CVE-2018-7559

Severity Score

5.3

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

An issue was discovered in OPC UA .NET Standard Stack and Sample Code before GitHub commit 2018-04-12, and OPC UA .NET Legacy Stack and Sample Code before GitHub commit 2018-03-13. A vulnerability in OPC UA applications can allow a remote attacker to determine a Server's private key by sending carefully constructed bad UserIdentityTokens as part of an oracle attack.

Se ha descubierto un problema en OPC UA .NET Standard Stack and Sample Code antes del commit de GitHub del 2018-04-12, así como OPC UA .NET Legacy Stack and Sample Code antes del commit de GitHub del 2018-03-13. Una vulnerabilidad en las aplicaciones de OPC UA puede permitir que un atacante remoto determine la clave privada de un servidor mediante el envío de UserIdentityTokens malos cuidadosamente construidos como parte de un ataque de oráculo.

*Credits: N/A

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Medium

Authentication

Single

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2018-02-28 CVE Reserved
2018-06-13 CVE Published
2023-11-04 EPSS Updated
2024-08-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-320: Key Management Errors

CAPEC

References (4)

URL	Tag	Source
http://www.securityfocus.com/bid/108688	Vdb Entry
https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2018-7559.pdf	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://github.com/OPCFoundation/UA-.NET-Legacy/commit/e2a781b38efb8686d2bd850c2f2372b5c670bc45	2019-06-10
https://github.com/OPCFoundation/UA-.NETStandard/commit/ebcf026a54dd0c9052cff009d96d827ac923d150	2019-06-10

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Opcfoundation Search vendor "Opcfoundation"		Ua-.net-legacy Search vendor "Opcfoundation" for product "Ua-.net-legacy"				<= 1.03.342 Search vendor "Opcfoundation" for product "Ua-.net-legacy" and version " <= 1.03.342"		-		Affected
Opcfoundation Search vendor "Opcfoundation"		Ua-.netstandard Search vendor "Opcfoundation" for product "Ua-.netstandard"				<= 1.03.352.10 Search vendor "Opcfoundation" for product "Ua-.netstandard" and version " <= 1.03.352.10"		-		Affected