Description
In OPC Foundation OPC UA .NET Standard codebase 1.4.357.28, servers do not create sufficiently random numbers in OPCFoundation.NetStandard.Opc.Ua before 1.4.359.31, which allows man in the middle attackers to reuse encrypted user credentials sent over the network.
Remediation
References
https://opcfoundation.org/security-bulletins/
https://opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2019-19135.pdf
Related Vulnerabilities
CVE-2019-10170 Vulnerability in maven package org.keycloak:keycloak-services
CVE-2019-17571 Vulnerability in maven package log4j:log4j
CVE-2023-24452 Vulnerability in maven package org.jenkins-ci.plugins:testquality-updater
CVE-2022-34207 Vulnerability in maven package org.jenkins-ci.plugins:beaker-builder
CVE-2020-2162 Vulnerability in maven package org.jenkins-ci.main:jenkins-core