Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-27432 | 1 Opcfoundation | 2 Ua-.net-legacy, Ua .net Standard Stack | 2021-06-01 | 5.0 MEDIUM | 7.5 HIGH |
| OPC Foundation UA .NET Standard versions prior to 1.4.365.48 and OPC UA .NET Legacy are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow. | |||||
| CVE-2018-7559 | 1 Opcfoundation | 2 Ua-.net-legacy, Ua-.netstandard | 2019-06-10 | 3.5 LOW | 5.3 MEDIUM |
| An issue was discovered in OPC UA .NET Standard Stack and Sample Code before GitHub commit 2018-04-12, and OPC UA .NET Legacy Stack and Sample Code before GitHub commit 2018-03-13. A vulnerability in OPC UA applications can allow a remote attacker to determine a Server's private key by sending carefully constructed bad UserIdentityTokens as part of an oracle attack. | |||||
| CVE-2018-12087 | 1 Opcfoundation | 2 Ua-.net-legacy, Ua-.netstandard | 2019-01-14 | 2.1 LOW | 5.3 MEDIUM |
| Failure to validate certificates in OPC Foundation UA Client Applications communicating without security allows attackers with control over a piece of network infrastructure to decrypt passwords. | |||||
| CVE-2018-12585 | 1 Opcfoundation | 2 Ua-.net-legacy, Ua-java | 2018-11-27 | 6.4 MEDIUM | 8.2 HIGH |
| An XXE vulnerability in the OPC UA Java and .NET Legacy Stack can allow remote attackers to trigger a denial of service. | |||||
| CVE-2017-12070 | 1 Opcfoundation | 1 Ua-.net-legacy | 2018-08-07 | 6.8 MEDIUM | 8.8 HIGH |
| Unsigned versions of the DLLs distributed by the OPC Foundation may be replaced with malicious code. | |||||