CVE-2023-31048
Description
The OPC UA .NET Standard Reference Server before 1.4.371.86. places sensitive information into an error message that may be seen remotely.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
The OPC UA .NET Standard Reference Server before 1.4.371.86 leaks sensitive information in error messages, potentially exposing it to remote attackers.
Vulnerability
Overview CVE-2023-31048 is an information disclosure vulnerability in the OPC UA .NET Standard Reference Server. The server includes sensitive information in error messages that are visible to remote clients. This issue exists in versions prior to 1.4.371.86. [1][3]
Attack
Vector An attacker can remotely trigger error conditions that cause the server to return error messages containing confidential data. No special privileges are required beyond the ability to connect to the OPC UA server. The vulnerability is exposed through the server's service calls, where error handling does not filter out sensitive details. [3][4]
Impact
Successful exploitation allows a remote attacker to obtain sensitive information from the server's error responses. This could include configuration details, internal state data, or other secrets that could aid further attacks against the system. The exact type of information exposed is not specified but is classified as sensitive. [1][2]
Mitigation
The vulnerability is fixed in version 1.4.371.86 of the OPC UA .NET Standard Reference Server. Users should update to this release or later. The fix was included in the "OPC UA 1.04 Maintenance Update" rollup. No workarounds are mentioned, so applying the update is recommended. [1][3]
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
OPCFoundation.NetStandard.Opc.Ua.CoreNuGet | < 1.4.371.86 | 1.4.371.86 |
OPCFoundation.NetStandard.Opc.Ua.ServerNuGet | < 1.4.371.86 | 1.4.371.86 |
Affected products
3- .NET/.NET Standard Reference Serverdescription
- ghsa-coords2 versions
< 1.4.371.86+ 1 more
- (no CPE)range: < 1.4.371.86
- (no CPE)range: < 1.4.371.86
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/advisories/GHSA-4cvp-hr63-822jghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-31048ghsaADVISORY
- files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2023-31048.pdfghsaWEB
- github.com/OPCFoundation/UA-.NETStandard/releases/tag/1.4.371.86ghsaWEB
- github.com/OPCFoundation/UA-.NETStandard/security/advisories/GHSA-4cvp-hr63-822jghsaWEB
News mentions
0No linked articles in our index yet.