CVE-2024-33862
📋 TL;DR
A memory exhaustion vulnerability in OPC Foundation's OPC UA .NET Standard library allows remote attackers to cause denial of service by sending excessive messages. This affects systems using vulnerable versions of OPCFoundation.NetStandard.Opc.Ua.Core for industrial communication. The vulnerability could disrupt OPC UA server operations in industrial control systems.
💻 Affected Systems
- OPCFoundation.NetStandard.Opc.Ua.Core
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete denial of service causing OPC UA server unavailability, potentially disrupting industrial processes and operations.
Likely Case
Service degradation or temporary unavailability of OPC UA communication channels, affecting data collection and control functions.
If Mitigated
Minimal impact with proper network segmentation and rate limiting in place.
🎯 Exploit Status
Exploitation requires sending excessive messages to trigger memory exhaustion, which is relatively simple to implement.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.05.374.54 and later
Vendor Advisory: https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2024-33862.pdf
Restart Required: Yes
Instructions:
1. Update NuGet package to version 1.05.374.54 or later. 2. Rebuild and redeploy affected applications. 3. Restart OPC UA services.
🔧 Temporary Workarounds
Network Rate Limiting
allImplement network-level rate limiting on OPC UA endpoints to prevent excessive message flooding.
Network Segmentation
allIsolate OPC UA systems from untrusted networks using firewalls and network segmentation.
🧯 If You Can't Patch
- Implement strict network access controls to limit which systems can communicate with OPC UA endpoints.
- Deploy intrusion detection/prevention systems to monitor for excessive message patterns.
🔍 How to Verify
Check if Vulnerable:
Check the version of OPCFoundation.NetStandard.Opc.Ua.Core NuGet package in your project. Versions below 1.05.374.54 are vulnerable.Check Version:
Check project's packages.config or .csproj file for PackageReference to OPCFoundation.NetStandard.Opc.Ua.CoreVerify Fix Applied:
Verify the package version is 1.05.374.54 or higher and test OPC UA functionality.📡 Detection & Monitoring
Log Indicators:
- Unusually high message rates
- Memory exhaustion warnings
- OPC UA service restarts
Network Indicators:
- High volume of OPC UA messages from single source
- Abnormal message patterns
SIEM Query:
source="opc-ua" AND (message_count > threshold OR memory_usage > threshold)