PT-2018-3556 · Opc Foundation · Opc Ua .Net Legacy Stack+1
Published
2018-06-13
·
Updated
2019-06-10
·
CVE-2018-7559
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
OPC UA .NET Standard Stack and Sample Code versions before GitHub commit 2018-04-12
OPC UA .NET Legacy Stack and Sample Code versions before GitHub commit 2018-03-13
Description:
A vulnerability in OPC UA applications allows a remote attacker to determine a Server's private key by sending carefully constructed bad
UserIdentityTokens as part of an oracle attack. The issue is related to errors in managing cryptographic keys, which can allow an attacker to disclose protected information.Recommendations:
For OPC UA .NET Standard Stack and Sample Code versions before GitHub commit 2018-04-12, update to a version after GitHub commit 2018-04-12 to resolve the issue.
For OPC UA .NET Legacy Stack and Sample Code versions before GitHub commit 2018-03-13, update to a version after GitHub commit 2018-03-13 to resolve the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Opc Ua .Net Legacy Stack
Opc Ua .Net Standard Stack