Improper Certificate Validation in opcfoundation.netstandard.opc.ua

Do your applications use this vulnerable package? Test your applications

Overview

OPCFoundation.NetStandard.Opc.Ua is a package that contains the OPC UA reference implementation and is targeting the .NET Standard Library.

Affected versions of this package are vulnerable to Improper Certificate Validation. A privilege escalation vulnerability allows attackers to establish a connection using invalid certificates.

Remediation

There is no fixed version for OPCFoundation.NetStandard.Opc.Ua.

References

OPC Foundation Security Advisory

Attack Vector

Network
Attack Complexity

Low
Privileges Required

Low
User Interaction

None
Scope

Unchanged
Confidentiality

High
Integrity

None
Availability

None

Credit: Unknown
CVE: CVE-2020-29457
CWE: CWE-295
Snyk ID: SNYK-DOTNET-OPCFOUNDATIONNETSTANDARDOPCUA-1075446
Disclosed: 17 Feb, 2021
Published: 17 Feb, 2021

Improper Certificate Validation
Affecting opcfoundation.netstandard.opc.ua package, versions [0,]

Overview

Remediation

References

CVSS Score

Improper Certificate Validation Affecting opcfoundation.netstandard.opc.ua package, versions [0,]

Overview

Remediation

References

Improper Certificate Validation
Affecting opcfoundation.netstandard.opc.ua package, versions [0,]