PT-2026-43234

An Allocation of Resources Without Limits or Throttling vulnerability in the OPC-UA Server used in PPT30 Operating System versions before 1.8.0 may be used by an unauthenticated network-based attacker to permanently prevent legitimate users from interacting with the service...

CVE-2025-60035

A vulnerability has been identified in the OPC.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data...

ABB B&R Automation Studio

SUMMARY ABB became aware of vulnerability in the product versions listed as affected in the advisory. An update is available that resolves a vulnerability. Successful exploitation of this vulnerability may enable an attacker to masquerade as a trusted party when B&R Automation Studio establishes...

PT-2026-3449

Name of the Vulnerable Software and Affected Versions Automation Studio versions prior to 6.5 Description An Improper Certificate Validation issue exists in the OPC-UA client and ANSL over TLS client. This could allow an unauthenticated attacker on the network to intercept and interfere with data...

CVE-2025-7390

A malicious client can bypass the client certificate trust check of an opc.https server when the server endpoint is configured to allow only secure communication...

PT-2025-34191 · Unknown · Opc.Https Server

Name of the Vulnerable Software and Affected Versions: opc.https server affected versions not specified Description: A malicious client can bypass the client certificate trust check of an opc.https server when the server endpoint is configured to allow only secure communication. Recommendations: ...

[SECURITY] Fedora 41 Update: open62541-1.4.13-1.fc41

open62541 is a C-based library linking with C++ projects is possible with all necessary tools to implement dedicated OPC UA clients and servers, or to integrate OPC UA-based communication into existing applications...

The vulnerability of the LockOpcSettings method in the software for managing and monitoring remote devices in telemetry and telemechanics systems allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the LockOpcSettings method in the software for managing and monitoring remote devices in telemetry and telemechanics systems is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to compromise the...

The vulnerability of the OPC Server implementation in MIR and SCADA systems, related to the transmission of data in an open manner, allows attackers to disclose protected information.

The vulnerability of the OPC Server implementation and the MIIR SCADA system is related to the transmission of data in an open manner. Exploiting this vulnerability can allow a malicious actor to disclose the protected information...

Schneider Electric EcoStruxure Control Expert、EcoStruxure Process Expert和OPC Factory Server 输入验证错误漏洞

Schneider Electric EcoStruxure Control Expert formerly known as Unity Pro, among others, is a product of Schneider Electric, France.Schneider Electric EcoStruxure Control Expert is a suite of programming software for Schneider Electric logic controller products. Schneider Electric EcoStruxure...

OPC UA.NET Standard 安全漏洞

OPC UA.NET Standard is a set of Unified Architecture standards from the OPC Foundation of America for the development of OPC UA applications. A security vulnerability exists in OPC UA .NET Standard. An attacker exploiting the vulnerability could consume all available resources on the server...

Softing OPC UA C++ SDK Security Vulnerability

The Softing OPC UA C++ SDK is a development kit from Softing Germany. It is used to quickly and easily integrate OPC UA clients and servers. A security vulnerability exists in versions of Softing OPC UA C++ SDK prior to V1.30, which stems from an uncaught exception issue that may cause the...

The vulnerability lies in the implementation of OPC UA software methods for connection integration with the Softing OPC UA C++ SDK, as well as the Secure Integration Server data integration tool. This allows attackers to execute arbitrary code.

The vulnerability of the implementation of OPC UA software for connectivity integration with Softing OPC UA C++ SDK lies in the incorrect path name limitation for accessing the restricted directory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

The vulnerability of the OPC UA Server software for integration systems and automation devices in industrial applications allows a perpetrator to trigger a service failure.

The vulnerability of the OPC UA Server software for integration systems and automation devices in industrial applications is related to pointer assignment errors. Exploiting this vulnerability could allow a malicious actor to cause service failures...

The vulnerability of the data exchange server between automation systems and devices, using the OPC AO-OPC standard, arises from the absence of quotation marks in the syntax of elements or search paths. This allows attackers to execute arbitrary code and increase their privileges.

The vulnerability of the data exchange server between automation systems and devices, using the OPC AO-OPC standard, is related to the absence of quotation marks in the syntax of elements or search paths. Exploiting this vulnerability allows attackers to execute arbitrary code and increase their...

The vulnerabilities of the software implementations of OPC UA methods for integrating communication with the Softing OPC UA C++ SDK, the data integration tool Softing edgeAggregator, and the software modules for connecting controllers such as Softing edgeConnector Modbus, Softing edgeConnector 840D, and Softing edgeConnector Siemens, allow attackers to cause service interruptions.

The vulnerability of the implementation of OPC UA software for connection integration with Softing OPC UA C++ SDK, the data integration tool Softing edgeAggregator, and the software modules for connecting controllers such as Softing edgeConnector Modbus, Softing edgeConnector 840D, and Softing...

The vulnerability of the Ethernet interfaces of Tofino Xenon Security Appliance, Tofino Argon Security Appliance, and EAGLE 20 Tofino lies in the execution of operations outside the buffer in memory, allowing attackers to cause system failures.

The vulnerability of the Tofino Xenon Security Appliance, Tofino Argon Security Appliance, and EAGLE 20 Tofino lies in the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow a malicious actor to cause service failures using specially created OPC packets...

The vulnerability of the OPC UA node-opcua software implementation, related to incorrect resource cleanup or release, allows a perpetrator to trigger a service failure.

The vulnerability of the OPC UA node-opcua software implementation is related to incorrect cleaning or release of resources. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures...

The vulnerabilities of opcua and asyncua libraries are related to uncontrolled resource consumption, which allows attackers to cause service failures.

The vulnerability of opcua and asyncua libraries is related to uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures...

The vulnerability of implementations of data transfer specifications in industrial networks using OPC UA .NET Standard and OPC UA .NET Legacy lies in the uncontrolled recursion involved. This allows attackers to trigger service failures.

The vulnerability of data transmission implementations in industrial networks using OPC UA .NET Standard and OPC UA .NET Legacy is related to uncontrolled recursion. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...