PT-2022-7297 · Unknown · Opc Ua .Net Standard Stack

Published

2022-06-16

Updated

2022-06-27

CVE-2022-29862

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions OPC UA .NET Standard Stack version 1.04.368

Description The issue is related to an infinite loop in the OPC UA .NET Standard Stack, which can be triggered by a remote attacker sending a crafted message. This can cause the application to hang, resulting in a denial of service. The vulnerability is associated with the implementation of the data transmission specification in industrial networks.

Recommendations For OPC UA .NET Standard Stack version 1.04.368, consider applying a patch or fix to resolve the infinite loop issue, if available. As a temporary workaround, consider implementing measures to detect and prevent crafted messages from being processed, such as filtering or validating incoming messages to prevent the application from hanging.

Fix

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-835

Related Identifiers

BDU:2024-02521

CVE-2022-29862

GHSA-5Q2V-6J86-5H9V

Affected Products

Opc Ua .Net Standard Stack

PT-2022-7297 · Unknown · Opc Ua .Net Standard Stack

CVE-2022-29862

Weakness Enumeration

Related Identifiers

Affected Products

References · 9