See 4.3.4for a description of this threat.

As specified in OPC 10000-4and OPC 10000-6, OPC UA counters Messagespoofing threats by providing the ability to sign Messages. Additionally, Messages will always contain a valid SessionId, SecureChannelId, RequestIdand Timestampas well as the correct sequence number. OPC UA when operating as part of a Session, restricts user spoofing in the same manner since the user information is provided as part of the Sessionestablishment. It is important that when a device starts up that the SessionIdthat is initially assigned to the first Sessionis a random number or a continuation of the last Sessionnumber used and is not always reset to 0 or a predictable number.

As specified in OPC 10000-14, OPC UA PubSubcounters Messagespoofing threats by providing the ability to sign messages. Messagescan also contain a valid PublisherId, DataSetClassId, timestamp information, network message number and sequence number, which further restricts Messagespoofing.