CVE-2022-39823 in OPC UA C++ SDK
Summary
by MITRE • 10/21/2022
An issue was discovered in Softing OPC UA C++ SDK 5.66 through 6.x before 6.10. An OPC/UA browse request exceeding the server limit on continuation points may cause a use-after-free error
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 05/09/2025
The vulnerability identified as CVE-2022-39823 resides within the Softing OPC UA C++ SDK version 5.66 through 6.x before 6.10, representing a critical flaw that can be exploited to cause system instability and potential code execution. This issue specifically affects the server-side implementation of the OPC/UA protocol, which is widely used in industrial automation and control systems for secure data communication between devices and applications. The vulnerability stems from inadequate handling of continuation points during browse operations, which are fundamental components of OPC UA's hierarchical data navigation capabilities. When a client submits a browse request that exceeds the server's configured limit on continuation points, the system fails to properly manage memory resources, leading to a use-after-free condition that can be leveraged by malicious actors.
The technical root cause of this vulnerability aligns with CWE-416, which describes the use of freed memory condition, and specifically manifests as a memory safety issue within the OPC UA server implementation. During normal operation, OPC UA servers maintain continuation points to manage large browse results that exceed single response limits, allowing clients to retrieve data in chunks. However, when the number of continuation points exceeds the configured threshold, the server's memory management logic fails to properly deallocate resources before attempting to access them again. This memory corruption occurs because the server does not adequately validate or handle the excessive continuation point scenario, leading to a situation where freed memory locations are accessed and potentially overwritten, creating opportunities for arbitrary code execution or denial of service conditions.
The operational impact of this vulnerability extends beyond simple system instability, particularly within industrial control environments where OPC UA servers form the backbone of critical infrastructure communication. Attackers could exploit this flaw by crafting malicious browse requests that intentionally exceed continuation point limits, potentially causing the OPC UA server to crash or behave unpredictably. In industrial settings, this could lead to operational disruptions, data loss, or even safety hazards if the affected systems control critical processes. The vulnerability is particularly concerning because OPC UA implementations are often deployed in environments where system reliability and availability are paramount, and the use-after-free condition could be leveraged to create persistent access points or escalate privileges within the industrial network. The attack surface is broad as any system using Softing OPC UA C++ SDK within the affected version range could be compromised, making this a significant risk for manufacturing, energy, and other industrial sectors relying on OPC UA for their automation infrastructure.
Mitigation strategies for CVE-2022-39823 should prioritize immediate patching of affected systems, with organizations upgrading to Softing OPC UA C++ SDK version 6.10 or later where the vulnerability has been addressed. Security teams should also implement network segmentation and access controls to limit exposure of OPC UA servers to untrusted networks, following ATT&CK technique T1071.004 for application layer protocol usage. Additional defensive measures include monitoring for unusual browse request patterns, implementing rate limiting on OPC UA server endpoints, and conducting regular security assessments of industrial control systems. Organizations should also consider deploying intrusion detection systems specifically configured to identify malicious OPC UA traffic patterns that could indicate exploitation attempts. The vulnerability highlights the importance of proper memory management in industrial communication protocols and underscores the need for comprehensive security testing of critical infrastructure software components, particularly those handling complex data structures and memory operations in real-time industrial environments.