Vulnerability Details CVE-2018-12086
Buffer overflow in OPC UA applications allows remote attackers to trigger a stack overflow with carefully structured requests.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.284
EPSS Ranking 96.3%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html
- http://www.securityfocus.com/bid/105538
- http://www.securitytracker.com/id/1041909
- https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2018-12086.pdf
- https://www.debian.org/security/2018/dsa-4359
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html
- http://www.securityfocus.com/bid/105538
- http://www.securitytracker.com/id/1041909
- https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2018-12086.pdf
- https://www.debian.org/security/2018/dsa-4359
Products affected by CVE-2018-12086
-
cpe:2.3:a:opcfoundation:unified_architecture-.net-legacy:1.02.336
-
cpe:2.3:a:opcfoundation:unified_architecture-.net-legacy:1.03.340
-
cpe:2.3:a:opcfoundation:unified_architecture-.net-legacy:1.03.341
-
cpe:2.3:a:opcfoundation:unified_architecture-.net-legacy:1.03.342
-
cpe:2.3:a:opcfoundation:unified_architecture-java:1.02.337.8
-
cpe:2.3:a:opcfoundation:unified_architecture-java:1.03.340.0
-
cpe:2.3:a:opcfoundation:unified_architecture-java:1.03.342.0
-
cpe:2.3:a:opcfoundation:unified_architecture-java:1.3.343
-
cpe:2.3:a:opcfoundation:unified_architecture_.net-standard:1.03.350
-
cpe:2.3:a:opcfoundation:unified_architecture_.net-standard:1.03.350.6
-
cpe:2.3:a:opcfoundation:unified_architecture_.net-standard:1.03.351.7
-
cpe:2.3:a:opcfoundation:unified_architecture_.net-standard:1.03.352.10
-
cpe:2.3:a:opcfoundation:unified_architecture_.net-standard:1.03.352.12
-
cpe:2.3:a:opcfoundation:unified_architecture_ansic:1.03.340
-
cpe:2.3:o:debian:debian_linux:9.0