Advisories for Nuget/OPCFoundation.NetStandard.Opc.Ua package

2023
2022
2021
2020

Insufficient Session Expiration

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of sessions. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to create a denial-of-service condition against the application.

2018

Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking

An issue was discovered in OPC UA .NET Standard Stack and Sample Code before GitHub commit, and OPC UA .NET Legacy Stack and Sample Code before GitHub commit . A vulnerability in OPC UA applications can allow a remote attacker to determine a Server's private key by sending carefully constructed bad UserIdentityTokens as part of an oracle attack.