See 4.3.9 for a description of this threat.

OPC UA counters Session hijacking by assigning a security context (i.e. Secure Channel) with each Session as specified in the CreateSession Service in OPC 10000-4. Hijacking a Session would thus first require compromising the security context.