彙總 opcfoundation 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
已披露問題常與 記憶體損壞、輸入驗證問題與XXE 相關,可能在 軟體部署與生產負載 場景中帶來 應用程式崩潰與記憶體損壞 等暴露風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2024-42513 | Vulnerability in the OPC UA .NET Standard Stack before 1.5.374.158 allows an unauthorized attacker to bypass application authentication when using HTTPS endpoints. | [email protected] | 5.3 | 0.51% | 2025-02-10 | 2026-06-17 |
| CVE-2024-42512 | Vulnerability in the OPC UA .NET Standard Stack before 1.5.374.158 allows an unauthorized attacker to bypass application authentication when the deprecated Basic128Rsa15 security policy is enabled. | [email protected] | 8.6 | 0.55% | 2025-02-10 | 2026-06-17 |
| CVE-2023-27321 | OPC Foundation UA .NET Standard ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An att | [email protected] | 7.5 | 1.05% | 2024-05-07 | 2026-06-17 |
| CVE-2023-31048 | The OPC UA .NET Standard Reference Server before 1.4.371.86. places sensitive information into an error message that may be seen remotely. | [email protected] | 5.3 | 0.79% | 2023-12-12 | 2026-06-17 |
| CVE-2023-32787 | The OPC UA Legacy Java Stack before 6f176f2 enables an attacker to block OPC UA server applications via uncontrolled resource consumption so that they can no longer serve client applications. | [email protected] | 7.5 | 1.17% | 2023-05-15 | 2026-06-17 |
| CVE-2022-44725 | OPC Foundation Local Discovery Server (LDS) through 1.04.403.478 uses a hard-coded file path to a configuration file. This allows a normal user to create a malicious file that is loaded by LDS (running as a high-privilege user). | [email protected] | 7.8 | 0.17% | 2022-11-17 | 2026-06-17 |
| CVE-2022-33916 | OPC UA .NET Standard Reference Server 1.04.368 allows a remote attacker to cause the application to access sensitive information. | [email protected] | 7.5 | 0.99% | 2022-08-22 | 2026-06-17 |
| CVE-2022-29866 | OPC UA .NET Standard Stack 1.04.368 allows a remote attacker to exhaust the memory resources of a server via a crafted request that triggers Uncontrolled Resource Consumption. | [email protected] | 7.5 | 1.56% | 2022-06-16 | 2026-06-17 |
| CVE-2022-29864 | OPC UA .NET Standard Stack 1.04.368 allows a remote attacker to cause a server to crash via a large number of messages that trigger Uncontrolled Resource Consumption. | [email protected] | 7.5 | 1.80% | 2022-06-16 | 2026-06-17 |
| CVE-2022-29863 | OPC UA .NET Standard Stack 1.04.368 allows remote attacker to cause a crash via a crafted message that triggers excessive memory allocation. | [email protected] | 7.5 | 1.30% | 2022-06-16 | 2026-06-17 |
| CVE-2022-29865 | OPC UA .NET Standard Stack allows a remote attacker to bypass the application authentication check via crafted fake credentials. | [email protected] | 7.5 | 1.47% | 2022-06-16 | 2026-06-17 |
| CVE-2022-29862 | An infinite loop in OPC UA .NET Standard Stack 1.04.368 allows a remote attackers to cause the application to hang via a crafted message. | [email protected] | 7.5 | 1.43% | 2022-06-16 | 2026-06-17 |
| CVE-2022-30551 | OPC UA Legacy Java Stack 2022-04-01 allows a remote attacker to cause a server to stop processing messages by sending crafted messages that exhaust available resources. | [email protected] | 7.5 | 2.16% | 2022-05-20 | 2026-06-17 |
| CVE-2021-45117 | The OPC autogenerated ANSI C stack stubs (in the NodeSets) do not handle all error cases. This can lead to a NULL pointer dereference. | [email protected] | 6.5 | 1.40% | 2022-03-21 | 2026-06-17 |
| CVE-2021-40142 | In OPC Foundation Local Discovery Server (LDS) before 1.04.402.463, remote attackers can cause a denial of service (DoS) by sending carefully crafted messages that lead to Access of a Memory Location After the End of a Buffer. | [email protected] | 7.5 | 2.56% | 2021-08-27 | 2026-06-17 |
| CVE-2021-27432 | OPC Foundation UA .NET Standard versions prior to 1.4.365.48 and OPC UA .NET Legacy are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow. | [email protected] | 7.5 | 2.19% | 2021-05-20 | 2026-06-16 |
| CVE-2020-29457 | A Privilege Elevation vulnerability in OPC UA .NET Standard Stack 1.4.363.107 could allow a rogue application to establish a secure connection. | [email protected] | 4.4 | 0.31% | 2021-02-16 | 2026-06-16 |
| CVE-2020-8867 | This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard 1.04.358.30. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of sessions. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to create a denial-of-service condition against the application. Was ZDI-CAN-10295. | [email protected] | 7.5 | 2.58% | 2020-04-22 | 2026-06-16 |
| CVE-2019-19135 | In OPC Foundation OPC UA .NET Standard codebase 1.4.357.28, servers do not create sufficiently random numbers in OPCFoundation.NetStandard.Opc.Ua before 1.4.359.31, which allows man in the middle attackers to reuse encrypted user credentials sent over the network. | [email protected] | 7.4 | 1.04% | 2020-03-16 | 2026-06-16 |
| CVE-2018-12087 | Failure to validate certificates in OPC Foundation UA Client Applications communicating without security allows attackers with control over a piece of network infrastructure to decrypt passwords. | [email protected] | 5.3 | 0.29% | 2018-10-03 | 2026-06-16 |