Ignition OPC and MS Update KB5004442 / CVE-2021-26414

Can you tell me if Ignition OPC communication is affected by CVE-2021-26414 and Microsoft Update KB5004442?

This is a DCOM server vulnerability. Ignition’s native OPC is OPC/UA, which does not use DCOM at all. If anything in an Ignition deployment would be vulnerable to this, it would be any Classic OPC service running alongside Ignition (OSI PI, old Kepware, RSLinx Classic, etc). You would need to check those products.

2 Likes

If you have any DCOM (OPC Classic) connections those servers may need a software update. We don’t think any update on Ignition is required.

OPC UA connections are not affected.

2 Likes

Thanks for the quick response!

Is it confirmed that Ignition’s OPC COM Module will not need an update of any kind?

1 Like

IA technical support has confirmed that no changes to the OPC-COM module are required. If the Windows Update affects communication between the Ignition OPC-COM module and a 3rd party OPC-DA server then the changes to resolve the issue will need to be made in 3rd party software (the OPC server and/or Windows DCOM settings).