Search for packages
| purl | pkg:nuget/OPCFoundation.NetStandard.Opc.Ua@1.4.359.31 |
| Next non-vulnerable version | 1.5.374.118 |
| Latest non-vulnerable version | 1.5.374.158 |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-53xw-2jd2-pugg
Aliases: CVE-2024-45526 GHSA-7vfh-cqpc-4267 |
Security Update for the OPC UA .NET Standard Stack This security update resolves a vulnerability in the OPC UA .NET Standard Stack that allows an unauthorized attacker to trigger a gradual degradation in performance. |
Affected by 0 other vulnerabilities. |
|
VCID-9sgb-7afy-dbgm
Aliases: CVE-2022-29862 GHSA-5q2v-6j86-5h9v |
Security Update for the OPC UA .NET Standard Stack A vulnerability was discovered in OPC UA .NET Standard Stack that allows a malicious client or server to cause a peer to hang with a carefully crafted message sent during secure channel creation. |
Affected by 3 other vulnerabilities. |
|
VCID-a85p-s3vr-w3ht
Aliases: CVE-2022-29863 GHSA-r7pq-3x6p-7jcm |
Memory Allocation with Excessive Size Value in OPCFoundation.NetStandard.Opc.Ua.Core A vulnerability was discovered in the OPC UA .NET Standard Stack that allows a malicious client to cause a server to trigger an out of memory exception with a carefully crafted message. |
Affected by 3 other vulnerabilities. |
|
VCID-c3w3-gqx4-67cd
Aliases: CVE-2022-29864 GHSA-vhfw-v69p-crcw |
Uncontrolled Resource Consumption in OPCFoundation.NetStandard.Opc.Ua.Core A vulnerability was discovered in the OPC UA .NET Standard Stack that allows a malicious client to cause a server to trigger an out of memory exception by sending a large number of message chunks. |
Affected by 3 other vulnerabilities. |
|
VCID-df2w-9vh6-4feu
Aliases: CVE-2020-29457 GHSA-mjww-934m-h4jw |
Improper Certificate Validation A Privilege Elevation vulnerability in OPC UA .NET Standard Stack 1.4.363.107 could allow a rogue application to establish a secure connection. |
Affected by 9 other vulnerabilities. Affected by 9 other vulnerabilities. |
|
VCID-pmtm-p8gm-xkcp
Aliases: GHSA-qm9f-c3v9-wphv |
Security Update for the OPC UA .NET Standard Stack This security update resolves a vulnerability in the OPC UA .NET Standard Stack that enables an unauthorized attacker to trigger a rapid increase in memory consumption. |
Affected by 1 other vulnerability. |
|
VCID-wbtc-7rp8-1qbq
Aliases: CVE-2023-31048 GHSA-4cvp-hr63-822j |
Exposure of Sensitive Information in OPC UA .NET Standard Reference Server This security update resolves a vulnerability in the OPC UA .NET Standard Reference Server that allows remote attackers to send malicious requests that expose sensitive information. https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2023-31048.pdf |
Affected by 2 other vulnerabilities. |
|
VCID-x8yt-gmev-vqgb
Aliases: CVE-2021-27432 |
OPC Foundation UA .NET Standard versions prior to 1.4.365.48 and OPC UA .NET Legacy are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow. |
Affected by 8 other vulnerabilities. |
|
VCID-yfz2-kug9-hkcy
Aliases: CVE-2022-29865 GHSA-fvxf-r9fw-49pc |
Incorrect Implementation of Authentication Algorithm in OPCFoundation.NetStandard.Opc.Ua.Core A vulnerability was discovered in the OPC UA .NET Standard Stack that - allows a malicious client or server to bypass the application authentication mechanism - and allow a connection to an untrusted peer. |
Affected by 3 other vulnerabilities. |
|
VCID-yvwx-dkjv-5uag
Aliases: CVE-2022-29866 GHSA-6fp8-cxc9-4fr9 |
Uncontrolled Resource Consumption in OPCFoundation.NetStandard.Opc.Ua.Core A vulnerability was discovered in the OPC UA .NET Standard Stack that allows a malicious client to trigger a stack overflow exception in a server that exposes an HTTPS endpoint. |
Affected by 3 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-hx7z-escx-guax | Insufficient Session Expiration and TOCTOU Race Condition in OPC FOundation UA .Net Standard This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard 1.04.358.30. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of sessions. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to create a denial-of-service condition against the application. Was ZDI-CAN-10295. |
CVE-2020-8867
GHSA-9q94-v7ch-mxqw |
| VCID-u3xw-vnkf-rudu | Insufficient Nonce Validation in Eclipse Milo Client ### Impact Credential replay affecting those connected to a server when *all 3* of the following conditions are met: - `SecurityPolicy` is `None` - using username/password or X509-based authentication - the server has a defect causing it to send null/empty or zeroed nonces ### Patches The problem has been patched in version `0.3.6`. A more relaxed treatment of validation as agreed upon by the OPC UA Security Working Group is implemented in version `0.3.7`. ### Workarounds Do not use username/password or X509-based authentication with `SecurityPolicy` of `None`. ### References https://opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2019-19135.pdf ### For more information If you have any questions or comments about this advisory: * Open an issue at [https://github.com/eclipse/milo/issues](https://github.com/eclipse/milo/issues) * Email [the mailing list](mailto:milo-dev@eclipse.org) |
CVE-2019-19135
GHSA-pq4w-qm9g-qx68 |