Opcfoundation Opcfoundation

  1. Vendors
  2. Opcfoundation

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Opcfoundation product.

RSS Feeds for Opcfoundation security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Opcfoundation products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Opcfoundation Sorted by Most Security Vulnerabilities since 2018

Opcfoundation Ua Net Standard Stack7 vulnerabilities

Opcfoundation Ua Netstandard6 vulnerabilities

Opcfoundation Ua Net Legacy4 vulnerabilities

Opcfoundation Ua Java2 vulnerabilities

Opcfoundation Unified Architecture Net Standard2 vulnerabilities

Opcfoundation Local Discover Server1 vulnerability

Opcfoundation Local Discovery Server1 vulnerability

Opcfoundation Netstandard Opc Ua1 vulnerability

Opcfoundation Ua Java Legacy1 vulnerability

Opcfoundation Ua Nodeset1 vulnerability

Opcfoundation Unified Architecture Ansic1 vulnerability

Opcfoundation Unified Architecture Java1 vulnerability

Opcfoundation Unified Architecture Net Legacy1 vulnerability

By the Year

In 2026 there have been 0 vulnerabilities in Opcfoundation. Opcfoundation did not have any published security vulnerabilities last year.




Year Vulnerabilities Average Score
2026 0 0.00
2025 0 0.00
2024 1 0.00
2023 2 6.40
2022 9 7.42
2021 3 6.47
2020 2 0.00
2019 0 0.00
2018 4 7.00

