Opcfoundation: Security Vulnerabilities
An infinite loop in OPC UA .NET Standard Stack 1.04.368 allows a remote attackers to cause the application to hang via a crafted message.
CVSS Score
7.5
EPSS Score
0.008
Published
2022-06-16
OPC UA .NET Standard Stack allows a remote attacker to bypass the application authentication check via crafted fake credentials.
CVSS Score
7.5
EPSS Score
0.005
Published
2022-06-16
OPC UA Legacy Java Stack 2022-04-01 allows a remote attacker to cause a server to stop processing messages by sending crafted messages that exhaust available resources.
CVSS Score
7.5
EPSS Score
0.011
Published
2022-05-20
The OPC autogenerated ANSI C stack stubs (in the NodeSets) do not handle all error cases. This can lead to a NULL pointer dereference.
CVSS Score
6.5
EPSS Score
0.005
Published
2022-03-21
In OPC Foundation Local Discovery Server (LDS) before 1.04.402.463, remote attackers can cause a denial of service (DoS) by sending carefully crafted messages that lead to Access of a Memory Location After the End of a Buffer.
CVSS Score
7.5
EPSS Score
0.008
Published
2021-08-27
OPC Foundation UA .NET Standard versions prior to 1.4.365.48 and OPC UA .NET Legacy are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow.
CVSS Score
7.5
EPSS Score
0.002
Published
2021-05-20
A Privilege Elevation vulnerability in OPC UA .NET Standard Stack 1.4.363.107 could allow a rogue application to establish a secure connection.
CVSS Score
4.4
EPSS Score
0.001
Published
2021-02-16
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard 1.04.358.30. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of sessions. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to create a denial-of-service condition against the application. Was ZDI-CAN-10295.
CVSS Score
5.3
EPSS Score
0.017
Published
2020-04-22
In OPC Foundation OPC UA .NET Standard codebase 1.4.357.28, servers do not create sufficiently random numbers in OPCFoundation.NetStandard.Opc.Ua before 1.4.359.31, which allows man in the middle attackers to reuse encrypted user credentials sent over the network.
CVSS Score
7.4
EPSS Score
0.003
Published
2020-03-16
Failure to validate certificates in OPC Foundation UA Client Applications communicating without security allows attackers with control over a piece of network infrastructure to decrypt passwords.
CVSS Score
5.3
EPSS Score
0.0
Published
2018-10-03