4 OPC UA security architecture ToC Previous Next

4.3 Security threats to OPC UA systems ToC Previous Next

4.3.9 Session hijacking ToC Previous Next

An attacker may use information (retrieved by sniffing the communication or by guessing) about a running Session established between two applications to inject manipulated Messages (with valid session information) that allow him or her to take over the Session from the authorized user.

An attacker may gain unauthorized access to data or perform unauthorized operations.

Session hijacking impacts all of the security objectives.

See 5.1.9 for the reconciliation of this threat.

Previous Next