Total
5 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-27432 | 1 Opcfoundation | 2 Ua-.net-legacy, Ua .net Standard Stack | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
OPC Foundation UA .NET Standard versions prior to 1.4.365.48 and OPC UA .NET Legacy are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow. | |||||
CVE-2018-7559 | 1 Opcfoundation | 2 Ua-.net-legacy, Ua-.netstandard | 2024-11-21 | 3.5 LOW | 5.3 MEDIUM |
An issue was discovered in OPC UA .NET Standard Stack and Sample Code before GitHub commit 2018-04-12, and OPC UA .NET Legacy Stack and Sample Code before GitHub commit 2018-03-13. A vulnerability in OPC UA applications can allow a remote attacker to determine a Server's private key by sending carefully constructed bad UserIdentityTokens as part of an oracle attack. | |||||
CVE-2018-12585 | 1 Opcfoundation | 2 Ua-.net-legacy, Ua-java | 2024-11-21 | 6.4 MEDIUM | 8.2 HIGH |
An XXE vulnerability in the OPC UA Java and .NET Legacy Stack can allow remote attackers to trigger a denial of service. | |||||
CVE-2018-12087 | 1 Opcfoundation | 2 Ua-.net-legacy, Ua-.netstandard | 2024-11-21 | 2.1 LOW | 5.3 MEDIUM |
Failure to validate certificates in OPC Foundation UA Client Applications communicating without security allows attackers with control over a piece of network infrastructure to decrypt passwords. | |||||
CVE-2017-12070 | 1 Opcfoundation | 1 Ua-.net-legacy | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
Unsigned versions of the DLLs distributed by the OPC Foundation may be replaced with malicious code. |