Denial of Service (DoS)

Vulnerability

All versions of the freeopcua OPC UA library are vulnerable to a Denial of Service (DoS) attack via excessive memory consumption. The vulnerability occurs when an attacker sends multiple CloseSession requests with the deleteSubscription parameter set to False. This bypasses the intended memory consumption limitations, leading to unbounded memory allocation. [1][2]

Exploitation

An attacker with network access to a vulnerable freeopcua server can exploit this vulnerability by sending a series of crafted CloseSession requests. No authentication or special privileges are required. The attacker simply needs to send multiple requests with deleteSubscription=False, causing the server to allocate memory for each request without proper cleanup. [1]

Impact

Successful exploitation results in memory exhaustion on the server, leading to a Denial of Service (DoS). The server becomes unresponsive, disrupting legitimate OPC UA communications and potentially affecting industrial control systems relying on the library. [1]

Mitigation

As of the publication date, no fixed version of freeopcua is available. The vendor has been notified [2]. Administrators should consider implementing network-level restrictions, such as rate limiting or filtering of excessive CloseSession requests, and monitor memory usage on affected systems. If possible, switching to an alternative OPC UA library may be advisable. [1]