Systerel

**Name of the Vulnerable Software and Affected Versions** S2OPC (affected versions not specified) **Description** Improper comparison with the certificates trusted list allows an attacker to provide a well-formed untrusted certificate that is incorrectly considered trusted. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** S2OPC library (affected versions not specified) **Description** The CycloneCrypto cryptographic wrapper within the S2OPC library contains a flaw where certificate revocation checks only consider the first matching Certificate Revocation List (CRL) and ignore other valid CRLs from the same Certificate Authority (CA). This behavior could allow an OPC UA client and server to establish a connection using a revoked certificate. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.