Security Process

Unified Automation is commited to secure software development and to constant security improvement. The approach to reach this goal has many aspects. The fundamental basics are founded in a solid development process which we have conducted to create, deliver and maintain highest quality software.

Secure Software Development

The software tools, applications and libraries are developed following a defined procedure that includes the following fundamental steps:

  • Good programming style
  • Secure software development life cycle
  • Static code analysys using various different tools
  • Extended unit- and component tests, industrial system test
  • Security analysis and fuzzy testing
  • OPC Foundation certification test (CTT) and interoperability test (IOP)

Security Response Team

In addition we have a team of experts that monitor security as they arise. The team follows a process analysing,  classifying and resolving reported issues in a timely fashion. The team publishes vulnerability reports and informs customers that may use affected products.

Security Bulletins - Vulnerability Reports

Depending on the outcome of the deep analysis we decide to inform our customers only or to make the security report public available. Vulnerability reports that are disclosed to the general public can be found here:

Date PublishedCVE NumberBrief DescriptionReport Status
April 9, 2014CVE-2014-0160Heartbleed Bug in OpenSSLpublic
March 3, 2015CVE-2015-0286ASM1 Crashrestricted *
July 31, 2017CVE-2017-12069XML External Entity attack when using DTDrestricted *
March 8, 2018CVE-2018-7559UserAuthentication Token Exploitpublic
May 18, 2018n/aKaspersky 17 zero-day Exploitsrestricted *
July 01, 2018CVE-2018-12086Endless Recursion in DiagnosticInfopublic
July 01, 2018CVE-2018-12087Decrypt PWD sent by Client over insecure connectionrestricted *
October 26, 2018n/aUnexpected Requestrestricted *
November 13, 2019n/aUnquoted Service Pathrestricted *
March 10, 2020CVE-2019-19135Insufficient ServerNoncepublic
November 16, 2020CVE-2020-29457Multiple Error Suppressionrestricted *
February 17, 2021


UPDATE: XML External Entity attack when using DTDrestricted *
February 17, 2021CVE-2021-27432Endless Recursion in XML Structuresrestricted *
March 18, 2021CVE-2021-3450Strict Certificate Chain Validationpublic

* Restricted Security Bulletin (customers only) - request via Support Form