{"url":"http://public2.vulnerablecode.io/api/packages/144105?format=json","purl":"pkg:nuget/OPCFoundation.NetStandard.Opc.Ua.Core@1.4.368.53","type":"nuget","namespace":"","name":"OPCFoundation.NetStandard.Opc.Ua.Core","version":"1.4.368.53","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.5.374.158","latest_non_vulnerable_version":"1.5.374.158","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11790?format=json","vulnerability_id":"VCID-53xw-2jd2-pugg","summary":"Security Update for the OPC UA .NET Standard Stack\nThis security update resolves a vulnerability in the OPC UA .NET Standard Stack that allows an\nunauthorized attacker to trigger a gradual degradation in performance.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45526","reference_id":"","reference_type":"","scores":[{"value":"0.00341","scoring_system":"epss","scoring_elements":"0.56746","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00341","scoring_system":"epss","scoring_elements":"0.56783","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00341","scoring_system":"epss","scoring_elements":"0.56835","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00341","scoring_system":"epss","scoring_elements":"0.56839","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00341","scoring_system":"epss","scoring_elements":"0.56847","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00341","scoring_system":"epss","scoring_elements":"0.56824","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00341","scoring_system":"epss","scoring_elements":"0.56803","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00341","scoring_system":"epss","scoring_elements":"0.56834","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00341","scoring_system":"epss","scoring_elements":"0.56831","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00341","scoring_system":"epss","scoring_elements":"0.56806","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00341","scoring_system":"epss","scoring_elements":"0.56745","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00341","scoring_system":"epss","scoring_elements":"0.56763","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00341","scoring_system":"epss","scoring_elements":"0.56786","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00341","scoring_system":"epss","scoring_elements":"0.56807","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45526"},{"reference_url":"https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2024-45526.pdf","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-23T18:30:02Z/"}],"url":"https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2024-45526.pdf"},{"reference_url":"https://github.com/OPCFoundation/UA-.NETStandard","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OPCFoundation/UA-.NETStandard"},{"reference_url":"https://github.com/OPCFoundation/UA-.NETStandard/security/advisories/GHSA-7vfh-cqpc-4267","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OPCFoundation/UA-.NETStandard/security/advisories/GHSA-7vfh-cqpc-4267"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45526","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45526"},{"reference_url":"https://github.com/advisories/GHSA-7vfh-cqpc-4267","reference_id":"GHSA-7vfh-cqpc-4267","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7vfh-cqpc-4267"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/42284?format=json","purl":"pkg:nuget/OPCFoundation.NetStandard.Opc.Ua.Core@1.5.374.118","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ue5w-bjqp-9kfc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/OPCFoundation.NetStandard.Opc.Ua.Core@1.5.374.118"}],"aliases":["CVE-2024-45526","GHSA-7vfh-cqpc-4267"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-53xw-2jd2-pugg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54181?format=json","vulnerability_id":"VCID-9sgb-7afy-dbgm","summary":"Security Update for the OPC UA .NET Standard Stack\nA vulnerability was discovered in OPC UA .NET Standard Stack that allows a malicious client or server to cause a peer to hang with a carefully crafted message sent during secure channel creation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29862","reference_id":"","reference_type":"","scores":[{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.74164","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.74038","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.74071","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.74086","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.74107","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.74089","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.74083","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.74121","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.7413","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.74156","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.74165","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.74041","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.74067","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29862"},{"reference_url":"https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2022-29862.pdf","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2022-29862.pdf"},{"reference_url":"https://github.com/OPCFoundation/UA-.NETStandard","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