ICS OPC UA Unlimited Persistent Subscriptions Denial of Service (CVE-2022-24375) state 1-F/Flow

Rule ID

1238334

Severity

High

Description

The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False.

Impact

Denial of service

Recommendation

Update vendor's patch.

IPS Category

ICS threats

IPS Anomaly Group

N/A

IPS Rule Default Action

Deny

References

CVE-2022-24375

CVE-2022-25897

CVE-2022-24298

T0814

T0866

Keywords

N/A

Date Created

2026/05/04

Last Updated

2026/06/15