See 4.3.12 for a description of this threat.

OPC UA Client can counter a rogue Discovery Server, by only connecting to Servers that are trusted. This protects the Client against malicious Server. The use of a GDS can also mitigate the effect of a compromised Local Discovery Server.

A GDS, that aggregates information from Local Discovery Servers does not trust the input from the Local Discovery Servers, until it is confirmed. Confirmation can occur by the Server application registration for certificate services or other secure access to the GDS. It can also be confirmed by administrative personnel.