Description

In OPC Foundation OPC UA .NET Standard codebase 1.4.357.28, servers do not create sufficiently random numbers in OPCFoundation.NetStandard.Opc.Ua before 1.4.359.31, which allows man in the middle attackers to reuse encrypted user credentials sent over the network.

Remediation

References

https://opcfoundation.org/security-bulletins/

https://opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2019-19135.pdf

Related Vulnerabilities

CVE-2012-2379 Vulnerability in maven package org.apache.cxf:cxf-bundle

CVE-2020-1942 Vulnerability in maven package org.apache.nifi:nifi-framework

CVE-2018-11537 Vulnerability in maven package org.webjars.npm:angular-jwt

CVE-2019-16546 Vulnerability in maven package org.jenkins-ci.plugins:google-compute-engine

CVE-2023-29216 Vulnerability in maven package org.apache.linkis:linkis-common

Severity

High

Classification

CWE-330 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Vendor Advisory Patch