CVE Details for CVE: CVE-2018-12086
Summary
Buffer overflow in OPC UA applications allows remote attackers to trigger a stack overflow with carefully structured requests.
| Timestamps | |
|---|---|
| Last major update | 24-08-2020 - 17:37 |
| Published | 14-09-2018 - 21:29 |
| Last modified | 24-08-2020 - 17:37 |
References
- https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2018-12086.pdf
- http://www.securityfocus.com/bid/105538
- http://www.securitytracker.com/id/1041909
- https://www.debian.org/security/2018/dsa-4359
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html
Vulnerable Configurations
-
cpe:2.3:a:opcfoundation:unified_architecture-java:1.02.337.8:*:*:*:*:*:*:*
cpe:2.3:a:opcfoundation:unified_architecture-java:1.02.337.8:*:*:*:*:*:*:*
-
cpe:2.3:a:opcfoundation:unified_architecture-java:1.03.340.0:*:*:*:*:*:*:*
cpe:2.3:a:opcfoundation:unified_architecture-java:1.03.340.0:*:*:*:*:*:*:*
-
cpe:2.3:a:opcfoundation:unified_architecture-java:1.03.342.0:*:*:*:*:*:*:*
cpe:2.3:a:opcfoundation:unified_architecture-java:1.03.342.0:*:*:*:*:*:*:*
-
cpe:2.3:a:opcfoundation:unified_architecture-java:1.3.343:*:*:*:*:*:*:*
cpe:2.3:a:opcfoundation:unified_architecture-java:1.3.343:*:*:*:*:*:*:*
-
cpe:2.3:a:opcfoundation:unified_architecture-.net-legacy:1.02.336:*:*:*:*:*:*:*
cpe:2.3:a:opcfoundation:unified_architecture-.net-legacy:1.02.336:*:*:*:*:*:*:*
-
cpe:2.3:a:opcfoundation:unified_architecture-.net-legacy:1.03.340:*:*:*:*:*:*:*
cpe:2.3:a:opcfoundation:unified_architecture-.net-legacy:1.03.340:*:*:*:*:*:*:*
-
cpe:2.3:a:opcfoundation:unified_architecture-.net-legacy:1.03.341:*:*:*:*:*:*:*
cpe:2.3:a:opcfoundation:unified_architecture-.net-legacy:1.03.341:*:*:*:*:*:*:*
-
cpe:2.3:a:opcfoundation:unified_architecture-.net-legacy:1.03.342:*:*:*:*:*:*:*
cpe:2.3:a:opcfoundation:unified_architecture-.net-legacy:1.03.342:*:*:*:*:*:*:*
-
cpe:2.3:a:opcfoundation:unified_architecture_ansic:1.03.340:*:*:*:*:*:*:*
cpe:2.3:a:opcfoundation:unified_architecture_ansic:1.03.340:*:*:*:*:*:*:*
-
cpe:2.3:a:opcfoundation:unified_architecture_.net-standard:1.03.350:*:*:*:*:*:*:*
cpe:2.3:a:opcfoundation:unified_architecture_.net-standard:1.03.350:*:*:*:*:*:*:*
-
cpe:2.3:a:opcfoundation:unified_architecture_.net-standard:1.03.350.6:*:*:*:*:*:*:*
cpe:2.3:a:opcfoundation:unified_architecture_.net-standard:1.03.350.6:*:*:*:*:*:*:*
-
cpe:2.3:a:opcfoundation:unified_architecture_.net-standard:1.03.351.7:*:*:*:*:*:*:*
cpe:2.3:a:opcfoundation:unified_architecture_.net-standard:1.03.351.7:*:*:*:*:*:*:*
-
cpe:2.3:a:opcfoundation:unified_architecture_.net-standard:1.03.352.10:*:*:*:*:*:*:*
cpe:2.3:a:opcfoundation:unified_architecture_.net-standard:1.03.352.10:*:*:*:*:*:*:*
-
cpe:2.3:a:opcfoundation:unified_architecture_.net-standard:1.03.352.12:*:*:*:*:*:*:*
cpe:2.3:a:opcfoundation:unified_architecture_.net-standard:1.03.352.12:*:*:*:*:*:*:*
-
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
CWE
CVSS
Base
5.0
Impact
2.9
Exploitability
10.0
Access
| Vector | Complexity | Authentication |
|---|---|---|
| NETWORK | LOW | NONE |
Impact
| Confidentiality | Integrity | Availability |
|---|---|---|
| NONE | NONE | PARTIAL |
CVSS3
Base
7.5
Impact
3.6
Exploitability
3.9
Access
| Attack Complexity | Attack vector | Privileges Required | Scope | User Interaction |
|---|---|---|---|---|
| LOW | NETWORK | NONE | UNCHANGED | NONE |
Impact
| Confidentiality | Integrity | Availability |
|---|---|---|
| NONE | NONE | HIGH |
VIA4 references
cvss-vector
via4
cvss3-vector
via4
refmap
via4
| bid | 105538 |
| confirm | https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2018-12086.pdf |
| debian | DSA-4359 |
| sectrack | 1041909 |
| suse | openSUSE-SU-2020:0362 |