CVE-2022-33916
OPC Foundation UA .NET Standard BrowseRequest Missing Authentication Information Disclosure Vulnerability
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
OPC UA .NET Standard Reference Server 1.04.368 allows a remote attacker to cause the application to access sensitive information.
OPC UA .NET Standard Reference Server versión 1.04.368, permite a un atacante remoto causar que la aplicación acceda a información confidencial.
This vulnerability allows remote attackers to disclose sensitive information on affected installations of OPC Foundation UA .NET Standard. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of OPC UA BrowseRequests. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose information in the context of the service.
*Credits:
Uri Katz of Claroty Research
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-06-17 CVE Reserved
- 2022-08-05 CVE Published
- 2024-08-03 CVE Updated
- 2024-09-18 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2022-33916.pdf | 2022-08-25 |
| URL | Date | SRC |
|---|---|---|
| https://opcfoundation.org | 2022-08-25 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Opcfoundation Search vendor "Opcfoundation" | Ua .net Standard Stack Search vendor "Opcfoundation" for product "Ua .net Standard Stack" | 1.04.368 Search vendor "Opcfoundation" for product "Ua .net Standard Stack" and version "1.04.368" | - |
Affected
| ||||||