OPC Foundation NETStandard up to 1.5.374.78 denial of service

Summaryinfo

A vulnerability marked as problematic has been reported in OPC Foundation NETStandard up to 1.5.374.78. Affected by this vulnerability is an unknown functionality. Performing a manipulation results in denial of service. This vulnerability was named CVE-2024-45526. The attack may be initiated remotely. There is no available exploit.

Detailsinfo

A vulnerability, which was classified as problematic, was found in OPC Foundation NETStandard up to 1.5.374.78. This affects an unknown code. The manipulation with an unknown input leads to a denial of service vulnerability. CWE is classifying the issue as CWE-404. The product does not release or incorrectly releases a resource before it is made available for re-use. This is going to have an impact on availability. The summary by CVE is:

An issue was discovered in OPC Foundation OPCFoundation/UA-.NETStandard through 1.5.374.78. A remote attacker can send requests with invalid credentials and cause the server performance to degrade gradually.

It is possible to read the advisory at files.opcfoundation.org. This vulnerability is uniquely identified as CVE-2024-45526 since 09/02/2024. The exploitability is told to be easy. It is possible to initiate the attack remotely. The technical details are unknown and an exploit is not publicly available. The attack technique deployed by this issue is T1499 according to MITRE ATT&CK.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Productinfo

Vendor

• OPC Foundation

Name

• NETStandard

Version

• 1.5.374.0
• 1.5.374.1
• 1.5.374.2
• 1.5.374.3
• 1.5.374.4
• 1.5.374.5
• 1.5.374.6
• 1.5.374.7
• 1.5.374.8
• 1.5.374.9
• 1.5.374.10
• 1.5.374.11
• 1.5.374.12
• 1.5.374.13
• 1.5.374.14
• 1.5.374.15
• 1.5.374.16
• 1.5.374.17
• 1.5.374.18
• 1.5.374.19
• 1.5.374.20
• 1.5.374.21
• 1.5.374.22
• 1.5.374.23
• 1.5.374.24
• 1.5.374.25
• 1.5.374.26
• 1.5.374.27
• 1.5.374.28
• 1.5.374.29
• 1.5.374.30
• 1.5.374.31
• 1.5.374.32
• 1.5.374.33
• 1.5.374.34
• 1.5.374.35
• 1.5.374.36
• 1.5.374.37
• 1.5.374.38
• 1.5.374.39
• 1.5.374.40
• 1.5.374.41
• 1.5.374.42
• 1.5.374.43
• 1.5.374.44
• 1.5.374.45
• 1.5.374.46
• 1.5.374.47
• 1.5.374.48
• 1.5.374.49
• 1.5.374.50
• 1.5.374.51
• 1.5.374.52
• 1.5.374.53
• 1.5.374.54
• 1.5.374.55
• 1.5.374.56
• 1.5.374.57
• 1.5.374.58
• 1.5.374.59
• 1.5.374.60
• 1.5.374.61
• 1.5.374.62
• 1.5.374.63
• 1.5.374.64
• 1.5.374.65
• 1.5.374.66
• 1.5.374.67
• 1.5.374.68
• 1.5.374.69
• 1.5.374.70
• 1.5.374.71
• 1.5.374.72
• 1.5.374.73
• 1.5.374.74
• 1.5.374.75
• 1.5.374.76
• 1.5.374.77
• 1.5.374.78

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Discussion