Miggo Logo
Miggo Vulnerability Database
GHSA-qv5f-57gw-vx3h

GHSA-qv5f-57gw-vx3h: Duplicate Advisory: Authorization Bypass in OPC UA .NET Standard Stack

8.6

CVSS Score
3.1

Basic Information

CVE ID
-
GHSA ID
GHSA-qv5f-57gw-vx3h
EPSS Score
-
CWE
CWE-208
Published
2/10/2025
Updated
3/3/2025
KEV Status
No
Technology
TechnologyC#

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
Package NameEcosystemVulnerable VersionsFirst Patched Version
OPCFoundation.NetStandard.Opc.Uanuget< 1.5.374.1581.5.374.158

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from the use of the deprecated Basic128Rsa15 security policy, which relies on RSA-PKCS1-v1.5. This padding scheme is known to have timing side-channels (CWE-208) and weak key validation (CWE-639). Functions responsible for selecting the security policy (e.g., GetSecurityPolicy) and performing RSA decryption (e.g., RsaUtils.Decrypt) are likely vulnerable. The confidence is medium because the exact code is unavailable, but the CWEs and vulnerability context strongly suggest these components.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

## *upli**t* **visory T*is **visory **s ***n wit**r*wn ****us* it is * *upli**t* o* **S*-****-*x**-**w*. T*is link is m*int*in** to pr*s*rv* *xt*rn*l r***r*n**s. ## Ori*in*l **s*ription Vuln*r**ility in t** OP* U* .N*T St*n**r* St**k ***or* *.*.***.

Reasoning

T** vuln*r**ility st*ms *rom t** us* o* t** **pr***t** **si****Rs*** s**urity poli*y, w*i** r*li*s on RS*-PK*S*-v*.*. T*is p***in* s***m* is known to **v* timin* si**-***nn*ls (*W*-***) *n* w**k k*y `v*li**tion` (*W*-***). *un*tions r*sponsi*l* *or s