CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31048
https://notcve.org/view.php?id=CVE-2023-31048
The OPC UA .NET Standard Reference Server before 1.4.371.86. places sensitive information into an error message that may be seen remotely. El servidor de referencia estándar OPC UA .NET anterior a 1.4.371.86. coloca información confidencial en un mensaje de error que puede verse de forma remota. • https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2023-31048.pdf https://github.com/OPCFoundation/UA-.NETStandard/releases https://github.com/OPCFoundation/UA-.NETStandard/releases/tag/1.4.371.86 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-32787 – Prosys OPC UA Simulation Server OpenSecureChannel Resource Exhaustion Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-32787
The OPC UA Legacy Java Stack before 6f176f2 enables an attacker to block OPC UA server applications via uncontrolled resource consumption so that they can no longer serve client applications. El OPC UA Legacy Java Stack anterior a 6f176f2 permite a un atacante bloquear aplicaciones del servidor OPC UA mediante el consumo incontrolado de recursos para que ya no puedan servir aplicaciones cliente. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Prosys OPC UA Simulation Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of OpenSecureChannel messages. By sending a large number of requests, an attacker can consume all available resources on the server. • https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2023-32787.pdf https://github.com/OPCFoundation/UA-Java-Legacy https://github.com/OPCFoundation/UA-Java-Legacy/commit/6f176f2b445a27c157f1a32f225accc9ce8873c0 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-44725
https://notcve.org/view.php?id=CVE-2022-44725
OPC Foundation Local Discovery Server (LDS) through 1.04.403.478 uses a hard-coded file path to a configuration file. This allows a normal user to create a malicious file that is loaded by LDS (running as a high-privilege user). OPC Foundation Local Discovery Server (LDS) hasta 1.04.403.478 utiliza una ruta de archivo codificada para un archivo de configuración. Esto permite a un usuario normal crear un archivo malicioso que LDS carga (ejecutándose como un usuario con altos privilegios). • https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2022-44725.pdf https://opcfoundation.org/developer-tools/samples-and-tools-unified-architecture/local-discovery-server-lds • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33916 – OPC Foundation UA .NET Standard BrowseRequest Missing Authentication Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-33916
OPC UA .NET Standard Reference Server 1.04.368 allows a remote attacker to cause the application to access sensitive information. OPC UA .NET Standard Reference Server versión 1.04.368, permite a un atacante remoto causar que la aplicación acceda a información confidencial. This vulnerability allows remote attackers to disclose sensitive information on affected installations of OPC Foundation UA .NET Standard. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of OPC UA BrowseRequests. The issue results from the lack of authentication prior to allowing access to functionality. • https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2022-33916.pdf https://opcfoundation.org •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-29863
https://notcve.org/view.php?id=CVE-2022-29863
OPC UA .NET Standard Stack 1.04.368 allows remote attacker to cause a crash via a crafted message that triggers excessive memory allocation. OPC UA .NET Standard Stack versión 1.04.368 ,permite a un atacante remoto causar un bloqueo por medio de un mensaje diseñado que desencadena una asignación de memoria excesiva • https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2022-29863.pdf https://opcfoundation.org/security • CWE-770: Allocation of Resources Without Limits or Throttling •