CVE-2019-19135

Published: Mar 16, 2020Modified: Nov 21, 2024

7.4

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability: 2.2 / Impact: 5.2

Source: NVD

Description

In OPC Foundation OPC UA .NET Standard codebase 1.4.357.28, servers do not create sufficiently random numbers in OPCFoundation.NetStandard.Opc.Ua before 1.4.359.31, which allows man in the middle attackers to reuse encrypted user credentials sent over the network.

Affected (2)

Products: Opcfoundation: Netstandard.opc.ua, Ua .netstandard

2 products

Netstandard.opc.ua

Ua .netstandard

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Opcfoundation Netstandard.opc.ua	Before 1.4.359.31
Opcfoundation Ua .netstandard	Version 1.4.357.28

Related CWEs

Use of Insufficiently Random Values

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

References (4)

https://opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2019-19135.pdf

Source: cve@mitre.org

PatchVendor Advisory

https://opcfoundation.org/security-bulletins/

Source: cve@mitre.org

Vendor Advisory

https://opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2019-19135.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://opcfoundation.org/security-bulletins/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.