Description
In OPC Foundation OPC UA .NET Standard codebase 1.4.357.28, servers do not create sufficiently random numbers in OPCFoundation.NetStandard.Opc.Ua before 1.4.359.31, which allows man in the middle attackers to reuse encrypted user credentials sent over the network.
Remediation
References
https://opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2019-19135.pdf
https://opcfoundation.org/security-bulletins/
Related Vulnerabilities
CVE-2018-1000067 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2023-46658 Vulnerability in maven package io.jenkins.plugins:teams-webhook-trigger
CVE-2021-26539 Vulnerability in npm package sanitize-html
CVE-2022-0868 Vulnerability in npm package urijs
CVE-2021-23337 Vulnerability in maven package org.webjars:lodash