Vulnerabilities > CVE-2020-8867 - Insufficient Session Expiration vulnerability in Opcfoundation Unified Architecture .Net-Standard

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

opcfoundation

CWE-613

NVD

Published: 2020-04-22

Updated: 2020-04-29

Summary

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard 1.04.358.30. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of sessions. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to create a denial-of-service condition against the application. Was ZDI-CAN-10295.

Vulnerable Configurations

Part	Description	Count
Application	Opcfoundation Opcfoundation Unified Architecture .Net Standard 1.03.350 Opcfoundation Unified Architecture .Net Standard 1.03.350.6 Opcfoundation Unified Architecture .Net Standard 1.03.351.7 Opcfoundation Unified Architecture .Net Standard 1.03.352.10 Opcfoundation Unified Architecture .Net Standard 1.03.352.12 Opcfoundation Unified Architecture .Net Standard 1.04.353.15 Opcfoundation Unified Architecture .Net Standard 1.04.354.23 Opcfoundation Unified Architecture .Net Standard 1.04.358.30	8

Common Weakness Enumeration (CWE)

CWE-613 - Insufficient Session Expiration

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References