ZDI-20-536: (Pwn2Own) OPC Foundation UA .NET Standard CreateSessionRequest Race Condition Denial-of-Service Vulnerability
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of sessions. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to create a denial-of-service condition against the application.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OPC Foundation Unified Architecture .NET Standard |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of ZDI-20-536?
The severity of ZDI-20-536 is considered high due to its potential to cause denial-of-service conditions.
How do I fix ZDI-20-536?
To fix ZDI-20-536, ensure that you apply the latest patches provided by OPC Foundation for the UA .NET Standard software.
Who is affected by ZDI-20-536?
ZDI-20-536 affects installations of OPC Foundation UA .NET Standard software.
What impact does ZDI-20-536 have on systems?
ZDI-20-536 can lead to a denial-of-service condition, disrupting the availability of affected systems.
Is authentication required to exploit ZDI-20-536?
No, authentication is not required to exploit the vulnerability identified in ZDI-20-536.
- agent/references
- agent/type
- agent/softwarecombine
- agent/severity
- agent/title
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/zdi-advisory
- source/ZDI
- alias/ZDI-20-536
- alias/ZDI-CAN-10295
- alias/CVE-2020-8867
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/opc foundation
- canonical/opc foundation unified architecture .net standard