CVE-2018-7559
First published: Wed Jun 13 2018(Updated: )
An issue was discovered in OPC UA .NET Standard Stack and Sample Code before GitHub commit 2018-04-12, and OPC UA .NET Legacy Stack and Sample Code before GitHub commit 2018-03-13. A vulnerability in OPC UA applications can allow a remote attacker to determine a Server's private key by sending carefully constructed bad UserIdentityTokens as part of an oracle attack.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Opcfoundation Ua-.net-legacy | <=1.03.342 | |
| Opcfoundation Ua-.netstandard | <=1.03.352.10 |
Remedy
https://github.com/OPCFoundation/UA-.NET-Legacy/commit/e2a781b38efb8686d2bd850c2f2372b5c670bc45
Remedy
https://github.com/OPCFoundation/UA-.NETStandard/commit/ebcf026a54dd0c9052cff009d96d827ac923d150
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/108688
- https://github.com/OPCFoundation/UA-.NET-Legacy/commit/e2a781b38efb8686d2bd850c2f2372b5c670bc45
- https://github.com/OPCFoundation/UA-.NETStandard/commit/ebcf026a54dd0c9052cff009d96d827ac923d150
- https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2018-7559.pdf
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID is CVE-2018-7559.
What is the severity level of CVE-2018-7559?
The severity level of CVE-2018-7559 is medium (5.3).
What software is affected by CVE-2018-7559?
The OPC UA .NET Legacy Stack and Sample Code (up to version 1.03.342) and the OPC UA .NET Standard Stack and Sample Code (up to version 1.03.352.10) are affected by CVE-2018-7559.
How can an attacker exploit CVE-2018-7559?
An attacker can exploit CVE-2018-7559 by sending crafted messages to an OPC UA Server, allowing them to determine the Server's private key.
Are there any references for more information on CVE-2018-7559?
Yes, you can find more information on CVE-2018-7559 at the following references: [SecurityFocus](http://www.securityfocus.com/bid/108688), [GitHub commit for OPC UA .NET Legacy Stack and Sample Code](https://github.com/OPCFoundation/UA-.NET-Legacy/commit/e2a781b38efb8686d2bd850c2f2372b5c670bc45), [GitHub commit for OPC UA .NET Standard Stack and Sample Code](https://github.com/OPCFoundation/UA-.NETStandard/commit/ebcf026a54dd0c9052cff009d96d827ac923d150).
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/tags
- agent/event
- agent/description
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/opcfoundation
- canonical/opcfoundation ua-.net-legacy
- version/opcfoundation ua-.net-legacy/1.03.342
- canonical/opcfoundation ua-.netstandard
- version/opcfoundation ua-.netstandard/1.03.352.10