Whom should I inform about the current issue with the default certificates in WinCC OA?
- Everyone responsible for the operation, the security or the engineering of a project.
- System Integrators?
Yes. Even if they are no longer responsible for certain projects.
They should be aware that they should create project specific certificates in every – especially new – projects and not use the provided default ones, espcially not in production.
- End customers?
Yes, as well. Eventually they are responsible for the security of their operations.
By using our default certificates - which are mainly provided for convenience and to increase security after installation - the level of security is diminished.