CVE-2019-19135

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-19135

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-19135.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2019-19135

Aliases

GHSA-pq4w-qm9g-qx68

Published

2020-03-16T16:15:11Z

Modified

2024-10-12T04:42:51.638834Z

Severity

7.4 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

In OPC Foundation OPC UA .NET Standard codebase 1.4.357.28, servers do not create sufficiently random numbers in OPCFoundation.NetStandard.Opc.Ua before 1.4.359.31, which allows man in the middle attackers to reuse encrypted user credentials sent over the network.

References

Affected packages

Git / github.com/opcfoundation/ua-.netstandard

Affected ranges

Type: GIT
Repo: https://github.com/opcfoundation/ua-.netstandard
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

3e640bf70205915eb179b4f05a86c97c029c4193

Affected versions

1.*

1.03.350

1.03.350.6

1.03.351.7

1.03.352.10

1.04.353.15

1.04.354.21

1.04.354.23

1.4.355.26

1.4.356.27

1.4.357.28

1.4.358.30