CVE-2019-19135
https://notcve.org/view.php?id=CVE-2019-19135
In OPC Foundation OPC UA .NET Standard codebase 1.4.357.28, servers do not create sufficiently random numbers in OPCFoundation.NetStandard.Opc.Ua before 1.4.359.31, which allows man in the middle attackers to reuse encrypted user credentials sent over the network. En las bases del código OPC Foundation OPC UA .NET Standard versiones 1.4.357.28, los servidores no crean suficientemente números aleatorios en OPCFoundation.NetStandard.Opc.Ua versiones anteriores a 1.4.359.31, lo que permite a atacantes de tipo man in the middle reutilizar las credenciales de usuario cifradas enviadas a través de la red. • https://opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2019-19135.pdf https://opcfoundation.org/security-bulletins • CWE-330: Use of Insufficiently Random Values •
CVE-2018-12087
https://notcve.org/view.php?id=CVE-2018-12087
Failure to validate certificates in OPC Foundation UA Client Applications communicating without security allows attackers with control over a piece of network infrastructure to decrypt passwords. El error a la hora de validar certificados en OPC Foundation UA Client Applications que se comunican sin seguridad permite que los atacantes con control sobre una parte de la infraestructura de red descifren contraseñas. • https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2018-12087.pdf • CWE-295: Improper Certificate Validation •
CVE-2018-12585
https://notcve.org/view.php?id=CVE-2018-12585
An XXE vulnerability in the OPC UA Java and .NET Legacy Stack can allow remote attackers to trigger a denial of service. Una vulnerabilidad XEE (XML External Entity) en la pila OPC UA Java y .NET Legacy puede permitir que atacantes remotos desencadenen una denegación de servicio (DoS). • http://www.securityfocus.com/bid/105538 https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2018-12585.pdf • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2018-12086
https://notcve.org/view.php?id=CVE-2018-12086
Buffer overflow in OPC UA applications allows remote attackers to trigger a stack overflow with carefully structured requests. Desbordamiento de búfer en las aplicaciones OPC UA permite que atacantes remotos desencadenen un desbordamiento de pila con peticiones cuidadosamente estructuradas. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html http://www.securityfocus.com/bid/105538 http://www.securitytracker.com/id/1041909 https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2018-12086.pdf https://www.debian.org/security/2018/dsa-4359 • CWE-787: Out-of-bounds Write •
CVE-2017-12070
https://notcve.org/view.php?id=CVE-2017-12070
Unsigned versions of the DLLs distributed by the OPC Foundation may be replaced with malicious code. Las versiones sin firmar de los DLL distribuidos por OPC Foundation podrían reemplazarse por código malicioso. • https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2017-12070.pdf • CWE-20: Improper Input Validation •