VYPR
Vendor

Opcfoundation

Products
11
CVEs
13
Across products
16
Status
Private

Products

11

Recent CVEs

13
  • CVE-2017-12070HigJun 14, 2018
    risk 0.57cvss 8.8epss 0.01

    Unsigned versions of the DLLs distributed by the OPC Foundation may be replaced with malicious code.

  • CVE-2017-12069HigAug 30, 2017
    risk 0.54cvss 8.2epss 0.03

    An XXE vulnerability has been identified in OPC Foundation UA .NET Sample Code before 2017-03-21 and Local Discovery Server (LDS) before 1.03.367. Among the affected products are Siemens SIMATIC PCS7 (All versions V8.1 and earlier), SIMATIC WinCC (All versions < V7.4 SP1),…

  • CVE-2018-12585HigSep 14, 2018
    risk 0.53cvss 8.2epss 0.02

    An XXE vulnerability in the OPC UA Java and .NET Legacy Stack can allow remote attackers to trigger a denial of service.

  • CVE-2017-11672HigJun 13, 2018
    risk 0.51cvss 7.8epss 0.00

    The OPC Foundation Local Discovery Server (LDS) before 1.03.367 is installed as a Windows Service without adding double quotes around the opcualds.exe executable path, which might allow local users to gain privileges.

  • CVE-2024-33862HigJul 5, 2024
    risk 0.42cvss 7.5epss 0.01

    A buffer-management vulnerability in OPC Foundation OPCFoundation.NetStandard.Opc.Ua.Core before 1.05.374.54 could allow remote attackers to exhaust memory resources. It is triggered when the system receives an excessive number of messages from a remote source. This could…

  • CVE-2017-17443MedJun 13, 2018
    risk 0.42cvss 6.5epss 0.01

    OPC Foundation Local Discovery Server (LDS) 1.03.370 required a security update to resolve multiple vulnerabilities that allow attackers to trigger a crash by placing invalid data into the configuration file. This vulnerability requires an attacker with access to the file system…

  • CVE-2024-45526MedOct 22, 2024
    risk 0.34cvss 5.3epss 0.00

    An issue was discovered in OPC Foundation OPCFoundation/UA-.NETStandard through 1.5.374.78. A remote attacker can send requests with invalid credentials and cause the server performance to degrade gradually.

  • CVE-2023-27321May 7, 2024
    risk 0.00cvss epss 0.01

    OPC Foundation UA .NET Standard ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard. Authentication is not required…

  • CVE-2022-44725Nov 17, 2022
    risk 0.00cvss epss 0.00

    OPC Foundation Local Discovery Server (LDS) through 1.04.403.478 uses a hard-coded file path to a configuration file. This allows a normal user to create a malicious file that is loaded by LDS (running as a high-privilege user).

  • CVE-2021-40142Aug 27, 2021
    risk 0.00cvss epss 0.03

    In OPC Foundation Local Discovery Server (LDS) before 1.04.402.463, remote attackers can cause a denial of service (DoS) by sending carefully crafted messages that lead to Access of a Memory Location After the End of a Buffer.

  • CVE-2021-27432May 20, 2021
    risk 0.00cvss epss 0.02

    OPC Foundation UA .NET Standard versions prior to 1.4.365.48 and OPC UA .NET Legacy are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow.

  • CVE-2021-27434May 20, 2021
    risk 0.00cvss epss 0.02

    Products with Unified Automation .NET based OPC UA Client/Server SDK Bundle: Versions V3.0.7 and prior (.NET 4.5, 4.0, and 3.5 Framework versions only) are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow.

  • CVE-2020-8867Apr 22, 2020
    risk 0.00cvss epss 0.03

    This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard 1.04.358.30. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of sessions.…