CVE-2018-12087

Published: Oct 3, 2018Modified: Nov 21, 2024

5.3

Vector

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Exploitability: 0.9 / Impact: 4.0

Source: NVD

Description

Failure to validate certificates in OPC Foundation UA Client Applications communicating without security allows attackers with control over a piece of network infrastructure to decrypt passwords.

Affected (2)

Products: Opcfoundation: Ua .net Legacy, Ua .netstandard

Opcfoundation

2 products

Ua .net Legacy

Ua .netstandard

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Opcfoundation Ua .net Legacy	From 1.03.342
Opcfoundation Ua .netstandard	From 1.4.353.15

Related CWEs

CWE-295

Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

References (2)

https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2018-12087.pdf

Source: cve@mitre.org

MitigationVendor Advisory

https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2018-12087.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationVendor Advisory

Timeline

No history available yet.