CVE-2024-42513: Authentication Bypass by Spoofing in OPC UA .NET Standard Stack

February 10, 2025

Vulnerability in the OPC UA .NET Standard Stack before 1.5.374.158 allows an unauthorized attacker to bypass application authentication when using HTTPS endpoints.

References

files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2024-42513.pdf
github.com/OPCFoundation/UA-.NETStandard
github.com/OPCFoundation/UA-.NETStandard/tree/1.5.374.158
github.com/advisories/GHSA-7wwr-h8cm-9jf7
nvd.nist.gov/vuln/detail/CVE-2024-42513

Detect and mitigate CVE-2024-42513 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →