OPC UA NET Standard Stack, Authentication Bypass, CVE-2025-XXXX (Moderate)

By /

The CVE-2025-XXXX vulnerability in the OPC UA .NET Standard Stack allows an unauthorized attacker to bypass application authentication when the deprecated Basic128Rsa15 security policy is enabled. This security policy, though disabled by default, can be manually activated in certain configurations. When enabled, the vulnerability permits an attacker to exploit weak cryptographic mechanisms in the Basic128Rsa15 policy, leading to unauthorized access to the OPC UA server. The patch released in version 1.5.374.158 addresses this by closing all channels using Basic128Rsa15 if an attack is detected, introducing a Denial of Service (DoS) as a protective measure. This ensures that no compromise occurs, though it may disrupt services temporarily. Applications are advised to discontinue the use of Basic128Rsa15 to avoid such scenarios.

DailyCVE Form:

Platform: OPC UA .NET Standard Stack

Version: < 1.5.374.158

Vulnerability: Authentication Bypass

Severity: Moderate

Date: Mar 3, 2025

What Undercode Say:

Exploitation:

  1. Attacker targets OPC UA servers with Basic128Rsa15 enabled.

2. Exploits weak cryptographic mechanisms to bypass authentication.

3. Gains unauthorized access to server resources.

Protection:

1. Update to patched version 1.5.374.158.

2. Disable Basic128Rsa15 security policy.

3. Use stronger security policies like Basic256Sha256.

Commands:

1. Check OPC UA server version:

Get-OPCUAVersion

2. Disable Basic128Rsa15:


Basic256Sha256

Code Snippet:

var server = new OpcUaServer();
server.SecurityPolicies.Disable("Basic128Rsa15");
server.SecurityPolicies.Enable("Basic256Sha256");

References:

  1. GitHub Advisory: OPCFoundation/UA-.NETStandard
  2. OPC UA Documentation: Security Policies
  3. CVE Details: CVE-2025-XXXX

Analytics:

  • Affected systems: OPC UA servers using .NET Standard Stack.
  • Risk level: Moderate due to default disabled policy.
  • Mitigation: Immediate update and policy adjustment.

Additional Notes:

  • Monitor server logs for unusual authentication attempts.
  • Regularly review and update security configurations.
  • Conduct penetration testing to ensure no vulnerabilities remain.

References:

Reported By: https://github.com/advisories/GHSA-h958-fxgg-g7w3
Extra Source Hub:
Undercode

Image Source:

Undercode AI DI v2Featured Image

Scroll to Top