Filtered by vendor Opcfoundation
Subscribe
Search
Total
14 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-29866 | 1 Opcfoundation | 1 Ua .net Standard Stack | 2022-06-27 | 5.0 MEDIUM | 7.5 HIGH |
| OPC UA .NET Standard Stack 1.04.368 allows a remote attacker to exhaust the memory resources of a server via a crafted request that triggers Uncontrolled Resource Consumption. | |||||
| CVE-2022-29863 | 1 Opcfoundation | 1 Ua .net Standard Stack | 2022-06-27 | 5.0 MEDIUM | 7.5 HIGH |
| OPC UA .NET Standard Stack 1.04.368 allows remote attacker to cause a crash via a crafted message that triggers excessive memory allocation. | |||||
| CVE-2022-29864 | 1 Opcfoundation | 1 Ua .net Standard Stack | 2022-06-27 | 5.0 MEDIUM | 7.5 HIGH |
| OPC UA .NET Standard Stack 1.04.368 allows a remote attacker to cause a server to crash via a large number of messages that trigger Uncontrolled Resource Consumption. | |||||
| CVE-2022-29865 | 1 Opcfoundation | 1 Ua .net Standard Stack | 2022-06-27 | 5.0 MEDIUM | 7.5 HIGH |
| OPC UA .NET Standard Stack allows a remote attacker to bypass the application authentication check via crafted fake credentials. | |||||
| CVE-2022-29862 | 1 Opcfoundation | 1 Ua .net Standard Stack | 2022-06-27 | 5.0 MEDIUM | 7.5 HIGH |
| An infinite loop in OPC UA .NET Standard Stack 1.04.368 allows a remote attackers to cause the application to hang via a crafted message. | |||||
| CVE-2022-30551 | 1 Opcfoundation | 1 Ua-java | 2022-06-01 | 5.0 MEDIUM | 7.5 HIGH |
| OPC UA Legacy Java Stack 2022-04-01 allows a remote attacker to cause a server to stop processing messages by sending crafted messages that exhaust available resources. | |||||
| CVE-2021-40142 | 1 Opcfoundation | 1 Local Discover Server | 2022-05-10 | 5.0 MEDIUM | 7.5 HIGH |
| In OPC Foundation Local Discovery Server (LDS) before 1.04.402.463, remote attackers can cause a denial of service (DoS) by sending carefully crafted messages that lead to Access of a Memory Location After the End of a Buffer. | |||||
| CVE-2019-19135 | 1 Opcfoundation | 2 Netstandard.opc.ua, Ua-.netstandard | 2021-07-21 | 5.8 MEDIUM | 7.4 HIGH |
| In OPC Foundation OPC UA .NET Standard codebase 1.4.357.28, servers do not create sufficiently random numbers in OPCFoundation.NetStandard.Opc.Ua before 1.4.359.31, which allows man in the middle attackers to reuse encrypted user credentials sent over the network. | |||||
| CVE-2021-27432 | 1 Opcfoundation | 2 Ua-.net-legacy, Ua .net Standard Stack | 2021-06-01 | 5.0 MEDIUM | 7.5 HIGH |
| OPC Foundation UA .NET Standard versions prior to 1.4.365.48 and OPC UA .NET Legacy are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow. | |||||
| CVE-2018-12086 | 2 Debian, Opcfoundation | 5 Debian Linux, Unified Architecture-.net-legacy, Unified Architecture-java and 2 more | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| Buffer overflow in OPC UA applications allows remote attackers to trigger a stack overflow with carefully structured requests. | |||||
| CVE-2020-8867 | 1 Opcfoundation | 1 Unified Architecture .net-standard | 2020-04-29 | 5.0 MEDIUM | 7.5 HIGH |
| This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard 1.04.358.30. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of sessions. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to create a denial-of-service condition against the application. Was ZDI-CAN-10295. | |||||
| CVE-2018-12585 | 1 Opcfoundation | 2 Ua-.net-legacy, Ua-java | 2018-11-27 | 6.4 MEDIUM | 8.2 HIGH |
| An XXE vulnerability in the OPC UA Java and .NET Legacy Stack can allow remote attackers to trigger a denial of service. | |||||
| CVE-2017-12070 | 1 Opcfoundation | 1 Ua-.net-legacy | 2018-08-07 | 6.8 MEDIUM | 8.8 HIGH |
| Unsigned versions of the DLLs distributed by the OPC Foundation may be replaced with malicious code. | |||||
| CVE-2017-11672 | 1 Opcfoundation | 1 Local Discovery Server | 2018-08-07 | 7.2 HIGH | 7.8 HIGH |
| The OPC Foundation Local Discovery Server (LDS) before 1.03.367 is installed as a Windows Service without adding double quotes around the opcualds.exe executable path, which might allow local users to gain privileges. | |||||