GHSA-7wwr-h8cm-9jf7: Duplicate Advisory: Authentication Bypass by Spoofing in OPC UA .NET Standard Stack

February 10, 2025 (updated March 3, 2025)

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-4rcc-7pg7-f57f. This link is maintained to preserve external references.

Original Description

Vulnerability in the OPC UA .NET Standard Stack before 1.5.374.158 allows an unauthorized attacker to bypass application authentication when using HTTPS endpoints.

References

files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2024-42513.pdf
github.com/OPCFoundation/UA-.NETStandard
github.com/OPCFoundation/UA-.NETStandard/tree/1.5.374.158
github.com/advisories/GHSA-7wwr-h8cm-9jf7
nvd.nist.gov/vuln/detail/CVE-2024-42513

Code Behaviors & Features

Detect and mitigate GHSA-7wwr-h8cm-9jf7 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →