Vulnerabilities > CVE-2018-7559 - Key Management Errors vulnerability in Opcfoundation Ua-.Net-Legacy and Ua-.Netstandard

CVSS 3.5 - LOW

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

opcfoundation

CWE-320

NVD

Published: 2018-06-13

Updated: 2019-06-10

Summary

An issue was discovered in OPC UA .NET Standard Stack and Sample Code before GitHub commit 2018-04-12, and OPC UA .NET Legacy Stack and Sample Code before GitHub commit 2018-03-13. A vulnerability in OPC UA applications can allow a remote attacker to determine a Server's private key by sending carefully constructed bad UserIdentityTokens as part of an oracle attack.

Vulnerable Configurations

Part	Description	Count
Application	Opcfoundation Opcfoundation UA .Net Legacy 1.02.336 Opcfoundation UA .Net Legacy 1.03.340 Opcfoundation UA .Net Legacy 1.03.341 Opcfoundation UA .Net Legacy 1.03.342 Opcfoundation UA .Netstandard 1.03.350 Opcfoundation UA .Netstandard 1.03.350.6 Opcfoundation UA .Netstandard 1.03.351.7 Opcfoundation UA .Netstandard 1.03.352.10	8

Common Weakness Enumeration (CWE)

CWE-320 - Key Management Errors

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References