CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45526
https://notcve.org/view.php?id=CVE-2024-45526
22 Oct 2024 — An issue was discovered in OPC Foundation OPCFoundation/UA-.NETStandard through 1.5.374.78. A remote attacker can send requests with invalid credentials and cause the server performance to degrade gradually. • https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2024-45526.pdf • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33862
https://notcve.org/view.php?id=CVE-2024-33862
05 Jul 2024 — A buffer-management vulnerability in OPC Foundation OPCFoundation.NetStandard.Opc.Ua.Core before 1.05.374.54 could allow remote attackers to exhaust memory resources. It is triggered when the system receives an excessive number of messages from a remote source. This could potentially lead to a denial of service (DoS) condition, disrupting the normal operation of the system. Una vulnerabilidad de gestión del búfer en OPC Foundation OPCFoundation.NetStandard.Opc.Ua.Core anterior a 1.05.374.54 podría permitir ... • https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2024-33862.pdf • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31048
https://notcve.org/view.php?id=CVE-2023-31048
12 Dec 2023 — The OPC UA .NET Standard Reference Server before 1.4.371.86. places sensitive information into an error message that may be seen remotely. El servidor de referencia estándar OPC UA .NET anterior a 1.4.371.86. coloca información confidencial en un mensaje de error que puede verse de forma remota. • https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2023-31048.pdf • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-32787 – Prosys OPC UA Simulation Server OpenSecureChannel Resource Exhaustion Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-32787
15 May 2023 — The OPC UA Legacy Java Stack before 6f176f2 enables an attacker to block OPC UA server applications via uncontrolled resource consumption so that they can no longer serve client applications. El OPC UA Legacy Java Stack anterior a 6f176f2 permite a un atacante bloquear aplicaciones del servidor OPC UA mediante el consumo incontrolado de recursos para que ya no puedan servir aplicaciones cliente. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of P... • https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2023-32787.pdf • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-44725
https://notcve.org/view.php?id=CVE-2022-44725
17 Nov 2022 — OPC Foundation Local Discovery Server (LDS) through 1.04.403.478 uses a hard-coded file path to a configuration file. This allows a normal user to create a malicious file that is loaded by LDS (running as a high-privilege user). OPC Foundation Local Discovery Server (LDS) hasta 1.04.403.478 utiliza una ruta de archivo codificada para un archivo de configuración. Esto permite a un usuario normal crear un archivo malicioso que LDS carga (ejecutándose como un usuario con altos privilegios). • https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2022-44725.pdf • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33916 – OPC Foundation UA .NET Standard BrowseRequest Missing Authentication Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-33916
05 Aug 2022 — OPC UA .NET Standard Reference Server 1.04.368 allows a remote attacker to cause the application to access sensitive information. OPC UA .NET Standard Reference Server versión 1.04.368, permite a un atacante remoto causar que la aplicación acceda a información confidencial. This vulnerability allows remote attackers to disclose sensitive information on affected installations of OPC Foundation UA .NET Standard. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ... • https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2022-33916.pdf •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-29863
https://notcve.org/view.php?id=CVE-2022-29863
16 Jun 2022 — OPC UA .NET Standard Stack 1.04.368 allows remote attacker to cause a crash via a crafted message that triggers excessive memory allocation. OPC UA .NET Standard Stack versión 1.04.368 ,permite a un atacante remoto causar un bloqueo por medio de un mensaje diseñado que desencadena una asignación de memoria excesiva • https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2022-29863.pdf • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2022-29862
https://notcve.org/view.php?id=CVE-2022-29862
16 Jun 2022 — An infinite loop in OPC UA .NET Standard Stack 1.04.368 allows a remote attackers to cause the application to hang via a crafted message. Un bucle infinito en OPC UA .NET Standard Stack versión 1.04.368, permite a un atacante remoto causar a la aplicación colgarse por medio de un mensaje diseñado • https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2022-29862.pdf • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0CVE-2022-29864 – OPC Foundation UA .NET Standard Resource Exhaustion Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-29864
16 Jun 2022 — OPC UA .NET Standard Stack 1.04.368 allows a remote attacker to cause a server to crash via a large number of messages that trigger Uncontrolled Resource Consumption. OPC UA .NET Standard Stack versión 1.04.368, permite a un atacante remoto causar el bloqueo de un servidor por medio de un gran número de mensajes que desencadenan un Consumo Descontrolado de Recursos This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard.... • https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2022-29864.pdf • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-29865 – OPC Foundation UA .NET Standard Improper Input Validation Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2022-29865
16 Jun 2022 — OPC UA .NET Standard Stack allows a remote attacker to bypass the application authentication check via crafted fake credentials. OPC UA .NET Standard Stack permite a un atacante remoto eludir la comprobación de autenticación de la aplicación por medio de credenciales falsas diseñadas This vulnerability allows remote attackers to bypass authentication on affected installations of OPC Foundation UA .NET Standard. Authentication is not required to exploit this vulnerability. The specific flaw exists within the... • https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2022-29865.pdf • CWE-287: Improper Authentication •