OPC Foundation UA Products Built with .NET Framework
Plan Patch7.5ICS-CERT ICSA-21-133-03May 13, 2021
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
Successful exploitation of a stack overflow vulnerability in OPC UA .NET Standard (versions below 1.4.365.48) could cause application crashes or hangs in systems that use this stack for communication. The vulnerability is remotely exploitable via specially crafted network messages sent to the OPC UA listening port and requires no authentication.
What this means
What could happen
A stack overflow in OPC UA .NET Standard could cause the application to crash or hang, disrupting communication between your engineering workstations and industrial controllers, potentially stopping or freezing process monitoring and control.
Who's at risk
Organizations operating OPC UA-based systems for data collection and control, including water utilities, power plants, manufacturing facilities, and any site using SCADA or HMI systems that rely on OPC UA .NET Standard for communication between engineering workstations and PLCs or RTUs.
How it could be exploited
An attacker on the same network as your OPC UA server could send specially crafted messages to trigger the stack overflow condition. The attacker needs network reachability to the port where OPC UA is listening (typically 4840 for unsecured connections or 4843 for secured TLS connections).
Prerequisites
- Network access to the OPC UA listening port (typically TCP 4840 or 4843)
- No authentication required
- OPC UA .NET Standard version below 1.4.365.48 must be in use
remotely exploitableno authentication requiredlow complexityaffects OT communicationno patch available
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (1)
ProductAffected VersionsFix Status
OPC UA .NET Standard:< 1.4.365.481.4.365.48 or later
Remediation & Mitigation
0/4
Do now
0/1HARDENINGMinimize direct Internet exposure of OPC UA devices and servers
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
HOTFIXUpdate OPC UA .NET Standard stack to version 1.4.365.48 or later
WORKAROUNDIf remote access to OPC UA is required, use a VPN with current security patches rather than exposing the service directly to the network
Long-term hardening
0/1HARDENINGIsolate OPC UA servers from the business network; place them behind firewalls and restrict network access to only authorized engineering workstations
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/ca2aaad1-8a6e-40da-b05b-1610669b3e81