Mondoo
Docs
Operating Systems

Secure OPC UA Industrial Systems with cnspec

Scan Linux-based industrial control systems via OPC UA with cnspec.

Scan your Linux-based industrial control systems through the OPC UA (Open Platform Communications Unified Architecture) protocol. cnspec evaluates server configuration, namespaces, and node hierarchy on industrial automation systems such as Phoenix Contact PLCnext controllers.

Prerequisites

To scan an OPC UA system with cnspec, you must have:

Connect to an industrial system

Provide the endpoint URL when opening a cnspec shell:

cnspec shell opcua --endpoint opc.tcp://HOST:PORT
PlaceholderValue
HOSTThe industrial system hostname or IP address
PORTThe OPC UA server port (typically 4840)

For example, to connect to a PLCnext controller:

cnspec shell opcua --endpoint opc.tcp://192.168.1.50:4840

Scan an industrial system

cnspec scan opcua --endpoint opc.tcp://192.168.1.50:4840

Scan with the Mondoo Phoenix PLCnext Security policy

Mondoo maintains an out-of-the-box Phoenix Contact PLCnext Security policy that checks server configuration and node hygiene on PLCnext controllers and other OPC UA endpoints.

Mondoo Platform users: Enable the policy in your space. In the Mondoo App, go to Findings > Policies, search for "PLCnext", and add the policy. To learn more, read Manage Policies.

Open source users: Pass the policy bundle URL directly to cnspec:

cnspec scan opcua --endpoint opc.tcp://192.168.1.50:4840 \
  --policy-bundle https://raw.githubusercontent.com/mondoohq/cnspec/refs/heads/main/content/mondoo-phoenix-plcnext-security.mql.yaml

You can also create your own policies to meet your specific requirements.

Explore and test checks interactively

Retrieve OPC UA server information

cnspec> opcua.server
opcua.server: {
  ...
}

Retrieve all namespaces

cnspec> opcua.namespaces
opcua.namespaces: [
  0: opcua.namespace name="http://opcfoundation.org/UA/"
  ...
]

Retrieve the root node

cnspec> opcua.root
opcua.root: opcua.node id="i=84" name="Root"

List all nodes

cnspec> opcua.nodes
opcua.nodes: [
  0: opcua.node id="i=84" name="Root"
  1: opcua.node id="i=85" name="Objects"
  ...
]

Learn more

Windows

Scan Windows systems against security and compliance best practices with cnspec.

FreeBSD

Scan FreeBSD systems against security and compliance best practices with cnspec.

On this page

PrerequisitesConnect to an industrial systemScan an industrial systemScan with the Mondoo Phoenix PLCnext Security policyExplore and test checks interactivelyRetrieve OPC UA server informationRetrieve all namespacesRetrieve the root nodeList all nodesLearn more