Opcfoundation: >> Ua-.net-Legacy Security Vulnerabilities
OPC Foundation UA .NET Standard versions prior to 1.4.365.48 and OPC UA .NET Legacy are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow.
CVSS Score
7.5
EPSS Score
0.002
Published
2021-05-20
Failure to validate certificates in OPC Foundation UA Client Applications communicating without security allows attackers with control over a piece of network infrastructure to decrypt passwords.
CVSS Score
5.3
EPSS Score
0.0
Published
2018-10-03
An XXE vulnerability in the OPC UA Java and .NET Legacy Stack can allow remote attackers to trigger a denial of service.
CVSS Score
8.2
EPSS Score
0.006
Published
2018-09-14
Unsigned versions of the DLLs distributed by the OPC Foundation may be replaced with malicious code.
CVSS Score
8.8
EPSS Score
0.004
Published
2018-06-14
An issue was discovered in OPC UA .NET Standard Stack and Sample Code before GitHub commit 2018-04-12, and OPC UA .NET Legacy Stack and Sample Code before GitHub commit 2018-03-13. A vulnerability in OPC UA applications can allow a remote attacker to determine a Server's private key by sending carefully constructed bad UserIdentityTokens as part of an oracle attack.
CVSS Score
5.3
EPSS Score
0.003
Published
2018-06-13