OPCFoundation/UA-.NETStandard"},{"reference_url":"https://github.com/OPCFoundation/UA-.NETStandard/security/advisories/GHSA-5q2v-6j86-5h9v","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OPCFoundation/UA-.NETStandard/security/advisories/GHSA-5q2v-6j86-5h9v"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-29862","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-29862"},{"reference_url":"https://github.com/advisories/GHSA-5q2v-6j86-5h9v","reference_id":"GHSA-5q2v-6j86-5h9v","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5q2v-6j86-5h9v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/81565?format=json","purl":"pkg:nuget/OPCFoundation.NetStandard.Opc.Ua.Core@1.4.368.58","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-53xw-2jd2-pugg"},{"vulnerability":"VCID-pmtm-p8gm-xkcp"},{"vulnerability":"VCID-ue5w-bjqp-9kfc"},{"vulnerability":"VCID-ur54-987z-5ue5"},{"vulnerability":"VCID-wbtc-7rp8-1qbq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/OPCFoundation.NetStandard.Opc.Ua.Core@1.4.368.58"}],"aliases":["CVE-2022-29862","GHSA-5q2v-6j86-5h9v"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9sgb-7afy-dbgm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54146?format=json","vulnerability_id":"VCID-a85p-s3vr-w3ht","summary":"Memory Allocation with Excessive Size Value in OPCFoundation.NetStandard.Opc.Ua.Core\nA vulnerability was discovered in the OPC UA .NET Standard Stack that allows a malicious client to cause a server to trigger an out of memory exception with a carefully crafted message.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29863","reference_id":"","reference_type":"","scores":[{"value":"0.00628","scoring_system":"epss","scoring_elements":"0.7032","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00628","scoring_system":"epss","scoring_elements":"0.7022","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00628","scoring_system":"epss","scoring_elements":"0.70235","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00628","scoring_system":"epss","scoring_elements":"0.70258","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00628","scoring_system":"epss","scoring_elements":"0.70243","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00628","scoring_system":"epss","scoring_elements":"0.7023","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00628","scoring_system":"epss","scoring_elements":"0.70272","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00628","scoring_system":"epss","scoring_elements":"0.70281","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00628","scoring_system":"epss","scoring_elements":"0.70261","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00628","scoring_system":"epss","scoring_elements":"0.70314","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00628","scoring_system":"epss","scoring_elements":"0.70322","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00628","scoring_system":"epss","scoring_elements":"0.7018","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00628","scoring_system":"epss","scoring_elements":"0.70196","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00628","scoring_system":"epss","scoring_elements":"0.70173","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29863"},{"reference_url":"https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2022-29863.pdf","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2022-29863.pdf"},{"reference_url":"https://github.com/OPCFoundation/UA-.NETStandard","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OPCFoundation/UA-.NETStandard"},{"reference_url":"https://github.com/OPCFoundation/UA-.NETStandard/security/advisories/GHSA-r7pq-3x6p-7jcm","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OPCFoundation/UA-.NETStandard/security/advisories/GHSA-r7pq-3x6p-7jcm"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-29863","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-29863"},{"reference_url":"https://github.com/advisories/GHSA-r7pq-3x6p-7jcm","reference_id":"GHSA-r7pq-3x6p-7jcm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r7pq-3x6p-7jcm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/81565?format=json","purl":"pkg:nuget/OPCFoundation.NetStandard.Opc.Ua.Core@1.4.368.58","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-53xw-2jd2-pugg"},{"vulnerability":"VCID-pmtm-p8gm-xkcp"},{"vulnerability":"VCID-ue5w-bjqp-9kfc"},{"vulnerability":"VCID-ur54-987z-5ue5"},{"vulnerability":"VCID-wbtc-7rp8-1qbq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/OPCFoundation.NetStandard.Opc.Ua.Core@1.4.368.58"}],"aliases":["CVE-2022-29863","GHSA-r7pq-3x6p-7jcm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a85p-s3vr-w3ht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54142?format=json","vulnerability_id":"VCID-c3w3-gqx4-67cd","summary":"Uncontrolled Resource Consumption in OPCFoundation.NetStandard.Opc.Ua.Core\nA vulnerability was discovered in the OPC UA .NET Standard Stack that allows a malicious client to cause a server to trigger an out of memory exception by sending a large number of message chunks.