Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-veh9-tpze-yyd1
Vulnerability ID VCID-veh9-tpze-yyd1
Aliases CVE-2022-33916
GHSA-mw9h-hcp7-fgc6
Summary Exposure of Sensitive Information in OPCFoundation.NetStandard.Opc.Ua.Server OPC UA .NET Standard Reference Server 1.04.368 allows a remote attacker to cause the application to access sensitive information.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00327 https://api.first.org/data/v1/epss?cve=CVE-2022-33916
epss 0.00327 https://api.first.org/data/v1/epss?cve=CVE-2022-33916
epss 0.00327 https://api.first.org/data/v1/epss?cve=CVE-2022-33916
epss 0.00327 https://api.first.org/data/v1/epss?cve=CVE-2022-33916
epss 0.00327 https://api.first.org/data/v1/epss?cve=CVE-2022-33916
epss 0.00327 https://api.first.org/data/v1/epss?cve=CVE-2022-33916
epss 0.00327 https://api.first.org/data/v1/epss?cve=CVE-2022-33916
epss 0.00327 https://api.first.org/data/v1/epss?cve=CVE-2022-33916
epss 0.00327 https://api.first.org/data/v1/epss?cve=CVE-2022-33916
epss 0.00327 https://api.first.org/data/v1/epss?cve=CVE-2022-33916
epss 0.00327 https://api.first.org/data/v1/epss?cve=CVE-2022-33916
epss 0.00327 https://api.first.org/data/v1/epss?cve=CVE-2022-33916
epss 0.00327 https://api.first.org/data/v1/epss?cve=CVE-2022-33916
epss 0.00327 https://api.first.org/data/v1/epss?cve=CVE-2022-33916
cvssv3.1 5.3 https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2022-33916.pdf
generic_textual MODERATE https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2022-33916.pdf
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-mw9h-hcp7-fgc6
cvssv3.1 5.3 https://github.com/OPCFoundation/UA-.NETStandard
generic_textual MODERATE https://github.com/OPCFoundation/UA-.NETStandard
cvssv3.1 5.3 https://github.com/OPCFoundation/UA-.NETStandard/commit/313aa2a2499d8690cf719a67176e131517bb8b78
generic_textual MODERATE https://github.com/OPCFoundation/UA-.NETStandard/commit/313aa2a2499d8690cf719a67176e131517bb8b78
cvssv3.1 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-33916
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2022-33916
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2022-33916
https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2022-33916.pdf
https://github.com/OPCFoundation/UA-.NETStandard
https://github.com/OPCFoundation/UA-.NETStandard/commit/313aa2a2499d8690cf719a67176e131517bb8b78
https://nvd.nist.gov/vuln/detail/CVE-2022-33916
https://opcfoundation.org
GHSA-mw9h-hcp7-fgc6 https://github.com/advisories/GHSA-mw9h-hcp7-fgc6
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2022-33916.pdf
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/OPCFoundation/UA-.NETStandard
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/OPCFoundation/UA-.NETStandard/commit/313aa2a2499d8690cf719a67176e131517bb8b78
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-33916
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.55618
EPSS Score 0.00327
Published At April 2, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:06:44.690797+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/08/GHSA-mw9h-hcp7-fgc6/GHSA-mw9h-hcp7-fgc6.json 38.0.0