Description
In OPC Foundation OPC UA .NET Standard codebase 1.4.357.28, servers do not create sufficiently random numbers in OPCFoundation.NetStandard.Opc.Ua before 1.4.359.31, which allows man in the middle attackers to reuse encrypted user credentials sent over the network.
Remediation
References
https://opcfoundation.org/security-bulletins/
https://opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2019-19135.pdf
Related Vulnerabilities
CVE-2023-41080 Vulnerability in maven package org.apache.tomcat:tomcat
CVE-2022-45378 Vulnerability in maven package soap:soap
CVE-2017-5662 Vulnerability in maven package org.apache.xmlgraphics:batik-rasterizer
CVE-2019-1003093 Vulnerability in maven package org.jenkins-ci.plugins:nomad
CVE-2017-1000505 Vulnerability in maven package org.jenkins-ci.plugins:script-security