GCVE - cpe:2.3:a:opcfoundation:ua-.netstandard:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:opcfoundation:ua-.netstandard:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Opcfoundation (`41e23661-53d2-5c84-825f-c0671d15a20c`)
Product	Ua .Netstandard (`e2581387-7d0f-58c2-a8cf-cfb1c3c84868`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/opcfoundation/ua-.netstandard`	purl2cpe	2026-06-01 10:12:21.063969

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-45526`	vulnerable	2026-06-03 14:56:56.944936	Details available An issue was discovered in OPC Foundation OPCFoundation/UA-.NETStandard through 1.5.374.78. A remote attacker can send requests with invalid credentials and cause the server performance to degrade gradually. Published: 2024-10-22T00:00:00.000Z Updated: 2024-10-23T18:32:55.127Z Open on db.gcve.eu Reference links https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2024-45526.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-33862`	vulnerable	2026-06-03 14:55:53.080629	Details available A buffer-management vulnerability in OPC Foundation OPCFoundation.NetStandard.Opc.Ua.Core before 1.05.374.54 could allow remote attackers to exhaust memory resources. It is triggered when the system receives an excessive number of messages from a remote source. This could potentially lead to a denial of service (DoS) condition, disrupting the normal operation of the system. Published: 2024-07-05T00:00:00.000Z Updated: 2024-08-02T02:42:59.324Z Open on db.gcve.eu Reference links https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2024-33862.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-31048`	vulnerable	2026-06-03 14:51:54.477934	Details available The OPC UA .NET Standard Reference Server before 1.4.371.86. places sensitive information into an error message that may be seen remotely. Published: 2023-12-12T00:00:00.000Z Updated: 2024-10-09T13:26:47.799Z Open on db.gcve.eu Reference links https://github.com/OPCFoundation/UA-.NETStandard/releases https://github.com/OPCFoundation/UA-.NETStandard/releases/tag/1.4.371.86 https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2023-31048.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-27321`	vulnerable	2026-06-03 14:51:00.917013	OPC Foundation UA .NET Standard ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability HIGH (7.5) OPC Foundation UA .NET Standard ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20505. Published: 2024-05-07T22:55:01.898Z Updated: 2024-08-02T12:09:43.438Z Open on db.gcve.eu Reference links https://www.zerodayinitiative.com/advisories/ZDI-23-548/ https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2023-27321.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-29457`	vulnerable	2026-06-03 14:42:29.457177	Details available A Privilege Elevation vulnerability in OPC UA .NET Standard Stack 1.4.363.107 could allow a rogue application to establish a secure connection. Published: 2021-02-16T19:19:19.000Z Updated: 2024-08-04T16:55:09.676Z Open on db.gcve.eu Reference links https://github.com/OPCFoundation/UA-.NETStandard https://www.nuget.org/packages/OPCFoundation.NetStandard.Opc.Ua/ https://opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2020-29457.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-7559`	vulnerable	2026-06-03 14:39:07.072448	Details available An issue was discovered in OPC UA .NET Standard Stack and Sample Code before GitHub commit 2018-04-12, and OPC UA .NET Legacy Stack and Sample Code before GitHub commit 2018-03-13. A vulnerability in OPC UA applications can allow a remote attacker to determine a Server's private key by sending carefully constructed bad UserIdentityTokens as part of an oracle attack. Published: 2018-06-13T18:00:00.000Z Updated: 2024-08-05T06:31:04.545Z Open on db.gcve.eu Reference links https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2018-7559.pdf https://github.com/OPCFoundation/UA-.NETStandard/commit/ebcf026a54dd0c9052cff009d96d827ac923d150 https://github.com/OPCFoundation/UA-.NET-Legacy/commit/e2a781b38efb8686d2bd850c2f2372b5c670bc45 http://www.securityfocus.com/bid/108688	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-12087`	vulnerable	2026-06-03 14:38:02.723716	Details available Failure to validate certificates in OPC Foundation UA Client Applications communicating without security allows attackers with control over a piece of network infrastructure to decrypt passwords. Published: 2018-10-03T18:00:00.000Z Updated: 2024-08-05T08:24:03.775Z Open on db.gcve.eu Reference links https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2018-12087.pdf	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.