Denial-of-Service Vulnerability in OPC Foundation UA .NET Standard
CVE-2020-8867

5.3MEDIUM

Key Information:

Vendor

Opc Foundation

Status
Ua .net Standard
Vendor
CVE Published:
22 April 2020

What is CVE-2020-8867?

A vulnerability exists in OPC Foundation UA .NET Standard 1.04.358.30 that allows remote attackers to exploit a flaw in session handling. This issue arises from insufficient locking mechanisms during operations on certain objects. An attacker can leverage this weakness to create a denial-of-service condition, thereby disrupting the availability of the application without the need for authentication.

Affected Version(s)

UA .NET Standard 1.04.358.30

References

https://www.zerodayinitiative.com/advisories/ZDI-20-536/
x_refsource_MISC
https://opcfoundation.org/SecurityBulletins/OPC%20Foundat...
x_refsource_MISC

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

CVSS V3.0

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Steven Seeley (mr_me) and Chris Anastasio (muffin)
.