CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0CVE-2018-12585
https://notcve.org/view.php?id=CVE-2018-12585
14 Sep 2018 — An XXE vulnerability in the OPC UA Java and .NET Legacy Stack can allow remote attackers to trigger a denial of service. Una vulnerabilidad XEE (XML External Entity) en la pila OPC UA Java y .NET Legacy puede permitir que atacantes remotos desencadenen una denegación de servicio (DoS). • http://www.securityfocus.com/bid/105538 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12070
https://notcve.org/view.php?id=CVE-2017-12070
14 Jun 2018 — Unsigned versions of the DLLs distributed by the OPC Foundation may be replaced with malicious code. Las versiones sin firmar de los DLL distribuidos por OPC Foundation podrían reemplazarse por código malicioso. • https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2017-12070.pdf • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2018-7559
https://notcve.org/view.php?id=CVE-2018-7559
13 Jun 2018 — An issue was discovered in OPC UA .NET Standard Stack and Sample Code before GitHub commit 2018-04-12, and OPC UA .NET Legacy Stack and Sample Code before GitHub commit 2018-03-13. A vulnerability in OPC UA applications can allow a remote attacker to determine a Server's private key by sending carefully constructed bad UserIdentityTokens as part of an oracle attack. Se ha descubierto un problema en OPC UA .NET Standard Stack and Sample Code antes del commit de GitHub del 2018-04-12, así como OPC UA .NET Leg... • http://www.securityfocus.com/bid/108688 • CWE-320: Key Management Errors •