Opcfoundation
Products
11- 5 CVEs
- 5 CVEs
- 2 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 0 CVEs
- 0 CVEs
- 0 CVEs
- 0 CVEs
- 0 CVEs
Recent CVEs
13| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-12070 | Hig | 0.57 | 8.8 | 0.01 | Jun 14, 2018 | Unsigned versions of the DLLs distributed by the OPC Foundation may be replaced with malicious code. | ||
| CVE-2017-12069 | Hig | 0.54 | 8.2 | 0.03 | Aug 30, 2017 | An XXE vulnerability has been identified in OPC Foundation UA .NET Sample Code before 2017-03-21 and Local Discovery Server (LDS) before 1.03.367. Among the affected products are Siemens SIMATIC PCS7 (All versions V8.1 and earlier), SIMATIC WinCC (All versions < V7.4 SP1),… | ||
| CVE-2018-12585 | Hig | 0.53 | 8.2 | 0.02 | Sep 14, 2018 | An XXE vulnerability in the OPC UA Java and .NET Legacy Stack can allow remote attackers to trigger a denial of service. | ||
| CVE-2017-11672 | Hig | 0.51 | 7.8 | 0.00 | Jun 13, 2018 | The OPC Foundation Local Discovery Server (LDS) before 1.03.367 is installed as a Windows Service without adding double quotes around the opcualds.exe executable path, which might allow local users to gain privileges. | ||
| CVE-2024-33862 | Hig | 0.42 | 7.5 | 0.01 | Jul 5, 2024 | A buffer-management vulnerability in OPC Foundation OPCFoundation.NetStandard.Opc.Ua.Core before 1.05.374.54 could allow remote attackers to exhaust memory resources. It is triggered when the system receives an excessive number of messages from a remote source. This could… | ||
| CVE-2017-17443 | Med | 0.42 | 6.5 | 0.01 | Jun 13, 2018 | OPC Foundation Local Discovery Server (LDS) 1.03.370 required a security update to resolve multiple vulnerabilities that allow attackers to trigger a crash by placing invalid data into the configuration file. This vulnerability requires an attacker with access to the file system… | ||
| CVE-2024-45526 | Med | 0.34 | 5.3 | 0.00 | Oct 22, 2024 | An issue was discovered in OPC Foundation OPCFoundation/UA-.NETStandard through 1.5.374.78. A remote attacker can send requests with invalid credentials and cause the server performance to degrade gradually. | ||
| CVE-2023-27321 | 0.00 | — | 0.01 | May 7, 2024 | OPC Foundation UA .NET Standard ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard. Authentication is not required… | |||
| CVE-2022-44725 | 0.00 | — | 0.00 | Nov 17, 2022 | OPC Foundation Local Discovery Server (LDS) through 1.04.403.478 uses a hard-coded file path to a configuration file. This allows a normal user to create a malicious file that is loaded by LDS (running as a high-privilege user). | |||
| CVE-2021-40142 | 0.00 | — | 0.03 | Aug 27, 2021 | In OPC Foundation Local Discovery Server (LDS) before 1.04.402.463, remote attackers can cause a denial of service (DoS) by sending carefully crafted messages that lead to Access of a Memory Location After the End of a Buffer. | |||
| CVE-2021-27432 | 0.00 | — | 0.02 | May 20, 2021 | OPC Foundation UA .NET Standard versions prior to 1.4.365.48 and OPC UA .NET Legacy are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow. | |||
| CVE-2021-27434 | 0.00 | — | 0.02 | May 20, 2021 | Products with Unified Automation .NET based OPC UA Client/Server SDK Bundle: Versions V3.0.7 and prior (.NET 4.5, 4.0, and 3.5 Framework versions only) are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow. | |||
| CVE-2020-8867 | 0.00 | — | 0.03 | Apr 22, 2020 | This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard 1.04.358.30. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of sessions.… |
- risk 0.57cvss 8.8epss 0.01
Unsigned versions of the DLLs distributed by the OPC Foundation may be replaced with malicious code.
- risk 0.54cvss 8.2epss 0.03
An XXE vulnerability has been identified in OPC Foundation UA .NET Sample Code before 2017-03-21 and Local Discovery Server (LDS) before 1.03.367. Among the affected products are Siemens SIMATIC PCS7 (All versions V8.1 and earlier), SIMATIC WinCC (All versions < V7.4 SP1),…
- risk 0.53cvss 8.2epss 0.02
An XXE vulnerability in the OPC UA Java and .NET Legacy Stack can allow remote attackers to trigger a denial of service.
- risk 0.51cvss 7.8epss 0.00
The OPC Foundation Local Discovery Server (LDS) before 1.03.367 is installed as a Windows Service without adding double quotes around the opcualds.exe executable path, which might allow local users to gain privileges.
- risk 0.42cvss 7.5epss 0.01
A buffer-management vulnerability in OPC Foundation OPCFoundation.NetStandard.Opc.Ua.Core before 1.05.374.54 could allow remote attackers to exhaust memory resources. It is triggered when the system receives an excessive number of messages from a remote source. This could…
- risk 0.42cvss 6.5epss 0.01
OPC Foundation Local Discovery Server (LDS) 1.03.370 required a security update to resolve multiple vulnerabilities that allow attackers to trigger a crash by placing invalid data into the configuration file. This vulnerability requires an attacker with access to the file system…
- risk 0.34cvss 5.3epss 0.00
An issue was discovered in OPC Foundation OPCFoundation/UA-.NETStandard through 1.5.374.78. A remote attacker can send requests with invalid credentials and cause the server performance to degrade gradually.
- CVE-2023-27321May 7, 2024risk 0.00cvss —epss 0.01
OPC Foundation UA .NET Standard ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard. Authentication is not required…
- CVE-2022-44725Nov 17, 2022risk 0.00cvss —epss 0.00
OPC Foundation Local Discovery Server (LDS) through 1.04.403.478 uses a hard-coded file path to a configuration file. This allows a normal user to create a malicious file that is loaded by LDS (running as a high-privilege user).
- CVE-2021-40142Aug 27, 2021risk 0.00cvss —epss 0.03
In OPC Foundation Local Discovery Server (LDS) before 1.04.402.463, remote attackers can cause a denial of service (DoS) by sending carefully crafted messages that lead to Access of a Memory Location After the End of a Buffer.
- CVE-2021-27432May 20, 2021risk 0.00cvss —epss 0.02
OPC Foundation UA .NET Standard versions prior to 1.4.365.48 and OPC UA .NET Legacy are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow.
- CVE-2021-27434May 20, 2021risk 0.00cvss —epss 0.02
Products with Unified Automation .NET based OPC UA Client/Server SDK Bundle: Versions V3.0.7 and prior (.NET 4.5, 4.0, and 3.5 Framework versions only) are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow.
- CVE-2020-8867Apr 22, 2020risk 0.00cvss —epss 0.03
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard 1.04.358.30. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of sessions.…