Opcfoundation

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-42513 1Opcfoundation 1Ua .net Standard Stack Oct 2, 2025 Feb 10, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Vulnerability in the OPC UA .NET Standard Stack before 1.5.374.158 allows an unauthorized attacker to bypass application authentication when using HTTPS endpoints.
CVE-2024-42512 1Opcfoundation 1Ua .net Standard Stack Sep 29, 2025 Feb 10, 2025 N/A· v4 8.6 HIGH· v3 N/A· v2 Vulnerability in the OPC UA .NET Standard Stack before 1.5.374.158 allows an unauthorized attacker to bypass application authentication when the deprecated Basic128Rsa15 security policy is enabled.
CVE-2023-27321 1Opcfoundation 1Ua .netstandard Aug 14, 2025 May 7, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 OPC Foundation UA .NET Standard ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Fo...Show more OPC Foundation UA .NET Standard ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20505.Show less
CVE-2023-31048 1Opcfoundation 1Ua .netstandard Nov 21, 2024 Dec 12, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 The OPC UA .NET Standard Reference Server before 1.4.371.86. places sensitive information into an error message that may be seen remotely.
CVE-2023-32787 2Opcfoundation Prosysopc 4Ua Historian Ua Java LegacyUa Modbus Server+1 more Nov 21, 2024 May 15, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 The OPC UA Legacy Java Stack before 6f176f2 enables an attacker to block OPC UA server applications via uncontrolled resource consumption so that they can no longer serve client applications.
CVE-2022-44725 1Opcfoundation 1Local Discovery Server Apr 29, 2025 Nov 17, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 OPC Foundation Local Discovery Server (LDS) through 1.04.403.478 uses a hard-coded file path to a configuration file. This allows a normal user to create a malicious file that is loaded by LDS (running as a high-privileg...Show more OPC Foundation Local Discovery Server (LDS) through 1.04.403.478 uses a hard-coded file path to a configuration file. This allows a normal user to create a malicious file that is loaded by LDS (running as a high-privilege user).Show less
CVE-2022-33916 1Opcfoundation 1Ua .net Standard Stack Nov 21, 2024 Aug 23, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 OPC UA .NET Standard Reference Server 1.04.368 allows a remote attacker to cause the application to access sensitive information.
CVE-2022-29866 1Opcfoundation 1Ua .net Standard Stack Nov 21, 2024 Jun 16, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 OPC UA .NET Standard Stack 1.04.368 allows a remote attacker to exhaust the memory resources of a server via a crafted request that triggers Uncontrolled Resource Consumption.
CVE-2022-29864 1Opcfoundation 1Ua .net Standard Stack Nov 21, 2024 Jun 16, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 OPC UA .NET Standard Stack 1.04.368 allows a remote attacker to cause a server to crash via a large number of messages that trigger Uncontrolled Resource Consumption.
CVE-2022-29863 1Opcfoundation 1Ua .net Standard Stack Nov 21, 2024 Jun 16, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 OPC UA .NET Standard Stack 1.04.368 allows remote attacker to cause a crash via a crafted message that triggers excessive memory allocation.
CVE-2022-29865 1Opcfoundation 1Ua .net Standard Stack Nov 21, 2024 Jun 16, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 OPC UA .NET Standard Stack allows a remote attacker to bypass the application authentication check via crafted fake credentials.
CVE-2022-29862 1Opcfoundation 1Ua .net Standard Stack Nov 21, 2024 Jun 16, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An infinite loop in OPC UA .NET Standard Stack 1.04.368 allows a remote attackers to cause the application to hang via a crafted message.
CVE-2022-30551 1Opcfoundation 1Ua Java Nov 21, 2024 May 20, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 OPC UA Legacy Java Stack 2022-04-01 allows a remote attacker to cause a server to stop processing messages by sending crafted messages that exhaust available resources.
CVE-2021-45117 2Opcfoundation Siemens 4Simatic Net Pc Sitop ManagerTelecontrol Server Basic+1 more Nov 21, 2024 Mar 21, 2022 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 The OPC autogenerated ANSI C stack stubs (in the NodeSets) do not handle all error cases. This can lead to a NULL pointer dereference.
CVE-2021-40142 2Opcfoundation Siemens 7Local Discover Server Simatic Net PcSimatic Process Historian Opc Ua Server Firmware+4 more Nov 21, 2024 Aug 27, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In OPC Foundation Local Discovery Server (LDS) before 1.04.402.463, remote attackers can cause a denial of service (DoS) by sending carefully crafted messages that lead to Access of a Memory Location After the End of a B...Show more In OPC Foundation Local Discovery Server (LDS) before 1.04.402.463, remote attackers can cause a denial of service (DoS) by sending carefully crafted messages that lead to Access of a Memory Location After the End of a Buffer.Show less
CVE-2021-27432 1Opcfoundation 2Ua .net Legacy Ua .net Standard Stack Nov 21, 2024 May 20, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 OPC Foundation UA .NET Standard versions prior to 1.4.365.48 and OPC UA .NET Legacy are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow.
CVE-2020-29457 1Opcfoundation 1Ua .netstandard Nov 21, 2024 Feb 16, 2021 N/A· v4 4.4 MEDIUM· v3 2.1 LOW· v2 A Privilege Elevation vulnerability in OPC UA .NET Standard Stack 1.4.363.107 could allow a rogue application to establish a secure connection.
CVE-2020-8867 1Opcfoundation 1Unified Architecture .net Standard Nov 21, 2024 Apr 22, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard 1.04.358.30. Authentication is not required to exploit this vulnerability. T...Show more This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard 1.04.358.30. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of sessions. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to create a denial-of-service condition against the application. Was ZDI-CAN-10295.Show less
CVE-2019-19135 1Opcfoundation 2Netstandard.opc.ua Ua .netstandard Nov 21, 2024 Mar 16, 2020 N/A· v4 7.4 HIGH· v3 5.8 MEDIUM· v2 In OPC Foundation OPC UA .NET Standard codebase 1.4.357.28, servers do not create sufficiently random numbers in OPCFoundation.NetStandard.Opc.Ua before 1.4.359.31, which allows man in the middle attackers to reuse encry...Show more In OPC Foundation OPC UA .NET Standard codebase 1.4.357.28, servers do not create sufficiently random numbers in OPCFoundation.NetStandard.Opc.Ua before 1.4.359.31, which allows man in the middle attackers to reuse encrypted user credentials sent over the network.Show less
CVE-2018-12087 1Opcfoundation 2Ua .net Legacy Ua .netstandard Nov 21, 2024 Oct 3, 2018 N/A· v4 5.3 MEDIUM· v3 2.1 LOW· v2 Failure to validate certificates in OPC Foundation UA Client Applications communicating without security allows attackers with control over a piece of network infrastructure to decrypt passwords.

12 Next