Description

In OPC Foundation OPC UA .NET Standard codebase 1.4.357.28, servers do not create sufficiently random numbers in OPCFoundation.NetStandard.Opc.Ua before 1.4.359.31, which allows man in the middle attackers to reuse encrypted user credentials sent over the network.

Remediation

References

https://opcfoundation.org/security-bulletins/

https://opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2019-19135.pdf

Related Vulnerabilities

CVE-2019-10447 Vulnerability in maven package io.jenkins.plugins:sofy-ai

CVE-2017-2650 Vulnerability in maven package cprice404:pipeline-classpath

CVE-2023-26136 Vulnerability in maven package org.webjars.npm:tough-cookie

CVE-2010-3863 Vulnerability in maven package org.apache.shiro:shiro-web

CVE-2016-3093 Vulnerability in maven package com.opensymphony:xwork-core

Severity

High

Classification

CWE-330 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Vendor Advisory Patch