CVE-2021-45117
https://notcve.org/view.php?id=CVE-2021-45117
The OPC autogenerated ANSI C stack stubs (in the NodeSets) do not handle all error cases. This can lead to a NULL pointer dereference. Los stubs de pila ANSI C autogenerados por OPC (en los NodeSets) no manejan todos los casos de error. Esto puede conllevar a una desreferencia de puntero NULL • https://cert-portal.siemens.com/productcert/pdf/ssa-285795.pdf https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2021-45117.pdf https://www.youtube.com/watch?v=qv-RBdCaV4k • CWE-476: NULL Pointer Dereference •
CVE-2021-40142
https://notcve.org/view.php?id=CVE-2021-40142
In OPC Foundation Local Discovery Server (LDS) before 1.04.402.463, remote attackers can cause a denial of service (DoS) by sending carefully crafted messages that lead to Access of a Memory Location After the End of a Buffer. En OPC Foundation Local Discovery Server (LDS) versiones anteriores a 1.04.402.463, unos atacantes remotos pueden causar una denegación de servicio (DoS) mediante el envío de mensajes cuidadosamente diseñados que conllevan a el Acceso a una Ubicación de Memoria Después del Final de un Búfer. • https://cert-portal.siemens.com/productcert/pdf/ssa-321292.pdf https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2021-40142.pdf https://opcfoundation.org/security-bulletins • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2021-27432
https://notcve.org/view.php?id=CVE-2021-27432
OPC Foundation UA .NET Standard versions prior to 1.4.365.48 and OPC UA .NET Legacy are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow. OPC Foundation UA ??.NET Standard versiones anteriores a 1.4.365.48 y OPC UA .NET Legacy, son vulnerables a una recursividad no controlada, que puede permitir a un atacante desencadenar un desbordamiento de pila • https://us-cert.cisa.gov/ics/advisories/icsa-21-133-03 • CWE-674: Uncontrolled Recursion •
CVE-2020-29457
https://notcve.org/view.php?id=CVE-2020-29457
A Privilege Elevation vulnerability in OPC UA .NET Standard Stack 1.4.363.107 could allow a rogue application to establish a secure connection. Una vulnerabilidad de Elevación de Privilegios en OPC UA .NET Standard Stack versión 1.4.363.107 podría permitir a una aplicación fraudulenta establecer una conexión segura. • https://github.com/OPCFoundation/UA-.NETStandard https://opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2020-29457.pdf https://www.nuget.org/packages/OPCFoundation.NetStandard.Opc.Ua • CWE-295: Improper Certificate Validation •
CVE-2020-8867 – OPC Foundation UA .NET Standard CreateSessionRequest Race Condition Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-8867
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard 1.04.358.30. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of sessions. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to create a denial-of-service condition against the application. • https://opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2020-8867.pdf https://www.zerodayinitiative.com/advisories/ZDI-20-536 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition CWE-613: Insufficient Session Expiration •