Search for packages
| purl | pkg:nuget/OPCFoundation.NetStandard.Opc.Ua@1.4.353.15 |
| Next non-vulnerable version | 1.5.374.118 |
| Latest non-vulnerable version | 1.5.374.158 |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-53xw-2jd2-pugg
Aliases: CVE-2024-45526 GHSA-7vfh-cqpc-4267 |
Security Update for the OPC UA .NET Standard Stack This security update resolves a vulnerability in the OPC UA .NET Standard Stack that allows an unauthorized attacker to trigger a gradual degradation in performance. |
Affected by 0 other vulnerabilities. |
|
VCID-9sgb-7afy-dbgm
Aliases: CVE-2022-29862 GHSA-5q2v-6j86-5h9v |
Security Update for the OPC UA .NET Standard Stack A vulnerability was discovered in OPC UA .NET Standard Stack that allows a malicious client or server to cause a peer to hang with a carefully crafted message sent during secure channel creation. |
Affected by 3 other vulnerabilities. |
|
VCID-a85p-s3vr-w3ht
Aliases: CVE-2022-29863 GHSA-r7pq-3x6p-7jcm |
Memory Allocation with Excessive Size Value in OPCFoundation.NetStandard.Opc.Ua.Core A vulnerability was discovered in the OPC UA .NET Standard Stack that allows a malicious client to cause a server to trigger an out of memory exception with a carefully crafted message. |
Affected by 3 other vulnerabilities. |
|
VCID-c3w3-gqx4-67cd
Aliases: CVE-2022-29864 GHSA-vhfw-v69p-crcw |
Uncontrolled Resource Consumption in OPCFoundation.NetStandard.Opc.Ua.Core A vulnerability was discovered in the OPC UA .NET Standard Stack that allows a malicious client to cause a server to trigger an out of memory exception by sending a large number of message chunks. |
Affected by 3 other vulnerabilities. |
|
VCID-df2w-9vh6-4feu
Aliases: CVE-2020-29457 GHSA-mjww-934m-h4jw |
Improper Certificate Validation A Privilege Elevation vulnerability in OPC UA .NET Standard Stack 1.4.363.107 could allow a rogue application to establish a secure connection. |
Affected by 9 other vulnerabilities. Affected by 9 other vulnerabilities. |
|
VCID-hx7z-escx-guax
Aliases: CVE-2020-8867 GHSA-9q94-v7ch-mxqw |
Insufficient Session Expiration and TOCTOU Race Condition in OPC FOundation UA .Net Standard This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard 1.04.358.30. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of sessions. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to create a denial-of-service condition against the application. Was ZDI-CAN-10295. |
Affected by 0 other vulnerabilities. Affected by 10 other vulnerabilities. |
|
VCID-pmtm-p8gm-xkcp
Aliases: GHSA-qm9f-c3v9-wphv |
Security Update for the OPC UA .NET Standard Stack This security update resolves a vulnerability in the OPC UA .NET Standard Stack that enables an unauthorized attacker to trigger a rapid increase in memory consumption. |
Affected by 1 other vulnerability. |
|
VCID-wbtc-7rp8-1qbq
Aliases: CVE-2023-31048 GHSA-4cvp-hr63-822j |
Exposure of Sensitive Information in OPC UA .NET Standard Reference Server This security update resolves a vulnerability in the OPC UA .NET Standard Reference Server that allows remote attackers to send malicious requests that expose sensitive information. https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2023-31048.pdf |
Affected by 2 other vulnerabilities. |
|
VCID-x8yt-gmev-vqgb
Aliases: CVE-2021-27432 |
OPC Foundation UA .NET Standard versions prior to 1.4.365.48 and OPC UA .NET Legacy are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow. |
Affected by 8 other vulnerabilities. |
|
VCID-yfz2-kug9-hkcy
Aliases: CVE-2022-29865 GHSA-fvxf-r9fw-49pc |
Incorrect Implementation of Authentication Algorithm in OPCFoundation.NetStandard.Opc.Ua.Core A vulnerability was discovered in the OPC UA .NET Standard Stack that - allows a malicious client or server to bypass the application authentication mechanism - and allow a connection to an untrusted peer. |
Affected by 3 other vulnerabilities. |
|
VCID-yvwx-dkjv-5uag
Aliases: CVE-2022-29866 GHSA-6fp8-cxc9-4fr9 |
Uncontrolled Resource Consumption in OPCFoundation.NetStandard.Opc.Ua.Core A vulnerability was discovered in the OPC UA .NET Standard Stack that allows a malicious client to trigger a stack overflow exception in a server that exposes an HTTPS endpoint. |
Affected by 3 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-2bp3-w8u8-7fe4 | Improper Certificate Validation Failure to validate certificates in OPC Foundation UA Client Applications communicating without security allows attackers with control over a piece of network infrastructure to decrypt passwords. |
CVE-2018-12087
GHSA-8336-mxp6-v5h9 |
| VCID-e415-z3cf-ekfm | Out-of-bounds Write Buffer overflow in OPC UA applications allows remote attackers to trigger a stack overflow with carefully structured requests. |
CVE-2018-12086
GHSA-782p-53wq-cxmj |