Opcfoundation: Security Vulnerabilities
Unsigned versions of the DLLs distributed by the OPC Foundation may be replaced with malicious code.
CVSS Score
8.8
EPSS Score
0.004
Published
2018-06-14
The OPC Foundation Local Discovery Server (LDS) before 1.03.367 is installed as a Windows Service without adding double quotes around the opcualds.exe executable path, which might allow local users to gain privileges.
CVSS Score
7.8
EPSS Score
0.0
Published
2018-06-13
OPC Foundation Local Discovery Server (LDS) 1.03.370 required a security update to resolve multiple vulnerabilities that allow attackers to trigger a crash by placing invalid data into the configuration file. This vulnerability requires an attacker with access to the file system where the configuration file is stored; however, if the configuration file is altered the LDS will be unavailable until it is repaired.
CVSS Score
6.5
EPSS Score
0.004
Published
2018-06-13
An issue was discovered in OPC UA .NET Standard Stack and Sample Code before GitHub commit 2018-04-12, and OPC UA .NET Legacy Stack and Sample Code before GitHub commit 2018-03-13. A vulnerability in OPC UA applications can allow a remote attacker to determine a Server's private key by sending carefully constructed bad UserIdentityTokens as part of an oracle attack.
CVSS Score
5.3
EPSS Score
0.003
Published
2018-06-13
Page 3