CVE-2025-11043

An Improper Certificate Validation vulnerability in the OPC-UA client and ANSL over TLS client used in Automation Studio versions before 6.5 could allow an unauthenticated attacker on the network to position themselves to intercept and interfere with data exchanges...

CVE-2025-11043 Improper Server Certificate Validation in Automation Studio

An Improper Certificate Validation vulnerability in the OPC-UA client and ANSL over TLS client used in Automation Studio versions before 6.5 could allow an unauthenticated attacker on the network to position themselves to intercept and interfere with data exchanges...

CVE-2019-13542

3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all versions 3.5.11.0 to 3.5.15.0, allows an attacker to send crafted requests from a trusted OPC UA client that cause a NULL pointer dereference, which may trigger a denial-of-service condition...

CVE-2024-5000

An unauthenticated remote attacker can use a malicious OPC UA client to send a crafted request to affected CODESYS products which can cause a DoS due to incorrect calculation of buffer size...

CVE-2023-7234

OPCUAServerToolkit will write a log message once an OPC UA client has successfully connected containing the client's self-defined description field...

Design/Logic Flaw

OPCUAServerToolkit will write a log message once an OPC UA client has successfully connected containing the client's self-defined description field...

Mitsubishi Electric MELSOFT GT OPC UA

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSOFT GT OPC UA Client Vulnerabilities: Out-of-bounds Read, Integer Overflow or Wraparound 2. RISK EVALUATION Successful exploitation of these vulnerabilities could...

CVE-2021-42262

An issue was discovered in Softing OPC UA C++ SDK before 5.70. An invalid XML element in the type dictionary makes the OPC/UA client crash due to an out-of-memory condition...

CVE-2021-40871

An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66. Remote attackers to cause a denial of service DoS by sending crafted messages to a OPC/UA client. The client process may crash unexpectedly because of a wrong type cast, and must be restarted...

Null pointer dereference

3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all versions 3.5.11.0 to 3.5.15.0, allows an attacker to send crafted requests from a trusted OPC UA client that cause a NULL pointer dereference, which may trigger a denial-of-service condition...

GHSA-8336-MXP6-V5H9 Moderate severity vulnerability that affects OPCFoundation.NetStandard.Opc.Ua

Failure to validate certificates in OPC Foundation UA Client Applications communicating without security allows attackers with control over a piece of network infrastructure to decrypt passwords...

CVE-2018-12087

OPC Foundation UA Client Applications are affected by CVE-2018-12087 due to failure to validate certificates in communications without security. This allows an attacker who controls a segment of the network infrastructure to decrypt passwords, indicating a confidentiality impact. The vulnerabilit...

CVE-2018-12087

Failure to validate certificates in OPC Foundation UA Client Applications communicating without security allows attackers with control over a piece of network infrastructure to decrypt passwords...