GCVE - cpe:2.3:a:opcfoundation:ua-.net-legacy:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:opcfoundation:ua-.net-legacy:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Opcfoundation (`41e23661-53d2-5c84-825f-c0671d15a20c`)
Product	Ua .Net Legacy (`0f25c462-9150-542c-bb28-a506355d1d91`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/opcfoundation/ua-.net-legacy`	purl2cpe	2026-06-01 10:12:21.082588

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2018-7559`	vulnerable	2026-06-08 05:12:03.865698	Details available An issue was discovered in OPC UA .NET Standard Stack and Sample Code before GitHub commit 2018-04-12, and OPC UA .NET Legacy Stack and Sample Code before GitHub commit 2018-03-13. A vulnerability in OPC UA applications can allow a remote attacker to determine a Server's private key by sending carefully constructed bad UserIdentityTokens as part of an oracle attack. Published: 2018-06-13T18:00:00.000Z Updated: 2024-08-05T06:31:04.545Z Open on db.gcve.eu Reference links https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2018-7559.pdf https://github.com/OPCFoundation/UA-.NETStandard/commit/ebcf026a54dd0c9052cff009d96d827ac923d150 https://github.com/OPCFoundation/UA-.NET-Legacy/commit/e2a781b38efb8686d2bd850c2f2372b5c670bc45 http://www.securityfocus.com/bid/108688	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-12585`	vulnerable	2026-06-08 05:10:41.791173	Details available An XXE vulnerability in the OPC UA Java and .NET Legacy Stack can allow remote attackers to trigger a denial of service. Published: 2018-09-14T21:00:00.000Z Updated: 2024-08-05T08:38:06.330Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/105538 https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2018-12585.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-12087`	vulnerable	2026-06-08 05:10:39.812022	Details available Failure to validate certificates in OPC Foundation UA Client Applications communicating without security allows attackers with control over a piece of network infrastructure to decrypt passwords. Published: 2018-10-03T18:00:00.000Z Updated: 2024-08-05T08:24:03.775Z Open on db.gcve.eu Reference links https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2018-12087.pdf	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.