Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1tand3LTkzNG0taDRqd80XiQ
Improper Certificate Validation in OPCFoundation.NetStandard.Opc.Ua.Core
A Privilege Elevation vulnerability in OPC UA .NET Standard Stack 1.4.363.107 allows attackers to establish a connection using invalid certificates.
Permalink: https://github.com/advisories/GHSA-mjww-934m-h4jwJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tand3LTkzNG0taDRqd80XiQ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: about 1 year ago
CVSS Score: 4.4
CVSS vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Identifiers: GHSA-mjww-934m-h4jw, CVE-2020-29457
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-29457
- https://github.com/OPCFoundation/UA-.NETStandard/pull/1229
- https://github.com/OPCFoundation/UA-.NETStandard/pull/1229/commits/d815cfb972bd668c1b6e461f6ff97519d6b26f25
- https://opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2020-29457.pdf
- https://www.nuget.org/packages/OPCFoundation.NetStandard.Opc.Ua/
- https://github.com/advisories/GHSA-mjww-934m-h4jw
Blast Radius: 1.0
Affected Packages
nuget:OPCFoundation.NetStandard.Opc.Ua.Core
Dependent packages: 0Dependent repositories: 0
Downloads: 2,453,265 total
Affected Version Ranges: <= 1.4.365.2
Fixed in: 1.4.365.10
All affected versions: 0.0.3, 0.0.6, 0.0.7, 0.0.8, 0.0.9, 0.1.0, 0.1.1, 0.1.2, 0.1.3, 0.1.5, 0.1.6, 0.1.7, 0.1.8, 0.1.9, 0.2.0, 0.2.1, 0.2.2, 0.2.3, 0.2.4, 1.4.36-3.104-preview, 1.4.36-3.107, 1.4.36-4.40, 1.4.36-5.2
All unaffected versions: