CVE-2020-8867
5.3
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard 1.04.358.30. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of sessions. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to create a denial-of-service condition against the application. Was ZDI-CAN-10295.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| OPC Foundation | UA .NET Standard | 1.04.358.30 | affected |
Weaknesses
- CWE-367: CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition
ADP Enrichment
CVE Program Container
Additional References
- https://www.zerodayinitiative.com/advisories/ZDI-20-536/
- https://opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2020-8867.pdf
References
- https://www.zerodayinitiative.com/advisories/ZDI-20-536/
- https://opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2020-8867.pdf
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.