Opcfoundation: Security Vulnerabilities
OPC Foundation UA .NET Standard ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20505.
CVSS Score
7.5
EPSS Score
0.01
Published
2024-05-07
The OPC UA .NET Standard Reference Server before 1.4.371.86. places sensitive information into an error message that may be seen remotely.
CVSS Score
5.3
EPSS Score
0.004
Published
2023-12-12
The OPC UA Legacy Java Stack before 6f176f2 enables an attacker to block OPC UA server applications via uncontrolled resource consumption so that they can no longer serve client applications.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-05-15
OPC Foundation Local Discovery Server (LDS) through 1.04.403.478 uses a hard-coded file path to a configuration file. This allows a normal user to create a malicious file that is loaded by LDS (running as a high-privilege user).
CVSS Score
7.8
EPSS Score
0.001
Published
2022-11-17
OPC UA .NET Standard Reference Server 1.04.368 allows a remote attacker to cause the application to access sensitive information.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-08-23
OPC UA .NET Standard Stack 1.04.368 allows remote attacker to cause a crash via a crafted message that triggers excessive memory allocation.
CVSS Score
7.5
EPSS Score
0.006
Published
2022-06-16
OPC UA .NET Standard Stack 1.04.368 allows a remote attacker to cause a server to crash via a large number of messages that trigger Uncontrolled Resource Consumption.
CVSS Score
7.5
EPSS Score
0.022
Published
2022-06-16
OPC UA .NET Standard Stack 1.04.368 allows a remote attacker to exhaust the memory resources of a server via a crafted request that triggers Uncontrolled Resource Consumption.
CVSS Score
7.5
EPSS Score
0.008
Published
2022-06-16
An infinite loop in OPC UA .NET Standard Stack 1.04.368 allows a remote attackers to cause the application to hang via a crafted message.
CVSS Score
7.5
EPSS Score
0.013
Published
2022-06-16
OPC UA .NET Standard Stack allows a remote attacker to bypass the application authentication check via crafted fake credentials.
CVSS Score
7.5
EPSS Score
0.007
Published
2022-06-16
Page 1