exploitDog

CVE-2020-29457

Опубликовано: 16 фев. 2021

Источник: nvd

CVSS3: 4.4

CVSS2: 2.1

EPSS Низкий

Описание

A Privilege Elevation vulnerability in OPC UA .NET Standard Stack 1.4.363.107 could allow a rogue application to establish a secure connection.

Ссылки

https://github.com/OPCFoundation/UA-.NETStandard
Third Party Advisory
https://opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2020-29457.pdf
Patch
Vendor Advisory
https://www.nuget.org/packages/OPCFoundation.NetStandard.Opc.Ua/
Product
Third Party Advisory
https://github.com/OPCFoundation/UA-.NETStandard
Third Party Advisory
https://opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2020-29457.pdf
Patch
Vendor Advisory
https://www.nuget.org/packages/OPCFoundation.NetStandard.Opc.Ua/
Product
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:opcfoundation:ua-.netstandard:*:*:*:*:*:*:*:*

Версия до 1.4.365.10 (исключая)

EPSS

Процентиль: 33%

0.00132

Низкий

4.4 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-295

Связанные уязвимости

GHSA-mjww-934m-h4jw

CVSS3: 4.4

github

около 4 лет назад

Improper Certificate Validation in OPCFoundation.NetStandard.Opc.Ua.Core

EPSS

Процентиль: 33%

0.00132

Низкий

4.4 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-295