Timing Attack

Overview OPCFoundation.NetStandard.Opc.Ua is a package that contains the OPC UA reference implementation and is targeting the .NET Standard Library. Affected versions of this package are vulnerable to Timing Attack when using the deprecated Basic128Rsa15 security policy disabled by default. This...

Server Performance Degradation

OPCFoundation/UA-.NETStandard is vulnerable to Server Performance Degradation. The vulnerability is due to improper handling of requests with invalid credentials, which allows a remote attacker to degrade server performance gradually...

GHSA-4Q2P-HWMR-QCXC OPCFoundation.NetStandard.Opc.Ua.Core buffer-management vulnerability

A buffer-management vulnerability in OPC Foundation OPCFoundation.NetStandard.Opc.Ua.Core before 1.5.374.54 could allow remote attackers to exhaust memory resources. It is triggered when the system receives an excessive number of messages from a remote source. This could potentially lead to a...

OPCFoundation.NetStandard.Opc.Ua.Core buffer-management vulnerability

A buffer-management vulnerability in OPC Foundation OPCFoundation.NetStandard.Opc.Ua.Core before 1.5.374.54 could allow remote attackers to exhaust memory resources. It is triggered when the system receives an excessive number of messages from a remote source. This could potentially lead to a...

Information Disclosure

opcfoundation.netstandard.opc.ua is vulnerable to Information Disclosure. The vulnerability exists because the library does not properly validate permissions if the client requests DiagnosticInfo, which allows an attacker to send malicious requests that expose sensitive information through log...

Denial Of Services (DoS)

OPCFoundation.NetStandard.Opc.Ua.Server is vulnerable to Denial Of Services DoS. The vulnerability exists due to the uncontrolled resource consumption in the library, which allows an attacker to send malicious requests that consume all memory available to the server, leading to an application cra...

Information Disclosure

opcfoundation.netstandard.opc.ua.server is vulnerable to information disclosure. A remote unauthenticated attacker is able to gain access to sensitive user information due to the improper access controls in diagnostic nodes...

Denial Of Service (DoS)

OPCFoundation.NetStandard.Opc.Ua is vulnerable to denial of service. The vulnerability exists due to improper configuration of maximum chunk count which allows malicious clients to cause an application crash via a carefully crafted message...

Denial Of Service (DoS)

OPCFoundation.NetStandard.Opc.Ua is vulnerable to denial of service. The vulnerability exists due to the lack of maximum chunk count check-in request and response messages, allowing malicious clients or servers to cause a peer to hang with a carefully crafted message sent during secure channel...

GHSA-VHFW-V69P-CRCW Uncontrolled Resource Consumption in OPCFoundation.NetStandard.Opc.Ua.Core

A vulnerability was discovered in the OPC UA .NET Standard Stack that allows a malicious client to cause a server to trigger an out of memory exception by sending a large number of message chunks...

CVE-2021-40142

In OPC Foundation Local Discovery Server LDS before 1.04.402.463, remote attackers can cause a denial of service DoS by sending carefully crafted messages that lead to Access of a Memory Location After the End of a Buffer...

CVE-2017-12070

Unsigned versions of the DLLs distributed by the OPC Foundation may be replaced with malicious code...