ICSA-21-133-04 · Published 2021-05-13 · View on CISA ICS-CERT ↗

OPC UA Products Built with the .NET Framework 4.5, 4.0, and 3.5

CVSS 7.2 HIGH

Risk Summary

Successful exploitation of this vulnerability could allow an unauthenticated attacker to read any file on the file system.

CVE-2021-27434

Unified Automation has released software (login required) to address the .NET Framework vulnerabilities. OPC Foundation recommends users deploying OPC UA .NET products built against the .NET 4.5, 4.0, and 3.5 Frameworks should contact the product supplier to determine if an update is needed. Users should also consider upgrading to a version of the product using .NET 4.5.2 Framework or later. It is recommended users avoid using the end-of-life version of the .NET Framework due to the risk of unpatched vulnerabilities.

Unified Automation GmbH

Unified Automation GmbH · Unified Automation .NET based OPC UA Client/Server SDK Bundle <= 3.0.7 (.NET 4.5 4.0 and 3.5 Framework versions only)

Multiple

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.