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29864","reference_id":"","reference_type":"","scores":[{"value":"0.01245","scoring_system":"epss","scoring_elements":"0.79245","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01245","scoring_system":"epss","scoring_elements":"0.7927","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01391","scoring_system":"epss","scoring_elements":"0.80449","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01391","scoring_system":"epss","scoring_elements":"0.80356","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01391","scoring_system":"epss","scoring_elements":"0.80367","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01391","scoring_system":"epss","scoring_elements":"0.80385","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01391","scoring_system":"epss","scoring_elements":"0.8037","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01391","scoring_system":"epss","scoring_elements":"0.80364","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01391","scoring_system":"epss","scoring_elements":"0.80393","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01391","scoring_system":"epss","scoring_elements":"0.80395","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01391","scoring_system":"epss","scoring_elements":"0.80399","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01391","scoring_system":"epss","scoring_elements":"0.80425","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01391","scoring_system":"epss","scoring_elements":"0.80432","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01391","scoring_system":"epss","scoring_elements":"0.80327","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29864"},{"reference_url":"https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2022-29864.pdf","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2022-29864.pdf"},{"reference_url":"https://github.com/OPCFoundation/UA-.NETStandard","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OPCFoundation/UA-.NETStandard"},{"reference_url":"https://github.com/OPCFoundation/UA-.NETStandard/security/advisories/GHSA-vhfw-v69p-crcw","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OPCFoundation/UA-.NETStandard/security/advisories/GHSA-vhfw-v69p-crcw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-29864","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-29864"},{"reference_url":"https://github.com/advisories/GHSA-vhfw-v69p-crcw","reference_id":"GHSA-vhfw-v69p-crcw","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vhfw-v69p-crcw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/81565?format=json","purl":"pkg:nuget/OPCFoundation.NetStandard.Opc.Ua.Core@1.4.368.58","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-53xw-2jd2-pugg"},{"vulnerability":"VCID-pmtm-p8gm-xkcp"},{"vulnerability":"VCID-ue5w-bjqp-9kfc"},{"vulnerability":"VCID-ur54-987z-5ue5"},{"vulnerability":"VCID-wbtc-7rp8-1qbq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/OPCFoundation.NetStandard.Opc.Ua.Core@1.4.368.58"}],"aliases":["CVE-2022-29864","GHSA-vhfw-v69p-crcw"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c3w3-gqx4-67cd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11852?format=json","vulnerability_id":"VCID-pmtm-p8gm-xkcp","summary":"Security Update for the OPC UA .NET Standard Stack\nThis security update resolves a vulnerability in the OPC UA .NET Standard Stack that enables an unauthorized attacker to trigger a rapid increase in memory consumption.","references":[{"reference_url":"https://github.com/OPCFoundation/UA-.NETStandard","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OPCFoundation/UA-.NETStandard"},{"reference_url":"https://github.com/OPCFoundation/UA-.NETStandard/security/advisories/GHSA-qm9f-c3v9-wphv","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OPCFoundation/UA-.NETStandard/security/advisories/GHSA-qm9f-c3v9-wphv"},{"reference_url":"https://github.com/advisories/GHSA-qm9f-c3v9-wphv","reference_id":"GHSA-qm9f-c3v9-wphv","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qm9f-c3v9-wphv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/42424?format=json","purl":"pkg:nuget/OPCFoundation.NetStandard.Opc.Ua.Core@1.5.374.54","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-53xw-2jd2-pugg"},{"vulnerability":"VCID-ue5w-bjqp-9kfc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/OPCFoundation.NetStandard.Opc.Ua.Core@1.5.374.54"}],"aliases":["GHSA-qm9f-c3v9-wphv"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pmtm-p8gm-xkcp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/29197?format=json","vulnerability_id":"VCID-ue5w-bjqp-9kfc","summary":"Security Update for the OPC UA .NET Standard Stack\nThis security update resolves a vulnerability in the OPC UA .NET Standard Stack that allows an unauthorized attacker to bypass application authentication when the deprecated Basic128Rsa15 security policy is enabled.\n\nNote that the Basic128Rsa15 is disabled by default so most users will not be affected. When this patch is applied the Server closes all channels using the Basic128Rsa15 if an attack is detected. This introduces a DoS before any compromise can occur which is preferable to a compromise. To prevent this failure, applications must stop using Basic128Rsa15.