Known Vulnerabilities for products from Opcfoundation
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Opcfoundation".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-32787 json | The OPC UA Legacy Java Stack before 6f176f2 enables an attacker to block OPC UA server applications via uncontrolled resource... | 7.5 - HIGH | 2023-05-15 | 2024-04-02 |
| CVE-2023-31048 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 5.3 - MEDIUM | 2023-12-12 | 2023-12-18 |
| CVE-2022-44725 json | OPC Foundation Local Discovery Server (LDS) through 1.04.403.478 uses a hard-coded file path to a configuration file. This al... | 7.8 - HIGH | 2022-11-17 | 2022-11-22 |
| CVE-2022-33916 json | OPC UA .NET Standard Reference Server 1.04.368 allows a remote attacker to cause the application to access sensitive informat... | 7.5 - HIGH | 2022-08-23 | 2022-08-25 |
| CVE-2022-30551 json | OPC UA Legacy Java Stack 2022-04-01 allows a remote attacker to cause a server to stop processing messages by sending crafted... | 7.5 - HIGH | 2022-05-20 | 2022-06-01 |
| CVE-2022-29866 json | OPC UA .NET Standard Stack 1.04.368 allows a remote attacker to exhaust the memory resources of a server via a crafted reques... | 7.5 - HIGH | 2022-06-16 | 2022-06-27 |
| CVE-2022-29865 json | OPC UA .NET Standard Stack allows a remote attacker to bypass the application authentication check via crafted fake credentia... | 7.5 - HIGH | 2022-06-16 | 2022-06-27 |
| CVE-2022-29864 json | OPC UA .NET Standard Stack 1.04.368 allows a remote attacker to cause a server to crash via a large number of messages that t... | 7.5 - HIGH | 2022-06-16 | 2022-06-27 |
| CVE-2022-29863 json | OPC UA .NET Standard Stack 1.04.368 allows remote attacker to cause a crash via a crafted message that triggers excessive mem... | 7.5 - HIGH | 2022-06-16 | 2022-06-27 |
| CVE-2022-29862 json | An infinite loop in OPC UA .NET Standard Stack 1.04.368 allows a remote attackers to cause the application to hang via a craf... | 7.5 - HIGH | 2022-06-16 | 2022-06-27 |
| CVE-2021-45117 json | The OPC autogenerated ANSI C stack stubs (in the NodeSets) do not handle all error cases. This can lead to a NULL pointer der... | 6.5 - MEDIUM | 2022-03-21 | 2022-09-03 |
| CVE-2021-40142 json | In OPC Foundation Local Discovery Server (LDS) before 1.04.402.463, remote attackers can cause a denial of service (DoS) by s... | 7.5 - HIGH | 2021-08-27 | 2022-09-03 |
| CVE-2021-27432 json | OPC Foundation UA .NET Standard versions prior to 1.4.365.48 and OPC UA .NET Legacy are vulnerable to an uncontrolled recursi... | 7.5 - HIGH | 2021-05-20 | 2021-06-01 |
| CVE-2020-29457 json | A Privilege Elevation vulnerability in OPC UA .NET Standard Stack 1.4.363.107 could allow a rogue application to establish a ... | 4.4 - MEDIUM | 2021-02-16 | 2021-03-26 |
| CVE-2020-8867 json | This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundatio... | 7.5 - HIGH | 2020-04-22 | 2020-04-29 |
| CVE-2019-19135 json | In OPC Foundation OPC UA .NET Standard codebase 1.4.357.28, servers do not create sufficiently random numbers in OPCFoundatio... | 7.4 - HIGH | 2020-03-16 | 2021-07-21 |
| CVE-2018-12585 json | An XXE vulnerability in the OPC UA Java and .NET Legacy Stack can allow remote attackers to trigger a denial of service. | 8.2 - HIGH | 2018-09-14 | 2018-11-27 |
| CVE-2018-12087 json | Failure to validate certificates in OPC Foundation UA Client Applications communicating without security allows attackers wit... | 5.3 - MEDIUM | 2018-10-03 | 2019-01-14 |
| CVE-2018-12086 json | Buffer overflow in OPC UA applications allows remote attackers to trigger a stack overflow with carefully structured requests... | 7.5 - HIGH | 2018-09-14 | 2020-08-24 |
| CVE-2018-7559 json | An issue was discovered in OPC UA .NET Standard Stack and Sample Code before GitHub commit 2018-04-12, and OPC UA .NET Legacy... | 5.3 - MEDIUM | 2018-06-13 | 2019-06-10 |
Known software with vulnerabilities from Opcfoundation
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Opcfoundation | Local Discovery Server | 1.03.355 |
| Application | Opcfoundation | Netstandard.opc.ua | 1.4.355.26 |
| Application | Opcfoundation | Ua-.net-legacy | 1.02.336 |
| Application | Opcfoundation | Ua-.netstandard | 1.03.350 |
| Application | Opcfoundation | Ua-java | 1.02.337.8 |
| Application | Opcfoundation | Unified Architecture-.net-legacy | 1.02.336 |
| Application | Opcfoundation | Unified Architecture-java | 1.02.337.8 |
| Application | Opcfoundation | Unified Architecture .net-standard | 1.03.350 |
| Application | Opcfoundation | Unified Architecture Ansic | 1.03.340 |