It may take a day or so for new Opcfoundation vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Opcfoundation Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2023-27321 May 07, 2024
OPC Foundation .NET Standard ConditionRefresh Resource Exhaustion DoS OPC Foundation UA .NET Standard ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20505.
Ua Netstandard
CVE-2023-31048 Dec 12, 2023
OPC UA .NET Std Ref Server <1.4.371.86 - Remote Sensitive Data Leak The OPC UA .NET Standard Reference Server before 1.4.371.86. places sensitive information into an error message that may be seen remotely.
Ua Netstandard
CVE-2023-32787 May 15, 2023
DoS via Uncontrolled Resource Consumption in OPC UA Legacy Java Stack v<6f176f2 The OPC UA Legacy Java Stack before 6f176f2 enables an attacker to block OPC UA server applications via uncontrolled resource consumption so that they can no longer serve client applications.
Ua Java Legacy
CVE-2022-44725 Nov 17, 2022
OPC LDS < 1.04.403.478 Hardcoded Path Allows Privilege Abuse OPC Foundation Local Discovery Server (LDS) through 1.04.403.478 uses a hard-coded file path to a configuration file. This allows a normal user to create a malicious file that is loaded by LDS (running as a high-privilege user).
Local Discovery Server
CVE-2022-33916 Aug 23, 2022
OPC UA .NET Standard Reference Server 1.04.368 Remote RCE Exposes Sensitive Data OPC UA .NET Standard Reference Server 1.04.368 allows a remote attacker to cause the application to access sensitive information.
Ua Net Standard Stack
CVE-2022-29863 Jun 16, 2022
OPC UA .NET Standard Stack 1.04.368 allows remote attacker to cause a crash via a crafted message OPC UA .NET Standard Stack 1.04.368 allows remote attacker to cause a crash via a crafted message that triggers excessive memory allocation.
Ua Net Standard Stack
CVE-2022-29864 Jun 16, 2022
OPC UA .NET Standard Stack 1.04.368 allows a remote attacker to cause a server to crash via a large number of messages OPC UA .NET Standard Stack 1.04.368 allows a remote attacker to cause a server to crash via a large number of messages that trigger Uncontrolled Resource Consumption.
Ua Net Standard Stack
CVE-2022-29866 Jun 16, 2022
OPC UA .NET Standard Stack 1.04.368 allows a remote attacker to exhaust the memory resources of a server via a crafted request OPC UA .NET Standard Stack 1.04.368 allows a remote attacker to exhaust the memory resources of a server via a crafted request that triggers Uncontrolled Resource Consumption.
Ua Net Standard Stack
CVE-2022-29862 Jun 16, 2022
An infinite loop in OPC UA .NET Standard Stack 1.04.368 An infinite loop in OPC UA .NET Standard Stack 1.04.368 allows a remote attackers to cause the application to hang via a crafted message.
Ua Net Standard Stack
CVE-2022-29865 Jun 16, 2022
OPC UA .NET Standard Stack OPC UA .NET Standard Stack allows a remote attacker to bypass the application authentication check via crafted fake credentials.
Ua Net Standard Stack
CVE-2022-30551 May 20, 2022
OPC UA Legacy Java Stack 2022-04-01 allows a remote attacker to cause a server to stop processing messages by sending crafted messages OPC UA Legacy Java Stack 2022-04-01 allows a remote attacker to cause a server to stop processing messages by sending crafted messages that exhaust available resources.
Ua Java
CVE-2021-45117 Mar 21, 2022
The OPC autogenerated ANSI C stack stubs (in the NodeSets) do not handle all error cases The OPC autogenerated ANSI C stack stubs (in the NodeSets) do not handle all error cases. This can lead to a NULL pointer dereference.
Ua Nodeset
CVE-2021-40142 Aug 27, 2021
In OPC Foundation Local Discovery Server (LDS) before 1.04.402.463, remote attackers can cause a denial of service (DoS) by sending carefully crafted messages In OPC Foundation Local Discovery Server (LDS) before 1.04.402.463, remote attackers can cause a denial of service (DoS) by sending carefully crafted messages that lead to Access of a Memory Location After the End of a Buffer.
Local Discover Server
CVE-2021-27432 May 20, 2021
OPC Foundation UA .NET Standard versions prior to 1.4.365.48 and OPC UA .NET Legacy are vulnerable to an uncontrolled recursion, which may OPC Foundation UA .NET Standard versions prior to 1.4.365.48 and OPC UA .NET Legacy are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow.
Ua Net Legacy
Ua Net Standard Stack
CVE-2020-29457 Feb 16, 2021
A Privilege Elevation vulnerability in OPC UA .NET Standard Stack 1.4.363.107 could A Privilege Elevation vulnerability in OPC UA .NET Standard Stack 1.4.363.107 could allow a rogue application to establish a secure connection.
Ua Netstandard
CVE-2020-8867 Apr 22, 2020
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard 1.04.358.30 This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard 1.04.358.30. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of sessions. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to create a denial-of-service condition against the application. Was ZDI-CAN-10295.
Unified Architecture Net Standard
CVE-2019-19135 Mar 16, 2020
In OPC Foundation OPC UA .NET Standard codebase 1.4.357.28, servers do not create sufficiently random numbers in OPCFoundation.NetStandard.Opc.Ua before 1.4.359.31, which In OPC Foundation OPC UA .NET Standard codebase 1.4.357.28, servers do not create sufficiently random numbers in OPCFoundation.NetStandard.Opc.Ua before 1.4.359.31, which allows man in the middle attackers to reuse encrypted user credentials sent over the network.
Netstandard Opc Ua
Ua Netstandard
CVE-2018-12087 Oct 03, 2018
Failure to validate certificates in OPC Foundation UA Client Applications communicating without security Failure to validate certificates in OPC Foundation UA Client Applications communicating without security allows attackers with control over a piece of network infrastructure to decrypt passwords.
Ua Net Legacy
Ua Netstandard
CVE-2018-12585 Sep 14, 2018
An XXE vulnerability in the OPC UA Java and .NET Legacy Stack can An XXE vulnerability in the OPC UA Java and .NET Legacy Stack can allow remote attackers to trigger a denial of service.
Ua Net Legacy
Ua Java
CVE-2018-12086 Sep 14, 2018
Buffer overflow in OPC UA applications Buffer overflow in OPC UA applications allows remote attackers to trigger a stack overflow with carefully structured requests.
Unified Architecture Net Legacy
Unified Architecture Java
Unified Architecture Net Standard
And others...
CVE-2018-7559 Jun 13, 2018
An issue was discovered in OPC UA .NET Standard Stack and Sample Code before GitHub commit 2018-04-12 An issue was discovered in OPC UA .NET Standard Stack and Sample Code before GitHub commit 2018-04-12, and OPC UA .NET Legacy Stack and Sample Code before GitHub commit 2018-03-13. A vulnerability in OPC UA applications can allow a remote attacker to determine a Server's private key by sending carefully constructed bad UserIdentityTokens as part of an oracle attack.
Ua Net Legacy
Ua Netstandard
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.