Description
Check for certificate revocation only considers the first matching CRL and ignores other valid CRLs of the same CA in the CycloneCrypto cryptographic wrapper of S2OPC library. It might allow connection between an OPC UA client and server using a revoked certificate.
Published: 2026-06-09
Score: 5.6 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The S2OPC library performs a certificate revocation check but only evaluates the first matching Certificate Revocation List (CRL) it encounters. If multiple CRLs exist for the same Certificate Authority (CA), the remainder are disregarded, allowing a connection to be established with a certificate that has been revoked. This flaw enables an attacker to bypass authentication by presenting a revoked certificate, potentially gaining unauthorized access to OPC UA servers and compromising confidentiality and integrity of the communication.

Affected Systems

Systerel S2OPC library for all versions before commit 3ff81301d95a77260e9deb791585a620c5623028 and before release 1.7.2

Risk and Exploitability

The moderate CVSS rating indicates that, while the flaw does not provide immediate remote code execution, it enables attackers to connect using revoked certificates, which can be leveraged to impersonate legitimate clients or tamper with OPC UA communication. The absence of an EPSS score limits precise assessment, but the flaw is not publicly reported as a known exploit and is not in the KEV catalog, and an attacker would need to control a revoked certificate or manipulate CRL distribution to succeed. Because the vulnerability is purely a validation bypass, it is more likely to be used by insiders or network attackers who can supply certificates rather than by remote attackers over the public internet, and proper mitigation relies on applying the vendor‑supplied patch or configuration changes to include multiple CRL handling.

Generated by OpenCVE AI on June 9, 2026 at 09:50 UTC.

Remediation

Vendor Solution

Use MbedTLS cryptographic wrapper, or upgrade S2OPC to commit 3ff81301d95a77260e9deb791585a620c5623028 or release version > 1.7.2

OpenCVE Recommended Actions

  • Upgrade S2OPC to commit 3ff81301d95a77260e9deb791585a620c5623028 or any release newer than 1.7.2
  • Switch to the MbedTLS cryptographic wrapper as an alternative solution
  • Configure the application to enforce processing of all valid CRLs for the relevant certificate authority

Generated by OpenCVE AI on June 9, 2026 at 09:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Systerel
Systerel s2opc
Vendors & Products Systerel
Systerel s2opc

Tue, 09 Jun 2026 08:45:00 +0000

Type Values Removed Values Added
Description Check for certificate revocation only considers the first matching CRL and ignores other valid CRLs of the same CA in the CycloneCrypto cryptographic wrapper of S2OPC library. It might allow connection between an OPC UA client and server using a revoked certificate.
Title Improper Check for Certificate Revocation in S2OPC
Weaknesses CWE-299
References
Metrics cvssV3_1

{'score': 5.6, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L'}

Subscriptions

Systerel S2opc
cve-icon MITRE

Status: PUBLISHED

Assigner: GitLab

Published:

Updated: 2026-06-09T14:25:59.888Z

Reserved: 2026-04-23T07:01:03.918Z

Link: CVE-2026-6899

cve-icon Vulnrichment

Updated: 2026-06-09T14:25:52.844Z

cve-icon NVD

Status : Deferred

Published: 2026-06-09T09:16:30.737

Modified: 2026-06-09T15:25:56.860

Link: CVE-2026-6899

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T10:00:07Z

Weaknesses