CVE-2022-37012

Name of the Vulnerable Software and Affected Versions Unified Automation OPC UA C++ Demo Server version 1.7.6-537

Description This issue allows remote attackers to create a denial-of-service condition on affected installations. Authentication is not required to exploit this issue. The specific flaw exists within the OpcUa SecureListener ProcessSessionCallRequest method. A crafted OPC UA message can force the server to incorrectly update a reference count, allowing an attacker to create a denial-of-service condition on the system.

Recommendations For Unified Automation OPC UA C++ Demo Server version 1.7.6-537, as a temporary workaround, consider disabling the OpcUa SecureListener ProcessSessionCallRequest method until a patch is available. Restrict access to the server to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.