Confidentiality (Paul Hunkar)
- 0005490: [Spec] 5.2.4 Authorization does not refer to standard OPC UA mechanisms (Paul Hunkar)
- 0006248: [Spec] Need Text on Client Flooding (Paul Hunkar)
- 0006871: [Spec] 3.1.42 SecurityGroup (Paul Hunkar)
- 0006870: [Spec] 3.1.21 Hash Function (Paul Hunkar)
- 0006868: [Spec] 3.1.1 Access Restriction (Paul Hunkar)
- 0007447: [Spec] Terms Should be PascalCase (Paul Hunkar)
- 0006878: [Spec] missing reference to ISA/IEC 62443 (Paul Hunkar)
- 0005361: [Spec] Editorial comments from IEC (Paul Hunkar)
- 0006903: [Spec] 4.12 Roles (Paul Hunkar)
- 0005716: [Spec] Check all references to Part 5 since it has been split into multiple Parts. (Paul Hunkar)
26 issues View Issues
Released 2013-08-06
- 0002748: [Spec] Discovery - Security Discussion (Paul Hunkar)
- 0003022: [Spec] Add discussion on X509 hash strength/security profiles and the need to have multiple X509 per applications. (Paul Hunkar)
- 0002751: [Spec] Certificate generation - security discussion (Paul Hunkar)
- 0002546: [Spec] Add comment about this DOS vulnerability (Paul Hunkar)
- 0002749: [Spec] FindserversOnNetwork - security discussion (Paul Hunkar)
- 0002750: [Spec] General GDS - security discussion (Paul Hunkar)
- 0002747: [Spec] MultiCast DNS - security discussion (Paul Hunkar)
- 0002959: [Spec] Include a discussion of keylength ranges (Paul Hunkar)
- 0002963: [Spec] Add information about the importance of good entropy (Paul Hunkar)
- 0002960: [Spec] PKCS # 1 v1.5 and known attackes discussion required (Paul Hunkar)
- 0002746: [Spec] Certificate generation (Paul Hunkar)
- 0002066: [Spec] Minor Text Updates requested (Paul Hunkar)
12 issues View Issues
Released 2013-08-06
- 0002748: [Spec] Discovery - Security Discussion (Paul Hunkar)
- 0003022: [Spec] Add discussion on X509 hash strength/security profiles and the need to have multiple X509 per applications. (Paul Hunkar)
- 0002751: [Spec] Certificate generation - security discussion (Paul Hunkar)
- 0002546: [Spec] Add comment about this DOS vulnerability (Paul Hunkar)
- 0002749: [Spec] FindserversOnNetwork - security discussion (Paul Hunkar)
- 0002750: [Spec] General GDS - security discussion (Paul Hunkar)
- 0002747: [Spec] MultiCast DNS - security discussion (Paul Hunkar)
- 0002959: [Spec] Include a discussion of keylength ranges (Paul Hunkar)
- 0002963: [Spec] Add information about the importance of good entropy (Paul Hunkar)
- 0002960: [Spec] PKCS # 1 v1.5 and known attackes discussion required (Paul Hunkar)
- 0002746: [Spec] Certificate generation (Paul Hunkar)
- 0002066: [Spec] Minor Text Updates requested (Paul Hunkar)
12 issues View Issues
Released 2010-06-01
- 0002238: Audit management (Paul Hunkar)
- 0002237: Program related issues (Paul Hunkar)
- 0002236: Alarm / Dialog related issues (Paul Hunkar)
- 0002235: Behaviour of server if multiple bad connection requests are encountered (Paul Hunkar)
- 0002234: Audit records should be restricted to administrators (Paul Hunkar)
- 0002233: Security algorithm expiration (Paul Hunkar)
- 0002232: Certification vs security (Paul Hunkar)
- 0002231: Security related terms are missing definitions (Paul Hunkar)
- 0002171: Administrator boundry (Paul Hunkar)
- 0002133: Need to state that only validated CryptoAlgorithms will be used. (Paul Hunkar)
10 issues View Issues
Released 2010-06-01
- 0002238: Audit management (Paul Hunkar)
- 0002237: Program related issues (Paul Hunkar)
- 0002236: Alarm / Dialog related issues (Paul Hunkar)
- 0002235: Behaviour of server if multiple bad connection requests are encountered (Paul Hunkar)
- 0002234: Audit records should be restricted to administrators (Paul Hunkar)
- 0002233: Security algorithm expiration (Paul Hunkar)
- 0002232: Certification vs security (Paul Hunkar)
- 0002231: Security related terms are missing definitions (Paul Hunkar)
- 0002171: Administrator boundry (Paul Hunkar)
- 0002133: Need to state that only validated CryptoAlgorithms will be used. (Paul Hunkar)
10 issues View Issues
