CVE-2022-29864 – CVE-2022-29864 is a denial-of-service vulnerabi... (How to Fix)

Q: What is the severity of CVE-2022-29864?

CVE-2022-29864 has a CVSS score of 7.5 (HIGH). CVE-2022-29864 is a denial-of-service vulnerability in the OPC UA .NET Standard Stack where an attacker can crash servers by sending a large volume of messages, causing uncontrolled resource consumption. This affects systems using OPC UA for industrial communication and automation. Organizations with OPC UA servers exposed to untrusted networks are particularly vulnerable.

📋 TL;DR

CVE-2022-29864 is a denial-of-service vulnerability in the OPC UA .NET Standard Stack where an attacker can crash servers by sending a large volume of messages, causing uncontrolled resource consumption. This affects systems using OPC UA for industrial communication and automation. Organizations with OPC UA servers exposed to untrusted networks are particularly vulnerable.

💻 Affected Systems

Products:

OPC UA .NET Standard Stack

Versions: Version 1.04.368

Operating Systems: Windows, Linux, Any OS running .NET

Default Config Vulnerable: ⚠️ Yes

Notes: Any application using the vulnerable OPC UA .NET Standard Stack version is affected regardless of configuration.

📦 What is this software?

Ua .net Standard Stack by Opcfoundation

View all CVEs affecting Ua .net Standard Stack →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server crash leading to disruption of industrial processes, production downtime, and potential safety implications in critical infrastructure.

🟠

Likely Case

Temporary service disruption requiring server restart, causing operational delays and minor production impacts.

🟢

If Mitigated

Minimal impact with proper network segmentation and rate limiting in place.

🌐 Internet-Facing: HIGH - Internet-exposed OPC UA servers can be easily targeted by remote attackers.

🏢 Internal Only: MEDIUM - Internal attackers or compromised systems could still exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only network access to the OPC UA endpoint and ability to send crafted messages.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 1.04.369 or later

Vendor Advisory: https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2022-29864.pdf

Restart Required: Yes

Instructions:

1. Download latest OPC UA .NET Standard Stack from official sources. 2. Update all affected applications. 3. Restart OPC UA servers and services. 4. Verify functionality after update.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate OPC UA servers from untrusted networks using firewalls and VLANs.

Rate Limiting

all

Implement network-level rate limiting on OPC UA traffic to prevent message flooding.

🧯 If You Can't Patch

Implement strict network access controls to limit OPC UA traffic to trusted sources only.
Deploy intrusion prevention systems (IPS) with DoS protection capabilities to monitor and block attack traffic.

🔍 How to Verify

Check if Vulnerable:

Check if OPC UA .NET Standard Stack version 1.04.368 is installed in your applications.

Check Version:

Check application dependencies or assembly version of OPC.UA.Core.dll

Verify Fix Applied:

Verify OPC UA .NET Standard Stack version is 1.04.369 or later and test server stability under normal load.

📡 Detection & Monitoring

Log Indicators:

Unusually high message rates
Server crash/restart events
Memory exhaustion warnings

Network Indicators:

High volume of OPC UA messages from single source
Abnormal traffic patterns to OPC UA ports (typically 4840)

SIEM Query:

source="OPC_UA_Server" AND (event_type="crash" OR memory_usage>90%)

📊 Metadata

CVE ID: CVE-2022-29864

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-400

Published: June 16, 2022

Last Updated: November 21, 2024

🔗 References

https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2022-29864.pdf Patch,Vendor Advisory
https://opcfoundation.org/security/ Vendor Advisory
https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2022-29864.pdf Patch,Vendor Advisory
https://opcfoundation.org/security/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-29864, you might also want to check these: