See 4.3.6for a description of this threat.
OPC UA uses SessionIds, SecureChannelIds, Timestamps, sequence numbers and RequestIdsfor every request and response Message. Messages are signed and cannot be changed without detection therefore it would be very hard to replay a Message, such that the Messagewould have a valid Session ID, Secure ChannelID, Timestamp, Sequence Numbers and Request ID. (All of which are specified in OPC 10000-4and OPC 10000-6). The establishment of a secure channel / Sessionincludes the same signature, timestamps and sequence number that are part of all messages and thus cannot be replayed.
OPC UA PubSubuses PublishId, DataSetId, and can use Timestamps, network message numbers, sequence numbers for published messages. Messagescan be signed and cannot be changed without detection therefore it would be very hard to replay a message that has all of the fields enabled. It is worth noting that PubSubdoes allow the disabling of fields in a message. The disabling of the Timestamp, network message number and sequence number, would allow replay attacks. If a replay attack is of concern in a CSMS, then these field should be enabled.