PT-2018-3556 · Opc Foundation · Opc Ua .Net Legacy Stack+1
Publicado
2018-06-13
·
Atualizado
2019-06-10
·
CVE-2018-7559
CVSS v3.1
5.3
Média
| Vetor | AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
OPC UA .NET Standard Stack and Sample Code versions before GitHub commit 2018-04-12
OPC UA .NET Legacy Stack and Sample Code versions before GitHub commit 2018-03-13
Description:
A vulnerability in OPC UA applications allows a remote attacker to determine a Server's private key by sending carefully constructed bad
UserIdentityTokens as part of an oracle attack. The issue is related to errors in managing cryptographic keys, which can allow an attacker to disclose protected information.Recommendations:
For OPC UA .NET Standard Stack and Sample Code versions before GitHub commit 2018-04-12, update to a version after GitHub commit 2018-04-12 to resolve the issue.
For OPC UA .NET Legacy Stack and Sample Code versions before GitHub commit 2018-03-13, update to a version after GitHub commit 2018-03-13 to resolve the issue.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Opc Ua .Net Legacy Stack
Opc Ua .Net Standard Stack