Incorrect Implementation of Authentication Algorithm in OPCFoundation.NetStandard.Opc.Ua.Core

2022-06-1721:44:39

Google

osv.dev

0.004 Low

EPSS

Percentile

73.8%

JSON

A vulnerability was discovered in the OPC UA .NET Standard Stack that

allows a malicious client or server to bypass the application authentication mechanism
and allow a connection to an untrusted peer.

CPENameOperatorVersion
opcfoundation.netstandard.opc.ua.coreeq0.1.2
opcfoundation.netstandard.opc.ua.coreeq0.0.9
opcfoundation.netstandard.opc.ua.coreeq0.2.4
opcfoundation.netstandard.opc.ua.coreeq0.1.7
opcfoundation.netstandard.opc.ua.coreeq0.1.1
opcfoundation.netstandard.opc.ua.coreeq1.4.363.107
opcfoundation.netstandard.opc.ua.coreeq0.2.2
opcfoundation.netstandard.opc.ua.coreeq0.0.8
opcfoundation.netstandard.opc.ua.coreeq1.4.367.41
opcfoundation.netstandard.opc.ua.coreeq1.4.365.10

Name	Operator	Version
opcfoundation.netstandard.opc.ua.core	eq	0.1.2
opcfoundation.netstandard.opc.ua.core	eq	0.0.9
opcfoundation.netstandard.opc.ua.core	eq	0.2.4
opcfoundation.netstandard.opc.ua.core	eq	0.1.7
opcfoundation.netstandard.opc.ua.core	eq	0.1.1
opcfoundation.netstandard.opc.ua.core	eq	1.4.363.107
opcfoundation.netstandard.opc.ua.core	eq	0.2.2
opcfoundation.netstandard.opc.ua.core	eq	0.0.8
opcfoundation.netstandard.opc.ua.core	eq	1.4.367.41
opcfoundation.netstandard.opc.ua.core	eq	1.4.365.10