ID CVE-2018-12086
Summary Buffer overflow in OPC UA applications allows remote attackers to trigger a stack overflow with carefully structured requests.
References
Vulnerable Configurations
  • cpe:2.3:a:opcfoundation:unified_architecture-.net-legacy:1.02.336:*:*:*:*:*:*:*
    cpe:2.3:a:opcfoundation:unified_architecture-.net-legacy:1.02.336:*:*:*:*:*:*:*
  • cpe:2.3:a:opcfoundation:unified_architecture-.net-legacy:1.03.340:*:*:*:*:*:*:*
    cpe:2.3:a:opcfoundation:unified_architecture-.net-legacy:1.03.340:*:*:*:*:*:*:*
  • cpe:2.3:a:opcfoundation:unified_architecture-.net-legacy:1.03.341:*:*:*:*:*:*:*
    cpe:2.3:a:opcfoundation:unified_architecture-.net-legacy:1.03.341:*:*:*:*:*:*:*
  • cpe:2.3:a:opcfoundation:unified_architecture-.net-legacy:1.03.342:*:*:*:*:*:*:*
    cpe:2.3:a:opcfoundation:unified_architecture-.net-legacy:1.03.342:*:*:*:*:*:*:*
  • cpe:2.3:a:opcfoundation:unified_architecture-java:1.02.337.8:*:*:*:*:*:*:*
    cpe:2.3:a:opcfoundation:unified_architecture-java:1.02.337.8:*:*:*:*:*:*:*
  • cpe:2.3:a:opcfoundation:unified_architecture-java:1.03.340.0:*:*:*:*:*:*:*
    cpe:2.3:a:opcfoundation:unified_architecture-java:1.03.340.0:*:*:*:*:*:*:*
  • cpe:2.3:a:opcfoundation:unified_architecture-java:1.03.342.0:*:*:*:*:*:*:*
    cpe:2.3:a:opcfoundation:unified_architecture-java:1.03.342.0:*:*:*:*:*:*:*
  • cpe:2.3:a:opcfoundation:unified_architecture-java:1.3.343:*:*:*:*:*:*:*
    cpe:2.3:a:opcfoundation:unified_architecture-java:1.3.343:*:*:*:*:*:*:*
  • cpe:2.3:a:opcfoundation:unified_architecture_.net-standard:1.03.350:*:*:*:*:*:*:*
    cpe:2.3:a:opcfoundation:unified_architecture_.net-standard:1.03.350:*:*:*:*:*:*:*
  • cpe:2.3:a:opcfoundation:unified_architecture_.net-standard:1.03.350.6:*:*:*:*:*:*:*
    cpe:2.3:a:opcfoundation:unified_architecture_.net-standard:1.03.350.6:*:*:*:*:*:*:*
  • cpe:2.3:a:opcfoundation:unified_architecture_.net-standard:1.03.351.7:*:*:*:*:*:*:*
    cpe:2.3:a:opcfoundation:unified_architecture_.net-standard:1.03.351.7:*:*:*:*:*:*:*
  • cpe:2.3:a:opcfoundation:unified_architecture_.net-standard:1.03.352.10:*:*:*:*:*:*:*
    cpe:2.3:a:opcfoundation:unified_architecture_.net-standard:1.03.352.10:*:*:*:*:*:*:*
  • cpe:2.3:a:opcfoundation:unified_architecture_.net-standard:1.03.352.12:*:*:*:*:*:*:*
    cpe:2.3:a:opcfoundation:unified_architecture_.net-standard:1.03.352.12:*:*:*:*:*:*:*
  • cpe:2.3:a:opcfoundation:unified_architecture_ansic:1.03.340:*:*:*:*:*:*:*
    cpe:2.3:a:opcfoundation:unified_architecture_ansic:1.03.340:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 24-08-2020 - 17:37)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
bid 105538
confirm https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2018-12086.pdf
debian DSA-4359
sectrack 1041909
suse openSUSE-SU-2020:0362
Last major update 24-08-2020 - 17:37
Published 14-09-2018 - 21:29
Last modified 24-08-2020 - 17:37
Back to Top