OTPulse

o6 Automation GmbH Open62541

MonitorCVSS 5.7ICS-CERT ICSA-26-036-03Feb 5, 2026
Attack path
Attack VectorNetwork
Auth RequiredLow
ComplexityLow
User InteractionRequired
Summary

A buffer overflow vulnerability (CWE-787) in Open62541 version 1.5-rc1 allows an authenticated attacker with engineering credentials to crash the OPC UA server process through a specially crafted request. Successful exploitation causes denial-of-service and potential memory corruption, disrupting industrial process communications and visibility. The vendor has not planned a fix for this version.

What this means
What could happen
An attacker with valid engineering credentials could crash the Open62541 OPC UA server, disrupting communication with industrial devices and causing temporary loss of remote visibility and control over field equipment.
Who's at risk
This vulnerability affects any water authority, electric utility, or manufacturing facility using the Open62541 OPC UA server library to enable data exchange between SCADA systems, PLCs, RTUs, and engineering workstations. Organizations running open-source or embedded OPC UA implementations based on Open62541 should assess exposure immediately.
How it could be exploited
An attacker with valid engineering workstation credentials connects to the Open62541 OPC UA server over the network, sends a specially crafted request that triggers a buffer overflow, and causes the server process to crash. This interrupts OPC UA communications with PLCs, RTUs, and SCADA systems that depend on the server for data exchange.
Prerequisites
  • Network access to the OPC UA server port (typically 4840)
  • Valid engineering workstation or operator account credentials
  • User interaction required (attacker must craft and send a malformed request through the OPC UA protocol)
  • Vulnerable Open62541 version 1.5-rc1
remotely exploitablelow complexity exploitationmemory corruption riskdenial of service capabilityno patch available
Exploitability
Unlikely to be exploited — EPSS score 0.0%
Affected products (1)
ProductAffected VersionsFix Status
Open62541: >=1.5-rc1|<1.5-rc2≥ 1.5-rc1|<1.5-rc2No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/3
HARDENINGIsolate the Open62541 OPC UA server to a restricted network segment accessible only to authorized engineering workstations and industrial devices that require it
WORKAROUNDImplement firewall rules to restrict access to the OPC UA server port (4840) to only known, trusted IP addresses of PLCs, RTUs, HMIs, and engineering stations
HARDENINGEnforce strong credential policies for engineering workstation accounts that can access the OPC UA server; audit and disable unused service accounts
Long-term hardening
0/1
HOTFIXEvaluate alternative OPC UA implementations or request a fixed version from the vendor; if no fixed version is available, plan migration to a supported solution
View full CISA ICS-CERT advisory
API: /api/v1/advisories/cefe8d66-758f-4d82-9667-848643a75adb

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.

o6 Automation GmbH Open62541 | CVSS 5.7 - OTPulse