FAQ: Are products in the zenon product family affected by the vulnerability, labelled BlastRADIUS?

FAQ: Are products in the zenon product family affected by the vulnerability, labelled BlastRADIUS?

The vulnerability labelled BlastRADIUS is a vulnerability in the RADIUS protocol, also known under the reference CVE-2024-3596

The zenon IIoT Services Identity Service supports an Identity Provider for authentication against RADIUS server, that can be used to authenticate a user in the IIoT Services and the Service Engine.

The RADIUS Identity Provider makes use of the Message Authenticator attribute in the RADIUS communication, which prevents the vulnerability from the client perspective. Also the response timeout for the RADIUS communication is set at 3 seconds, which provides little opportunity for a successful collision attack by a MitM attacker. 

To further minimize the risk associated with this vulnerability, COPA-DATA recommends to detect and / or protect the local network against MitM attacks, have strong network traffic filtering in place and segment the network to contain potential breaches.

The zenon Software Platform provides different solutions for authentication in the zenon Service Engine and the IIoT Services. These include local user management, integration with Active Directory, Identity Service users, and other identity providers that are not affected by Blast-RADIUS.