Lucene search

GitHub Advisory DatabaseGHSA-5Q2V-6J86-5H9V

HistoryJun 17, 2022 - 9:44 p.m.

Security Update for the OPC UA .NET Standard Stack

2022-06-1721:44:01

CWE-835

GitHub Advisory Database

github.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

54.3%

JSON

A vulnerability was discovered in OPC UA .NET Standard Stack that allows a malicious client or server to cause a peer to hang with a carefully crafted message sent during secure channel creation.

CPENameOperatorVersion
opcfoundation.netstandard.opc.ua.corele1.4.368.53

CPE	Name	Operator	Version
	opcfoundation.netstandard.opc.ua.core	le	1.4.368.53

References

files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2022-29862.pdf

github.com/advisories/GHSA-5q2v-6j86-5h9v

github.com/OPCFoundation/UA-.NETStandard/security/advisories/GHSA-5q2v-6j86-5h9v

nvd.nist.gov/vuln/detail/CVE-2022-29862

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

54.3%

JSON

Related for GHSA-5Q2V-6J86-5H9V