CVE-2020-29457

Name of the Vulnerable Software and Affected Versions: OPC UA .NET Standard Stack version 1.4.363.107

Description: A Privilege Elevation issue in the OPC UA .NET Standard Stack could allow a rogue application to establish a secure connection. This is achieved by allowing attackers to establish a connection using invalid certificates.

Recommendations: For OPC UA .NET Standard Stack version 1.4.363.107, consider disabling the establishment of secure connections using invalid certificates until a patch is available. Restrict access to the connection establishment module to minimize the risk of exploitation. Avoid using invalid certificates in the affected connection establishment process until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.