Original Issue Date: 23rd March 2007

MyCERT has received information from various reliable sources regarding regarding mutliple vulnerabilities found in various software implementing OPC (Ole Process Controller), which is a specification for a standard set of OLE COM objects for use in the process control and manufacturing fields.

OPC servers are often used in control systems (such as SCADA) to consolidate field and network device information.

We advise users to refer to the below advisories
http://www.kb.cert.org/vuls/id/926551
http://www.kb.cert.org/vuls/id/296593

We advise users to check at the below site for the latest advisories that will be released in the near future:

http://www.neutralbit.com/en/rd/advisories/

We would like to advise users and organizations to be vigilant and take the necessary precautions to secure the relevant system based on the above advisories.

MyCERT will constantly follow up on the vulnerabilities and users are encouraged to contact MyCERT should they have any queries on this alert.

MyCERT's Contact:

E-mail : mycert@mycert.org.my
Phone : +603 89926969 (monitored during business hours)
Fax : +603 89453442 (monitored during business hours)
Handphone : +60 19 2665850 (24x7 call incident reporting)
SMS : +60 19 2813801 (24x7 SMS reporting)
Business Hours : Mon - Fri 08:30 -17:30 MYT
Web: http://www.mycert.org.my

Postal : Malaysian Computer Emergency Response Team (MyCERT)
NISER (National ICT Security and Emergency Response Centre)
Level 7, SAPURA@MINES
7, Jalan Tasik, The Mines Resort City
43300 Seri Kembangan
Selangor Darul Ehsan] MALAYSIA