PT-2024-31681 · Opc Foundation · Opc Foundation Ua .Net Standard

Published

2024-10-18

Updated

2024-10-23

CVE-2024-45526

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions: OPC Foundation OPCFoundation/UA-.NETStandard versions 1.5.374.78 and earlier

Description: A remote attacker can send requests with invalid credentials and cause the server performance to degrade gradually. This issue allows an unauthorized attacker to trigger a gradual degradation in performance.

Recommendations: For versions 1.5.374.78 and earlier, update to a version that includes the security update for the OPC UA .NET Standard Stack to resolve the vulnerability. As a temporary workaround, consider restricting access to the server to minimize the risk of exploitation. Avoid using invalid credentials in requests to the affected server until the issue is resolved.

Fix

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

CVE-2024-45526

GHSA-7VFH-CQPC-4267

Affected Products

Opc Foundation Ua .Net Standard

PT-2024-31681 · Opc Foundation · Opc Foundation Ua .Net Standard

CVE-2024-45526

Weakness Enumeration

Related Identifiers

Affected Products

References · 8