{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T16:53:59.498","vulnerabilities":[{"cve":{"id":"CVE-2020-8867","sourceIdentifier":"zdi-disclosures@trendmicro.com","published":"2020-04-22T21:15:14.090","lastModified":"2024-11-21T05:39:36.053","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard 1.04.358.30. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of sessions. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to create a denial-of-service condition against the application. Was ZDI-CAN-10295."},{"lang":"es","value":"Esta vulnerabilidad permite a atacantes remotos crear una condición de denegación de servicio sobre las instalaciones afectadas de OPC Foundation UA ??.NET Standard versión 1.04.358.30. No es requerida una autenticación para explotar esta vulnerabilidad. El fallo específico existe dentro del manejo de las sesiones. El problema resulta de la falta de un bloqueo apropiado al realizar operaciones sobre un objeto. Un atacante puede aprovechar esta vulnerabilidad para crear una condición de denegación de servicio contra la aplicación. Fue ZDI-CAN-10295."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV30":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","description":[{"lang":"en","value":"CWE-367"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-613"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:opcfoundation:unified_architecture_.net-standard:*:*:*:*:*:*:*:*","versionEndIncluding":"1.04.358.30","matchCriteriaId":"777516A6-5857-48CF-B36C-EFA0E8935EF5"}]}]}],"references":[{"url":"https://opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2020-8867.pdf","source":"zdi-disclosures@trendmicro.com","tags":["Vendor Advisory"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-536/","source":"zdi-disclosures@trendmicro.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2020-8867.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-536/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}}]}