Primary

Context

OPC Foundation .NET Standard Stack Authentication Bypass Vulnerability via HTTPS Endpoints

Vulnerability

Patched

An authentication bypass vulnerability has been identified in the OPC UA .NET Standard Stack, affecting versions prior to 1.5.374.158. This vulnerability allows unauthorized attackers to bypass application authentication when HTTPS endpoints are enabled and use a security policy other than None.

Impact

Exploitation of this vulnerability allows for authentication bypass, potentially leading to unauthorized access or actions within the application.

Remediation

Users can update to version 1.5.374.158 or later to address this vulnerability. If application authentication is required, it must be done with HTTPS certificates. For installations without HTTPS client certificates, user authentication should be relied upon for access control.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

5.0

exploitability

5.9

remediation

8.3

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

5.0

exploitability

5.9

remediation

8.3

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OPC Foundation .NET Standard Stack Authentication Bypass Vulnerability via HTTPS Endpoints

Vulnerability

Impact

Remediation

Affected Products

OPC Foundation UA-.NETStandard

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating