Cryptographic issues in PLCNext AXC F 2152 - CVE-2018-7559
Published: June 6, 2019
Vulnerability identifier: #VU18692
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-7559
CWE-ID: CWE-310
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Phoenix Contact GmbH
Affected software:
PLCNext AXC F 2152
PLCNext AXC F 2152
Detailed vulnerability description
The vulnerability allows a remote attacker to decrypt passwords.
The vulnerability exists due to an error in OPC UA Server that allows an attacker to determine a Server's private key. A remote attacker can send especially constructed UserIdentityTokens, encrypted with the Basic128Rsa15 security policy as part of an oracle attack, and decrypt passwords even if they were encrypted with another security policy such as Basic256Sha256.
Vulnerability affects following PLCNext AXC F 2152 products:
- AXC F 2152: article number 2404267
- AXC F 2152: article number 1046568 (Starterkit)
How to mitigate CVE-2018-7559
Install updates from vendor's website.
Sources
- https://github.com/OPCFoundation/UA-.NET-Legacy/commit/e2a781b38efb8686d2bd850c2f2372b5c670bc45
- https://github.com/OPCFoundation/UA-.NETStandard/commit/ebcf026a54dd0c9052cff009d96d827ac923d150
- https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2018-7559.pdf