Latest Opcfoundation Vulnerabilities

CVE-2023-32787
The OPC UA Legacy Java Stack before 6f176f2 enables an attacker to block OPC UA server applications via uncontrolled resource consumption so that they can no longer serve client applications.
Opcfoundation Ua Java Legacy<2023-04-28
Prosysopc Ua Historian<1.2.0
Prosysopc Ua Modbus Server<1.4.20
Prosysopc Ua Simulation Server<5.4.2
CVE-2023-31048
This security update resolves a vulnerability in the OPC UA .NET Standard Reference Server that allows remote attackers to send malicious requests that expose sensitive information. https://files.opc...
Opcfoundation Ua-.netstandard<1.4.371.86
CVE-2022-33916
OPC UA .NET Standard Reference Server 1.04.368 allows a remote attacker to cause the application to access sensitive information.
Opcfoundation Ua .net Standard Stack=1.04.368
CVE-2022-29864
OPC UA .NET Standard Stack 1.04.368 allows a remote attacker to cause a server to crash via a large number of messages that trigger Uncontrolled Resource Consumption.
Opcfoundation Ua .net Standard Stack<1.4.368.58
CVE-2022-29866
OPC UA .NET Standard Stack 1.04.368 allows a remote attacker to exhaust the memory resources of a server via a crafted request that triggers Uncontrolled Resource Consumption.
Opcfoundation Ua .net Standard Stack<1.4.368.58
CVE-2022-29862
An infinite loop in OPC UA .NET Standard Stack 1.04.368 allows a remote attackers to cause the application to hang via a crafted message.
Opcfoundation Ua .net Standard Stack<1.4.368.58
CVE-2022-29865
OPC UA .NET Standard Stack allows a remote attacker to bypass the application authentication check via crafted fake credentials.
Opcfoundation Ua .net Standard Stack<1.4.368.58
CVE-2022-30551
OPC UA Legacy Java Stack 2022-04-01 allows a remote attacker to cause a server to stop processing messages by sending crafted messages that exhaust available resources.
Opcfoundation Ua-java=2022-04-01
CVE-2021-45117
The OPC autogenerated ANSI C stack stubs (in the NodeSets) do not handle all error cases. This can lead to a NULL pointer dereference.
Opcfoundation Ua-nodeset<1.05.01
Siemens Simatic Net Pc=14
Siemens Simatic Net Pc=15
Siemens Simatic Net Pc=16
Siemens Simatic Net Pc=17
Siemens Sitop Manager
and 1 more
CVE-2021-40142
In OPC Foundation Local Discovery Server (LDS) before 1.04.402.463, remote attackers can cause a denial of service (DoS) by sending carefully crafted messages that lead to Access of a Memory Location ...
Opcfoundation Local Discover Server<1.04.402.463
Siemens Simatic Process Historian Opc Ua Server Firmware<2022
Siemens Simatic Process Historian Opc Ua Server Firmware=2022
Siemens Simatic Process Historian Opc Ua Server
Siemens Simatic Net Pc=14
Siemens Simatic Net Pc=15
and 6 more
CVE-2021-27432
OPC Foundation UA .NET Standard versions prior to 1.4.365.48 and OPC UA .NET Legacy are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow.
Opcfoundation Ua-.net-legacy
Opcfoundation Ua .net Standard Stack<1.4.365.48
CVE-2020-29457
A Privilege Elevation vulnerability in OPC UA .NET Standard Stack 1.4.363.107 could allow a rogue application to establish a secure connection.
Opcfoundation Ua-.netstandard<1.4.365.10
CVE-2020-8867
(Pwn2Own) OPC Foundation UA .NET Standard CreateSessionRequest Race Condition Denial-of-Service Vulnerability
Opcfoundation Unified Architecture .net-standard<=1.04.358.30
OPC Foundation UA .NET Standard
CVE-2019-19135
In OPC Foundation OPC UA .NET Standard codebase 1.4.357.28, servers do not create sufficiently random numbers in OPCFoundation.NetStandard.Opc.Ua before 1.4.359.31, which allows man in the middle atta...
Opcfoundation Netstandard.opc.ua<1.4.359.31
Opcfoundation Ua-.netstandard=1.4.357.28
CVE-2018-12087
Failure to validate certificates in OPC Foundation UA Client Applications communicating without security allows attackers with control over a piece of network infrastructure to decrypt passwords.
Opcfoundation Ua-.net-legacy>=1.03.342
Opcfoundation Ua-.netstandard>=1.4.353.15
CVE-2018-12585
An XXE vulnerability in the OPC UA Java and .NET Legacy Stack can allow remote attackers to trigger a denial of service.
Opcfoundation Ua-.net-legacy<=1.03.342
Opcfoundation Ua-java<=1.3.343
CVE-2018-12086
Buffer overflow in OPC UA applications allows remote attackers to trigger a stack overflow with carefully structured requests.
debian/wireshark
Opcfoundation Unified Architecture-.net-legacy<=1.03.342
Opcfoundation Unified Architecture-java<=1.03.343
Opcfoundation Unified Architecture .net-standard<=1.03.352.12
Opcfoundation Unified Architecture Ansic<=1.03.340
Debian Debian Linux=9.0
CVE-2017-12070
Unsigned versions of the DLLs distributed by the OPC Foundation may be replaced with malicious code.
Opcfoundation Ua-.net-legacy=1.02.336.0
CVE-2017-11672
The OPC Foundation Local Discovery Server (LDS) before 1.03.367 is installed as a Windows Service without adding double quotes around the opcualds.exe executable path, which might allow local users to...
Opcfoundation Local Discovery Server<1.03.367
CVE-2018-7559
An issue was discovered in OPC UA .NET Standard Stack and Sample Code before GitHub commit 2018-04-12, and OPC UA .NET Legacy Stack and Sample Code before GitHub commit 2018-03-13. A vulnerability in ...
Opcfoundation Ua-.net-legacy<=1.03.342
Opcfoundation Ua-.netstandard<=1.03.352.10

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203