OTPulse
FeedAboutContact

o6 Automation GmbH Open62541

Monitor5.7ICS-CERT ICSA-26-036-03Feb 5, 2026
Attack VectorNetwork
Auth RequiredLow
ComplexityLow
User InteractionRequired
Summary

A buffer overflow vulnerability in Open62541 versions >=1.5-rc1 and <1.5-rc2 can cause denial-of-service and memory corruption. The vulnerability exists in message validation logic and can be triggered by an authenticated user sending a specially crafted OPC UA message. Successful exploitation results in service crash and potential data corruption, requiring manual server restart to restore communications with connected industrial systems.

What this means
What could happen
An attacker with valid credentials could crash the Open62541 server or corrupt its memory, causing the OPC UA service to become unavailable and potentially requiring manual server restart to restore communications with industrial equipment.
Who's at risk
Manufacturers and operators of OPC UA-based systems using Open62541 library, including industrial automation platforms, SCADA systems, and device gateways that rely on Open62541 for connectivity. This affects any facility where Open62541 provides the bridge between legacy industrial equipment and supervisory systems.
How it could be exploited
An attacker with valid login credentials sends a specially crafted message to the Open62541 server over the network. The server fails to properly validate the message boundaries, causing a buffer overflow that corrupts memory and triggers a denial-of-service condition that stops the service.
Prerequisites
  • Network access to the Open62541 server (typically port 4840 for OPC UA)
  • Valid user credentials to authenticate to the Open62541 server
  • User interaction required: an authenticated user must trigger the vulnerability by sending the malformed message or the server must process it automatically during normal operation
Remotely exploitableRequires valid authentication credentialsLow attack complexityNo vendor patch available for affected versionsAffects availability and integrity of industrial communications
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (1)
ProductAffected VersionsFix Status
Open62541: >=1.5-rc1|<1.5-rc2≥ 1.5-rc1|<1.5-rc2No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2
HARDENINGRestrict network access to the Open62541 server to only authorized engineering workstations and approved client applications using firewall rules
HARDENINGDisable public access to the OPC UA port (4840) from outside the industrial network
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HARDENINGImplement authentication controls and monitor for failed login attempts to the Open62541 server
HARDENINGMonitor Open62541 server logs for crashes or restarts that may indicate exploitation attempts
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/cefe8d66-758f-4d82-9667-848643a75adb
o6 Automation GmbH Open62541 | CVSS 5.7 - OTPulse