Description
Failure to validate certificates in OPC Foundation UA Client Applications communicating without security allows attackers with control over a piece of network infrastructure to decrypt passwords.
References (1)
Core 1
Core References
Mitigation, Vendor Advisory x_refsource_confirm
https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2018-12087.pdf
Scores
CVSS v3
5.3
EPSS
0.0003
EPSS Percentile
10.0%
Attack Vector
PHYSICAL
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Details
CWE
CWE-295
Status
published
Products (3)
nuget/OPCFoundation.NetStandard.Opc.Ua
0 - 1.4.353.15NuGet
opcfoundation/ua-.net-legacy
1.03.342
opcfoundation/ua-.netstandard
1.4.353.15
Published
Oct 03, 2018
Tracked Since
Feb 18, 2026