Vulnerabilities > Opcfoundation > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-22 | CVE-2020-8867 | Insufficient Session Expiration vulnerability in Opcfoundation Unified Architecture .Net-Standard This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard 1.04.358.30. | 5.0 |
| 2020-03-16 | CVE-2019-19135 | Insufficiently Protected Credentials vulnerability in Opcfoundation Netstandard.Opc.Ua and Ua-.Netstandard In OPC Foundation OPC UA .NET Standard codebase 1.4.357.28, servers do not create sufficiently random numbers in OPCFoundation.NetStandard.Opc.Ua before 1.4.359.31, which allows man in the middle attackers to reuse encrypted user credentials sent over the network. | 5.8 |
| 2018-09-14 | CVE-2018-12585 | XXE vulnerability in Opcfoundation Ua-.Net-Legacy and Ua-Java An XXE vulnerability in the OPC UA Java and .NET Legacy Stack can allow remote attackers to trigger a denial of service. | 6.4 |
| 2018-09-14 | CVE-2018-12086 | Out-of-bounds Write vulnerability in multiple products Buffer overflow in OPC UA applications allows remote attackers to trigger a stack overflow with carefully structured requests. | 5.0 |
| 2018-06-14 | CVE-2017-12070 | Improper Input Validation vulnerability in Opcfoundation Ua-.Net-Legacy 1.02.336.0 Unsigned versions of the DLLs distributed by the OPC Foundation may be replaced with malicious code. | 6.8 |
| 2018-06-13 | CVE-2017-17443 | Improper Input Validation vulnerability in Opcfoundation Local Discovery Server 1.03.370 OPC Foundation Local Discovery Server (LDS) 1.03.370 required a security update to resolve multiple vulnerabilities that allow attackers to trigger a crash by placing invalid data into the configuration file. | 4.0 |