Page 1 of 1

UaGateway DCOM with Microsoft DCOM hardening patch

Posted: 22 Dec 2022, 17:23
by jonathang
Dear Support Team,

Are there any known issues, concerns, or recommendations when using the UaGateway (OPC DA client to OPC UA Server) after installing and enabling the Microsoft DCOM hardening patch KB5004442?

More information:
  • Microsoft patch: https://support.microsoft.com/en-us/topic/kb5004442-manage-changes-for-windows-dcom-server-security-feature-bypass-cve-2021-26414-f1400b52-c141-43d2-941e-37ed901c769c
  • Possible issues: https://www.industrialcybersecuritypulse.com/strategies/the-permanent-microsoft-dcom-hardening-patch-could-shut-down-your-ics/?oly_enc_id=9130E1754601G1D
  • Press release from Software toolbox: https://support.softwaretoolbox.com/app/answers/detail/a_id/4005/~/opc-data-client-applications-and-dcom-hardening-%28cve-2021-26414%2C-kb5004442%29

Sincerely,

Jonathan

Re: UaGateway DCOM with Microsoft DCOM hardening patch

Posted: 25 Dec 2022, 14:55
by Support Team
Hi,

is this a theoretical question, or do you have experienced any issues?

The DCOM hardening patch will NOT EFFECT the UaGateway because UaGateway is configured to run LOCAL ONLY connections without using DCOM.
UaGateway was designed to migrate classic OPC installations, but (of course) is intended to use secured OPC UA remotely (over the wire). The (potentially insecure) classic connections will be configured locally on the same PC only, where the hardening patch has no effect.

Therefore, if you have used UaGateway as intended, there will be no issues with the DCOM hardening patch from Microsoft.

See here how to configure UaGateway:
https://documentation.unified-automation.com/uagateway/1.5.12/html/limitations.html#limitations_only_local_dcom_connections

Re: UaGateway DCOM with Microsoft DCOM hardening patch

Posted: 18 Jan 2023, 15:12
by jonathang
Dear Support Team,

This is a theoretical question. We have multiple customers using the UaGateway and no one has reported any issues. We just wanted to be ready in case this topic came up.

Thank you very much for your answer.


Sincerely,

Jonathan