Vulnerabilities > CVE-2018-7559 - Key Management Errors vulnerability in Opcfoundation Ua-.Net-Legacy and Ua-.Netstandard

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

high complexity

opcfoundation

CWE-320

NVD

Published: 2018-06-13

Updated: 2019-06-10

Summary

An issue was discovered in OPC UA .NET Standard Stack and Sample Code before GitHub commit 2018-04-12, and OPC UA .NET Legacy Stack and Sample Code before GitHub commit 2018-03-13. A vulnerability in OPC UA applications can allow a remote attacker to determine a Server's private key by sending carefully constructed bad UserIdentityTokens as part of an oracle attack.

Vulnerable Configurations

Part	Description	Count
Application	Opcfoundation Opcfoundation UA .Netstandard 1.03.350 Opcfoundation UA .Netstandard 1.03.350.6 Opcfoundation UA .Netstandard 1.03.351.7 Opcfoundation UA .Netstandard 1.03.352.10 Opcfoundation UA .Net Legacy 1.03.342	5

Common Weakness Enumeration (CWE)

CWE-320 - Key Management Errors

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References