Improper Certificate Validation in OPCFoundation.NetStandard.Opc.Ua.Core · CVE-2020-29457 · GitHub Advisory Database · GitHub

Improper Certificate Validation in OPCFoundation.NetStandard.Opc.Ua.Core

Moderate severity GitHub Reviewed Published Nov 19, 2021 to the GitHub Advisory Database • Updated Jan 29, 2023

Package

OPCFoundation.NetStandard.Opc.Ua.Core (NuGet)

Affected versions

<= 1.4.365.2

Patched versions

1.4.365.10

Description

A Privilege Elevation vulnerability in OPC UA .NET Standard Stack 1.4.363.107 allows attackers to establish a connection using invalid certificates.

References

Published by the National Vulnerability Database

Feb 16, 2021

Reviewed May 7, 2021

Published to the GitHub Advisory Database Nov 19, 2021

Last updated Jan 29, 2023

Severity

Moderate

/ 10

CVSS v3 base metrics

Attack vector

Local

Attack complexity

Low

Privileges required

High

User interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N