Vulnerability in the OPC UA .NET Standard Stack before 1.5.374.158 allows an unauthorized attacker to bypass application authentication when the deprecated Basic128Rsa15 security policy is enabled.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Mon, 29 Sep 2025 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Opcfoundation
Opcfoundation ua .net Standard Stack
CPEs cpe:2.3:a:opcfoundation:ua_.net_standard_stack:*:*:*:*:*:*:*:*
Vendors & Products Opcfoundation
Opcfoundation ua .net Standard Stack

Tue, 11 Feb 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 10 Feb 2025 22:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-639

Mon, 10 Feb 2025 22:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-208

Mon, 10 Feb 2025 21:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-639
Metrics cvssV3_1

{'score': 8.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 10 Feb 2025 18:45:00 +0000

Type Values Removed Values Added
Description Vulnerability in the OPC UA .NET Standard Stack before 1.5.374.158 allows an unauthorized attacker to bypass application authentication when the deprecated Basic128Rsa15 security policy is enabled.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2025-02-11T15:11:37.776Z

Reserved: 2024-08-02T00:00:00.000Z

Link: CVE-2024-42512

cve-icon Vulnrichment

Updated: 2025-02-10T20:38:02.744Z

cve-icon NVD

Status : Analyzed

Published: 2025-02-10T19:15:37.910

Modified: 2025-09-29T18:13:38.653

Link: CVE-2024-42512

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.