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-42512","reference_id":"","reference_type":"","scores":[{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10146","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10168","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10068","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10125","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13759","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13932","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.1371","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13734","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13817","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13867","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13796","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13618","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13622","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13875","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-42512"},{"reference_url":"https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2024-42512.pdf","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-11T14:49:03Z/"}],"url":"https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2024-42512.pdf"},{"reference_url":"https://github.com/OPCFoundation/UA-.NETStandard","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OPCFoundation/UA-.NETStandard"},{"reference_url":"https://github.com/OPCFoundation/UA-.NETStandard/commit/3543d0292556691f681e39145e2de4526b90487d","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OPCFoundation/UA-.NETStandard/commit/3543d0292556691f681e39145e2de4526b90487d"},{"reference_url":"https://github.com/OPCFoundation/UA-.NETStandard/security/advisories/GHSA-h958-fxgg-g7w3","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OPCFoundation/UA-.NETStandard/security/advisories/GHSA-h958-fxgg-g7w3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-42512","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-42512"},{"reference_url":"https://github.com/advisories/GHSA-h958-fxgg-g7w3","reference_id":"GHSA-h958-fxgg-g7w3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h958-fxgg-g7w3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/70067?format=json","purl":"pkg:nuget/OPCFoundation.NetStandard.Opc.Ua.Core@1.5.374.158","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/OPCFoundation.NetStandard.Opc.Ua.Core@1.5.374.158"}],"aliases":["CVE-2024-42512","GHSA-h958-fxgg-g7w3"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ue5w-bjqp-9kfc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17790?format=json","vulnerability_id":"VCID-ur54-987z-5ue5","summary":"OPCFoundation.NetStandard.Opc.Ua.Core buffer-management vulnerability\nA buffer-management vulnerability in OPC Foundation OPCFoundation.NetStandard.Opc.Ua.Core before 1.5.374.54 could allow remote attackers to exhaust memory resources. It is triggered when the system receives an excessive number of messages from a remote source. This could potentially lead to a denial of service (DoS) condition, disrupting the normal operation of the system.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-33862","reference_id":"","reference_type":"","scores":[{"value":"0.00644","scoring_system":"epss","scoring_elements":"0.70653","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00644","scoring_system":"epss","scoring_elements":"0.7076","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00644","scoring_system":"epss","scoring_elements":"0.7075","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00644","scoring_system":"epss","scoring_elements":"0.70696","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00644","scoring_system":"epss","scoring_elements":"0.70717","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00644","scoring_system":"epss","scoring_elements":"0.70709","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00644","scoring_system":"epss","scoring_elements":"0.70664","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00644","scoring_system":"epss","scoring_elements":"0.70677","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00644","scoring_system":"epss","scoring_elements":"0.70614","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00644","scoring_system":"epss","scoring_elements":"0.7063","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00644","scoring_system":"epss","scoring_elements":"0.70608","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00644","scoring_system":"epss","scoring_elements":"0.70692","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00644","scoring_system":"epss","scoring_elements":"0.70669","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-33862"},{"reference_url":"https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2024-33862.pdf","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-08T14:15:09Z/"}],"url":"https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2024-33862.pdf"},{"reference_url":"https://github.com/OPCFoundation/UA-.NETStandard","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OPCFoundation/UA-.NETStandard"},{"reference_url":"https://github.com/OPCFoundation/UA-.NETStandard/commit/52d4492ccc928f128e7a38857fdf58d94e1e652b","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OPCFoundation/UA-.NETStandard/commit/52d4492ccc928f128e7a38857fdf58d94e1e652b"},{"reference_url":"https://github.com/OPCFoundation/UA-.NETStandard/releases/tag/1.5.374.54","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OPCFoundation/UA-.NETStandard/releases/tag/1.5.374.54"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-33862","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-33862"},{"reference_url":"https://github.com/advisories/GHSA-4q2p-hwmr-qcxc","reference_id":"GHSA-4q2p-hwmr-qcxc","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4q2p-hwmr-qcxc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/42424?format=json","purl":"pkg:nuget/OPCFoundation.NetStandard.Opc.Ua.Core@1.5.374.54","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-53xw-2jd2-pugg"},{"vulnerability":"VCID-ue5w-bjqp-9kfc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/OPCFoundation.NetStandard.Opc.Ua.Core@1.5.374.54"}],"aliases":["CVE-2024-33862","GHSA-4q2p-hwmr-qcxc"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ur54-987z-5ue5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17503?format=json","vulnerability_id":"VCID-wbtc-7rp8-1qbq","summary":"Exposure