OPC UA Deep Dive Series (Part 7): Practical Denial of Service Attacks

In Part 7 of Team82's OPC UA Deep Dive Series, the authors detail denial-of-service attack concepts against OPC UA servers — specifically chunk flooding (CVE-2023-32787) and unlimited method-call/resource exhaustion (CVE-2023-27321) — describing how unbounded message chunks and unrestricted ConditionRefresh calls can exhaust memory and crash servers, the operational impacts on industrial environments, and that the findings were responsibly disclosed and patched.