PT-2025-6085 · Unknown · Opc Ua .Net Standard Stack

Published

2025-02-09

Updated

2025-03-03

CVE-2024-42512

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:P/A:P

Name of the Vulnerable Software and Affected Versions OPC UA .NET Standard Stack versions prior to 1.5.374.158

Description The issue allows an unauthorized attacker to bypass application authentication when the deprecated Basic128Rsa15 security policy is enabled.

Recommendations For versions prior to 1.5.374.158, update to version 1.5.374.158 or later to resolve the issue. As a temporary workaround, consider disabling the deprecated Basic128Rsa15 security policy until a patch is available. Restrict access to the application when the Basic128Rsa15 security policy is enabled to minimize the risk of exploitation.

Fix

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-639CWE-208

Related Identifiers

BDU:2025-14725

CVE-2024-42512

GHSA-H958-FXGG-G7W3

GHSA-QV5F-57GW-VX3H

Affected Products

Opc Ua .Net Standard Stack

PT-2025-6085 · Unknown · Opc Ua .Net Standard Stack

CVE-2024-42512

Weakness Enumeration

Related Identifiers

Affected Products

References · 13