of Sensitive Information in OPC UA .NET Standard Reference Server\nThis security update resolves a vulnerability in the OPC UA .NET Standard Reference Server that allows\nremote attackers to send malicious requests that expose sensitive information.\n\nhttps://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2023-31048.pdf","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-31048","reference_id":"","reference_type":"","scores":[{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61088","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61139","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.6106","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61118","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61102","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61054","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61128","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61136","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61123","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61135","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61153","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61148","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61106","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61125","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-31048"},{"reference_url":"https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2023-31048.pdf","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-06T16:41:59Z/"}],"url":"https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2023-31048.pdf"},{"reference_url":"https://github.com/OPCFoundation/UA-.NETStandard","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OPCFoundation/UA-.NETStandard"},{"reference_url":"https://github.com/OPCFoundation/UA-.NETStandard/releases","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-06T16:41:59Z/"}],"url":"https://github.com/OPCFoundation/UA-.NETStandard/releases"},{"reference_url":"https://github.com/OPCFoundation/UA-.NETStandard/releases/tag/1.4.371.86","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-06T16:41:59Z/"}],"url":"https://github.com/OPCFoundation/UA-.NETStandard/releases/tag/1.4.371.86"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-31048","reference_id":"CVE-2023-31048","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-31048"},{"reference_url":"https://github.com/advisories/GHSA-4cvp-hr63-822j","reference_id":"GHSA-4cvp-hr63-822j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4cvp-hr63-822j"},{"reference_url":"https://github.com/OPCFoundation/UA-.NETStandard/security/advisories/GHSA-4cvp-hr63-822j","reference_id":"GHSA-4cvp-hr63-822j","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OPCFoundation/UA-.NETStandard/security/advisories/GHSA-4cvp-hr63-822j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57462?format=json","purl":"pkg:nuget/OPCFoundation.NetStandard.Opc.Ua.Core@1.4.371.86","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-53xw-2jd2-pugg"},{"vulnerability":"VCID-pmtm-p8gm-xkcp"},{"vulnerability":"VCID-ue5w-bjqp-9kfc"},{"vulnerability":"VCID-ur54-987z-5ue5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/OPCFoundation.NetStandard.Opc.Ua.Core@1.4.371.86"}],"aliases":["CVE-2023-31048","GHSA-4cvp-hr63-822j"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wbtc-7rp8-1qbq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54214?format=json","vulnerability_id":"VCID-yfz2-kug9-hkcy","summary":"Incorrect Implementation of Authentication Algorithm in OPCFoundation.NetStandard.Opc.Ua.Core\nA vulnerability was discovered in the OPC UA .NET Standard Stack that\n-  allows a malicious client or server to bypass the application authentication mechanism\n-  and allow a connection to an untrusted peer.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29865","reference_id":"","reference_type":"","scores":[{"value":"0.00667","scoring_system":"epss","scoring_elements":"0.71352","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00667","scoring_system":"epss","scoring_elements":"0.71235","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00667","scoring_system":"epss","scoring_elements":"0.71211","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00667","scoring_system":"epss","scoring_elements":"0.71252","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00667","scoring_system":"epss","scoring_elements":"0.71267","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00667","scoring_system":"epss","scoring_elements":"0.71289","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00667","scoring_system":"epss","scoring_elements":"0.71274","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00667","scoring_system