CVE-2018-12087

{"id": "CVE-2018-12087", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 5.3, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 0.9}]}, "published": "2018-10-03T18:29:00.243", "references": [{"url": "https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2018-12087.pdf", "tags": ["Mitigation", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2018-12087.pdf", "tags": ["Mitigation", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-295"}]}], "descriptions": [{"lang": "en", "value": "Failure to validate certificates in OPC Foundation UA Client Applications communicating without security allows attackers with control over a piece of network infrastructure to decrypt passwords."}, {"lang": "es", "value": "El error a la hora de validar certificados en OPC Foundation UA Client Applications que se comunican sin seguridad permite que los atacantes con control sobre una parte de la infraestructura de red descifren contrase\u00f1as."}], "lastModified": "2024-11-21T03:44:34.093", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:opcfoundation:ua-.net-legacy:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B36749DC-5F30-43A8-B8F9-E7EC6DB98BA9", "versionStartIncluding": "1.03.342"}, {"criteria": "cpe:2.3:a:opcfoundation:ua-.netstandard:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3127B627-B197-42B9-AF21-5ED245AF43C8", "versionStartIncluding": "1.4.353.15"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}