CVE-2022-29865

Vulnerability

Overview

The OPC UA .NET Standard Stack, an OPC Foundation reference implementation for OPC Unified Architecture on .NET platforms, contains an authentication bypass vulnerability tracked as CVE-2022-29865. The flaw lies in the incorrect implementation of the authentication algorithm, which allows a remote attacker to craft fake credentials that bypass the application's authentication check entirely [1][3][4].

Exploitation and

Attack Surface

This vulnerability can be exploited remotely over the network, requiring no prior authentication or user interaction. The attack targets the UA-TCP or HTTPS transport layers used by OPC UA applications built on the affected .NET Standard Stack. An attacker with network access to an OPC UA server can send specially crafted authentication tokens that the stack incorrectly validates as legitimate [2][4].

Impact

Successful exploitation grants the attacker unauthorized access to the OPC UA server, bypassing all configured application-level authentication mechanisms. This could allow the attacker to read or manipulate process data, issue commands to industrial control systems, or disrupt operations, depending on the server's configuration and the privileges associated with the bypassed authentication [3][4].

Mitigation

Status

The OPC Foundation released a security bulletin and the project maintainers have addressed the issue in subsequent versions of the UA-.NETStandard Stack. Users are advised to update to the patched version as recommended in the official advisory. No workarounds are currently documented, and the vulnerability is not yet known to be exploited in the wild [3][4].