Vulnerabilities > Opcfoundation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-21 | CVE-2021-45117 | NULL Pointer Dereference vulnerability in multiple products The OPC autogenerated ANSI C stack stubs (in the NodeSets) do not handle all error cases. | 6.5 |
| 2021-08-27 | CVE-2021-40142 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In OPC Foundation Local Discovery Server (LDS) before 1.04.402.463, remote attackers can cause a denial of service (DoS) by sending carefully crafted messages that lead to Access of a Memory Location After the End of a Buffer. | 7.5 |
| 2021-05-20 | CVE-2021-27432 | Unspecified vulnerability in Opcfoundation Ua-.Net-Legacy and UA .Net Standard Stack OPC Foundation UA .NET Standard versions prior to 1.4.365.48 and OPC UA .NET Legacy are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow. | 7.5 |
| 2021-02-16 | CVE-2020-29457 | Improper Certificate Validation vulnerability in Opcfoundation Ua-.Netstandard A Privilege Elevation vulnerability in OPC UA .NET Standard Stack 1.4.363.107 could allow a rogue application to establish a secure connection. | 4.4 |
| 2020-04-22 | CVE-2020-8867 | Insufficient Session Expiration vulnerability in Opcfoundation Unified Architecture .Net-Standard This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard 1.04.358.30. | 7.5 |
| 2020-03-16 | CVE-2019-19135 | Use of Insufficiently Random Values vulnerability in Opcfoundation Netstandard.Opc.Ua and Ua-.Netstandard In OPC Foundation OPC UA .NET Standard codebase 1.4.357.28, servers do not create sufficiently random numbers in OPCFoundation.NetStandard.Opc.Ua before 1.4.359.31, which allows man in the middle attackers to reuse encrypted user credentials sent over the network. | 7.4 |
| 2018-10-03 | CVE-2018-12087 | Improper Certificate Validation vulnerability in Opcfoundation Ua-.Net-Legacy and Ua-.Netstandard Failure to validate certificates in OPC Foundation UA Client Applications communicating without security allows attackers with control over a piece of network infrastructure to decrypt passwords. | 5.3 |
| 2018-09-14 | CVE-2018-12585 | XXE vulnerability in Opcfoundation Ua-.Net-Legacy and Ua-Java An XXE vulnerability in the OPC UA Java and .NET Legacy Stack can allow remote attackers to trigger a denial of service. | 8.2 |
| 2018-09-14 | CVE-2018-12086 | Out-of-bounds Write vulnerability in multiple products Buffer overflow in OPC UA applications allows remote attackers to trigger a stack overflow with carefully structured requests. | 7.5 |
| 2018-06-14 | CVE-2017-12070 | Improper Input Validation vulnerability in Opcfoundation Ua-.Net-Legacy 1.02.336.0 Unsigned versions of the DLLs distributed by the OPC Foundation may be replaced with malicious code. | 8.8 |