OPC Foundation UA Products Built with .NET Framework

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: OPC Foundation Equipment: OPC UA Servers Vulnerability: Uncontrolled Recursion 2. RISK EVALUATION Successful exploitation of this vulnerability could trigger a stack overflow. 3. TECHNICAL DETAILS 3.1...

Privilege Escalation

OPC UA Clients and Servers built with the OPC UA .NET Standard stack is vulnerable to privilege escalation. The vulnerability exists because that it allows a rogue application to establish a secure connection using invalid certificates...

CVE-2020-29457

A Privilege Elevation vulnerability in OPC UA .NET Standard Stack 1.4.363.107 could allow a rogue application to establish a secure connection...

CVE-2020-29457

A Privilege Elevation vulnerability in OPC UA .NET Standard Stack 1.4.363.107 could allow a rogue application to establish a secure connection...

Privilege escalation

A Privilege Elevation vulnerability in OPC UA .NET Standard Stack 1.4.363.107 could allow a rogue application to establish a secure connection...

CVE-2020-29457

CVE-2020-29457 reports a Privilege Elevation vulnerability in OPC UA .NET Standard Stack 1.4.363.107 that could allow a rogue application to establish a secure connection. Connected sources describe improper certificate validation, enabling connections using invalid certificates, affecting OPC UA...

CVE-2020-29457

A Privilege Elevation vulnerability in OPC UA .NET Standard Stack 1.4.363.107 could allow a rogue application to establish a secure connection...

OPC Foundation UA.NET Standard Trust Management Issue Vulnerability

OPC Foundation UA.NET Standard is a set of Unified Architecture standards from the OPC Foundation Opc Foundation for the development of OPC UA applications. A trust management issue vulnerability exists in OPC UA .NET Standard Stack 1.4.363.107, which allows an attacker to establish a connection...

(Pwn2Own) OPC Foundation UA .NET Standard CreateSessionRequest Race Condition Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of sessions. The issue results from the lack ...

Code injection

In OPC Foundation OPC UA .NET Standard codebase 1.4.357.28, servers do not create sufficiently random numbers in OPCFoundation.NetStandard.Opc.Ua before 1.4.359.31, which allows man in the middle attackers to reuse encrypted user credentials sent over the network...

CVE-2019-19135

In OPC Foundation OPC UA .NET Standard codebase 1.4.357.28, servers do not create sufficiently random numbers in OPCFoundation.NetStandard.Opc.Ua before 1.4.359.31, which allows man in the middle attackers to reuse encrypted user credentials sent over the network...

CVE-2019-19135

CVE-2019-19135 concerns the OPC Foundation OPC UA .NET Standard stack (version 1.4.357.28) where servers do not generate sufficiently random numbers before 1.4.359.31. This weakness can allow a remote attacker to perform a MITM and reuse encrypted user credentials sent over the network. Public do...

OPC UA applications can allow a remote attacker to determine a Server's private key

An issue was discovered in OPC UA .NET Standard Stack and Sample Code before GitHub commit 2018-04-12, and OPC UA .NET Legacy Stack and Sample Code before GitHub commit 2018-03-13. A vulnerability in OPC UA applications can allow a remote attacker to determine a Server's private key by sending...

Code injection

An issue was discovered in OPC UA .NET Standard Stack and Sample Code before GitHub commit 2018-04-12, and OPC UA .NET Legacy Stack and Sample Code before GitHub commit 2018-03-13. A vulnerability in OPC UA applications can allow a remote attacker to determine a Server's private key by sending...

CVE-2018-7559

An issue was discovered in OPC UA .NET Standard Stack and Sample Code before GitHub commit 2018-04-12, and OPC UA .NET Legacy Stack and Sample Code before GitHub commit 2018-03-13. A vulnerability in OPC UA applications can allow a remote attacker to determine a Server's private key by sending...

CVE-2018-7559

An issue was discovered in OPC UA .NET Standard Stack and Sample Code before GitHub commit 2018-04-12, and OPC UA .NET Legacy Stack and Sample Code before GitHub commit 2018-03-13. A vulnerability in OPC UA applications can allow a remote attacker to determine a Server's private key by sending...

CVE-2018-7559

The CVE-2018-7559 issue affects OPC UA .NET Standard/Legacy Stack and Sample Code, where remote attackers can determine a server’s private key by sending specially crafted bad UserIdentityTokens as part of an oracle attack. Public details reference GitHub commits before 2018-04-12 (Standard) and ...

CVE-2018-7559

An issue was discovered in OPC UA .NET Standard Stack and Sample Code before GitHub commit 2018-04-12, and OPC UA .NET Legacy Stack and Sample Code before GitHub commit 2018-03-13. A vulnerability in OPC UA applications can allow a remote attacker to determine a Server's private key by sending...