":"epss","scoring_elements":"0.71259","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00667","scoring_system":"epss","scoring_elements":"0.71304","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00667","scoring_system":"epss","scoring_elements":"0.7131","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00667","scoring_system":"epss","scoring_elements":"0.71288","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00667","scoring_system":"epss","scoring_elements":"0.71341","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00667","scoring_system":"epss","scoring_elements":"0.71348","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00667","scoring_system":"epss","scoring_elements":"0.71217","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29865"},{"reference_url":"https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2022-29865.pdf","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2022-29865.pdf"},{"reference_url":"https://github.com/OPCFoundation/UA-.NETStandard","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OPCFoundation/UA-.NETStandard"},{"reference_url":"https://github.com/OPCFoundation/UA-.NETStandard/security/advisories/GHSA-fvxf-r9fw-49pc","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OPCFoundation/UA-.NETStandard/security/advisories/GHSA-fvxf-r9fw-49pc"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-29865","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-29865"},{"reference_url":"https://opcfoundation.org/security","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://opcfoundation.org/security"},{"reference_url":"https://opcfoundation.org/security/","reference_id":"","reference_type":"","scores":[],"url":"https://opcfoundation.org/security/"},{"reference_url":"https://github.com/advisories/GHSA-fvxf-r9fw-49pc","reference_id":"GHSA-fvxf-r9fw-49pc","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fvxf-r9fw-49pc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/81565?format=json","purl":"pkg:nuget/OPCFoundation.NetStandard.Opc.Ua.Core@1.4.368.58","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-53xw-2jd2-pugg"},{"vulnerability":"VCID-pmtm-p8gm-xkcp"},{"vulnerability":"VCID-ue5w-bjqp-9kfc"},{"vulnerability":"VCID-ur54-987z-5ue5"},{"vulnerability":"VCID-wbtc-7rp8-1qbq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/OPCFoundation.NetStandard.Opc.Ua.Core@1.4.368.58"}],"aliases":["CVE-2022-29865","GHSA-fvxf-r9fw-49pc"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yfz2-kug9-hkcy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54228?format=json","vulnerability_id":"VCID-yvwx-dkjv-5uag","summary":"Uncontrolled Resource Consumption in OPCFoundation.NetStandard.Opc.Ua.Core\nA vulnerability was discovered in the OPC UA .NET Standard Stack that allows a malicious client to trigger a stack overflow exception in a server that exposes an HTTPS endpoint.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29866","reference_id":"","reference_type":"","scores":[{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74077","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.73997","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74036","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74045","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74037","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74069","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74078","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.73955","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.73981","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.73952","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.73986","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74022","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74004","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-29866"},{"reference_url":"https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2022-29866.pdf","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2022-29866.pdf"},{"reference_url":"https://github.com/OPCFoundation/UA-.NETStandard","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OPCFoundation/UA-.NETStandard"},{"reference_url":"https://github.com/OPCFoundation/UA-.NETStandard/security/advisories/GHSA-6fp8-cxc9-4fr9","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/OPCFoundation/UA-.NETStandard/security/advisories/GHSA-6fp8-cxc9-4fr9"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-29866","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-29866"},{"reference_url":"https://github.com/advisories/GHSA-6fp8-cxc9-4fr9","reference_id":"GHSA-6fp8-cxc9-4fr9","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6fp8-cxc9-4fr9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/81565?format=json","purl":"pkg:nuget/OPCFoundation.NetStandard.Opc.Ua.Core@1.4.368.58","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-53xw-2jd2-pugg"},{"vulnerability":"VCID-pmtm-p8gm-xkcp"},{"vulnerability":"VCID-ue5w-bjqp-9kfc"},{"vulnerability":"VCID-ur54-987z-5ue5"},{"vulnerability":"VCID-wbtc-7rp8-1qbq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/OPCFoundation.NetStandard.Opc.Ua.Core@1.4.368.58"}],"aliases":["CVE-2022-29866","GHSA-6fp8-cxc9-4fr9"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yvwx-dkjv-5uag"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/OPCFoundation.NetStandard.Opc.Ua.Core@1.4.368.53"}