Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Opcfoundation Subscribe

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-31048 1 Opcfoundation 1 Ua-.netstandard 2023-12-18 N/A 5.3 MEDIUM
The OPC UA .NET Standard Reference Server before 1.4.371.86. places sensitive information into an error message that may be seen remotely.
CVE-2021-45117 1 Opcfoundation 1 Ua-nodeset 2022-05-10 4.3 MEDIUM 6.5 MEDIUM
The OPC autogenerated ANSI C stack stubs (in the NodeSets) do not handle all error cases. This can lead to a NULL pointer dereference.
CVE-2020-29457 1 Opcfoundation 1 Ua-.netstandard 2021-03-26 2.1 LOW 4.4 MEDIUM
A Privilege Elevation vulnerability in OPC UA .NET Standard Stack 1.4.363.107 could allow a rogue application to establish a secure connection.
CVE-2018-7559 1 Opcfoundation 2 Ua-.net-legacy, Ua-.netstandard 2019-06-10 3.5 LOW 5.3 MEDIUM
An issue was discovered in OPC UA .NET Standard Stack and Sample Code before GitHub commit 2018-04-12, and OPC UA .NET Legacy Stack and Sample Code before GitHub commit 2018-03-13. A vulnerability in OPC UA applications can allow a remote attacker to determine a Server's private key by sending carefully constructed bad UserIdentityTokens as part of an oracle attack.
CVE-2018-12087 1 Opcfoundation 2 Ua-.net-legacy, Ua-.netstandard 2019-01-14 2.1 LOW 5.3 MEDIUM
Failure to validate certificates in OPC Foundation UA Client Applications communicating without security allows attackers with control over a piece of network infrastructure to decrypt passwords.
CVE-2017-17443 1 Opcfoundation 1 Local Discovery Server 2018-08-08 4.0 MEDIUM 6.5 MEDIUM
OPC Foundation Local Discovery Server (LDS) 1.03.370 required a security update to resolve multiple vulnerabilities that allow attackers to trigger a crash by placing invalid data into the configuration file. This vulnerability requires an attacker with access to the file system where the configuration file is stored; however, if the configuration file is altered the LDS will be unavailable until it is repaired.