CVE-2018-12086

HIGH

OPC UA .NET Legacy < 1.03.342 - Out-of-bounds Write via Crafted Requests

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-12086. PoCs published by kevinherron.

AI-analyzed exploit summary This PoC demonstrates a stack overflow vulnerability in OPC UA stacks by sending a crafted GetEndpointsRequest with an oversized additional header. It targets the OPC UA protocol implementation, specifically exploiting improper handling of large headers during request decoding.

Description

Buffer overflow in OPC UA applications allows remote attackers to trigger a stack overflow with carefully structured requests.

Exploits (1)

nomisec WORKING POC

by kevinherron · poc

https://github.com/kevinherron/stack-overflow-poc

View Code ZIP pw:eip

This PoC demonstrates a stack overflow vulnerability in OPC UA stacks by sending a crafted GetEndpointsRequest with an oversized additional header. It targets the OPC UA protocol implementation, specifically exploiting improper handling of large headers during request decoding.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: OPC UA stacks (e.g., Eclipse Milo, other vulnerable implementations)

No auth needed

Prerequisites: Network access to the OPC UA endpoint · Vulnerable OPC UA stack implementation

MITRE ATT&CK

T1499.004 - Application or System Exploitation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1041909

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/105538

Third Party Advisory vendor-advisory x_refsource_debian

https://www.debian.org/security/2018/dsa-4359

Vendor Advisory x_refsource_confirm

https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2018-12086.pdf

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html

Scores

CVSS v3 7.5

EPSS 0.2563

EPSS Percentile 96.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-787

Status published

Products (6)

debian/debian_linux 9.0

nuget/OPCFoundation.NetStandard.Opc.Ua 0 - 1.4.353.15NuGet

opcfoundation/unified_architecture-.net-legacy < 1.03.342

opcfoundation/unified_architecture-java < 1.03.343

opcfoundation/unified_architecture_.net-standard < 1.03.352.12

opcfoundation/unified_architecture_ansic < 1.03.340

Published Sep 14, 2018

Tracked Since Feb 18, 2026