PT-2020-20338 · Opc Foundation · Opc Foundation Ua .Net Standard

Chris Anastasio

Published

2020-04-16

Updated

2021-08-02

CVE-2020-8867

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions OPC Foundation UA .NET Standard version 1.04.358.30

Description This issue allows remote attackers to create a denial-of-service condition on affected installations. Authentication is not required to exploit this issue. The specific flaw exists within the handling of sessions, resulting from the lack of proper locking when performing operations on an object. An attacker can leverage this issue to create a denial-of-service condition against the application.

Recommendations For OPC Foundation UA .NET Standard version 1.04.358.30, consider applying a patch or fix that addresses the lack of proper locking when performing operations on an object, specifically within the handling of sessions, to prevent the creation of a denial-of-service condition. At the moment, there is no information about a newer version that contains a fix for this issue.

Fix

Time Of Check To Time Of Use

Insufficient Session Expiration

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-367CWE-613

Related Identifiers

CVE-2020-8867

GHSA-9Q94-V7CH-MXQW

ZDI-20-536

Affected Products

Opc Foundation Ua .Net Standard

PT-2020-20338 · Opc Foundation · Opc Foundation Ua .Net Standard

CVE-2020-8867

Weakness Enumeration

Related Identifiers

Affected Products

References · 6