4.4

CVE-2020-29457

A Privilege Elevation vulnerability in OPC UA .NET Standard Stack 1.4.363.107 could allow a rogue application to establish a secure connection.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpcfoundationUa-.Netstandard Version < 1.4.365.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.31% 0.226
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.4 0.8 3.6
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:N/I:P/A:N
CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

https://github.com/OPCFoundation/UA-.NETStandard
Third Party Advisory
https://opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2020-29457.pdf
Patch
Vendor Advisory
https://www.nuget.org/packages/OPCFoundation.NetStandard.Opc.Ua/
Third Party Advisory
Product