An attacker builds a malicious OPC UA Server or installs an unauthorized instance of a genuine OPC UA Server in a system. The rouge Server may attempt to masquerade as a legitimate UA Server or it may simply appear as a new Server in the system.

The OPC Client may disclose necessary information.

A rogue Server impacts all of the security objectives except Integrity and Non-Repudiation.

See 5.1.10 for the reconciliation of this threat.