1307 matches found
CVE-2026-6899
CVE-2026-6899 affects the CycloneCrypto wrapper in the S2OPC library. The check for certificate revocation only reviews the first matching CRL and ignores other valid CRLs for the same CA, potentially allowing a revoked certificate to establish a connection between an OPC UA client and server. No...
S2OPC OPC UA Toolkit 安全漏洞
S2OPC OPC UA Toolkit is an open-source development toolkit for OPC UA communication, developed by Systerel. The S2OPC OPC UA Toolkit contains a security vulnerability. This vulnerability stems from the CycloneCrypto encryption wrapper, where certificate revocation checks only consider the first...
CVE-2025-11482
An Allocation of Resources Without Limits or Throttling vulnerability in the OPC-UA Server used in PPT30 Operating System versions before 1.8.0 may be used by an unauthenticated network-based attacker to permanently prevent legitimate users from interacting with the service...
CVE-2025-11482
An Allocation of Resources Without Limits or Throttling vulnerability in the OPC-UA Server used in PPT30 Operating System versions before 1.8.0 may be used by an unauthenticated network-based attacker to permanently prevent legitimate users from interacting with the service...
CVE-2025-11482 Allocation of Resources Without Limits or Throttling in the OPC-UA Server
An Allocation of Resources Without Limits or Throttling vulnerability in the OPC-UA Server used in PPT30 Operating System versions before 1.8.0 may be used by an unauthenticated network-based attacker to permanently prevent legitimate users from interacting with the service...
EUVD-2025-209928
An Allocation of Resources Without Limits or Throttling vulnerability in the OPC-UA Server used in PPT30 Operating System versions before 1.8.0 may be used by an unauthenticated network-based attacker to permanently prevent legitimate users from interacting with the service...
CVE-2025-11482 Allocation of Resources Without Limits or Throttling in the OPC-UA Server
An Allocation of Resources Without Limits or Throttling vulnerability in the OPC-UA Server used in PPT30 Operating System versions before 1.8.0 may be used by an unauthenticated network-based attacker to permanently prevent legitimate users from interacting with the service...
CVE-2025-11482
An Allocation of Resources Without Limits or Throttling vulnerability in the OPC-UA Server used in PPT30 Operating System versions before 1.8.0 may be used by an unauthenticated network-based attacker to permanently prevent legitimate users from interacting with the service...
B&R PPT30 Operating System
SUMMARY B&R is aware of a vulnerability in the product versions listed as affected in the advisory. An attacker who successfully exploits this vulnerability could make the OPC-UA server of the product inaccessible. 2. FREQUENTLY ASKED QUESTIONS What causes the vulnerability? - The vulnerability...
Wireshark 2.4.x < 2.4.10 Multiple Vulnerabilities (macOS)
The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 2.4.10. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-2.4.10 advisory. - In Wireshark 2.6.0 to 2.6.3 and 2.4.0 to 2.4.9, the MS-WSP protocol dissector could crash. This was...
Exploit for Uncontrolled Resource Consumption in Opcfoundation Ua-.Netstandard
OPC UA Authentication Challenge Gateway CDDC 2026 | Modular...
CVE-2021-27434
Products with Unified Automation .NET based OPC UA Client/Server SDK Bundle: Versions V3.0.7 and prior .NET 4.5, 4.0, and 3.5 Framework versions only are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow...
ICSSPulse: A Modular LLM-Assisted Platform for Industrial Control System Penetration Testing
It is well established that industrial control systems comprise the operational backbone of modern critical infrastructures, yet their increasing connectivity exposes them to cyber threats that are difficult to study and remedy safely under real-time operational conditions. In this paper, we...
CVE-2025-60035
A vulnerability has been identified in the OPC.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data...
CVE-2025-60035
A vulnerability has been identified in the OPC.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data...
CVE-2025-60035
A vulnerability has been identified in the OPC.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data...
PT-2026-20411
Name of the Vulnerable Software and Affected Versions Rexroth IndraWorks OPC.Testclient versions prior to 15V24 Description A flaw exists in the OPC.Testclient utility, included within Rexroth IndraWorks, that allows an attacker to execute arbitrary code on a user’s system. This is achieved by...
EUVD-2026-3213
An Improper Certificate Validation vulnerability in the OPC-UA client and ANSL over TLS client used in Automation Studio versions before 6.5 could allow an unauthenticated attacker on the network to position themselves to intercept and interfere with data exchanges...
CVE-2025-11043
An Improper Certificate Validation vulnerability in the OPC-UA client and ANSL over TLS client used in Automation Studio versions before 6.5 could allow an unauthenticated attacker on the network to position themselves to intercept and interfere with data exchanges...
CVE-2025-11043 Improper Server Certificate Validation in Automation Studio
An Improper Certificate Validation vulnerability in the OPC-UA client and ANSL over TLS client used in Automation Studio versions before 6.5 could allow an unauthenticated attacker on the network to position themselves to intercept and interfere with data exchanges...