An attacker can craft a variety of Messages with invalid Messagestructure (malformed XML, UA Binary, etc.) or data values, and send them to OPC UA Clients, Servers orSubscribers.

The OPC UA Client, Server orSubscribermay incorrectly handle certain malformed Messages by performing unauthorized operations or processing unnecessary information. It might result in a denial or degradation of service including termination of the application or, in the case of embedded devices, a complete crash. In a worst-case scenario an attacker could use malformed Messages as a pre-step for a multi-level attack to gain access to the underlying system of an OPC UA Application.

Malformed Messages impacts Integrityand Availability.

See 5.1.7for the reconciliation of this threat.