CVE-2019-19135 – This vulnerability in OPC UA .NET Standard serv... (How to Fix)

Q: What is the severity of CVE-2019-19135?

CVE-2019-19135 has a CVSS score of 7.4 (HIGH). This vulnerability in OPC UA .NET Standard servers allows man-in-the-middle attackers to reuse encrypted user credentials due to insufficient randomness in number generation. It affects OPC UA servers using vulnerable versions of the OPCFoundation.NetStandard.Opc.Ua library. Attackers can potentially intercept and replay authentication data to gain unauthorized access.

📋 TL;DR

This vulnerability in OPC UA .NET Standard servers allows man-in-the-middle attackers to reuse encrypted user credentials due to insufficient randomness in number generation. It affects OPC UA servers using vulnerable versions of the OPCFoundation.NetStandard.Opc.Ua library. Attackers can potentially intercept and replay authentication data to gain unauthorized access.

💻 Affected Systems

Products:

OPC Foundation OPC UA .NET Standard

Versions: Versions before 1.4.359.31

Operating Systems: Windows, Linux, Any OS running .NET Standard

Default Config Vulnerable: ⚠️ Yes

Notes: Affects OPC UA servers using the vulnerable library version. Client applications are not directly affected.

📦 What is this software?

Netstandard.opc.ua by Opcfoundation

View all CVEs affecting Netstandard.opc.ua →

Ua .netstandard by Opcfoundation

View all CVEs affecting Ua .netstandard →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain unauthorized access to OPC UA servers, potentially compromising industrial control systems, manipulating process data, or disrupting operations.

🟠

Likely Case

Credential theft leading to unauthorized access to OPC UA server endpoints and data exfiltration.

🟢

If Mitigated

Limited impact due to network segmentation, proper patching, and credential rotation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires man-in-the-middle position to intercept network traffic. Exploitation depends on network access and ability to capture credentials.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.4.359.31 and later

Vendor Advisory: https://opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2019-19135.pdf

Restart Required: Yes

Instructions:

1. Update OPCFoundation.NetStandard.Opc.Ua package to version 1.4.359.31 or later. 2. Rebuild and redeploy affected OPC UA server applications. 3. Restart OPC UA server services.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate OPC UA servers from untrusted networks to prevent man-in-the-middle attacks.

Credential Rotation

all

Regularly rotate OPC UA user credentials to limit exposure window.

🧯 If You Can't Patch

Implement strict network segmentation and firewall rules to limit OPC UA traffic to trusted sources only.
Use certificate-based authentication instead of username/password credentials where possible.

🔍 How to Verify

Check if Vulnerable:

Check the version of OPCFoundation.NetStandard.Opc.Ua.dll in your OPC UA server application. Versions below 1.4.359.31 are vulnerable.

Check Version:

On Windows: (Get-Item "path\to\OPCFoundation.NetStandard.Opc.Ua.dll").VersionInfo.FileVersion

Verify Fix Applied:

Verify the OPCFoundation.NetStandard.Opc.Ua.dll file version is 1.4.359.31 or higher after update.

📡 Detection & Monitoring

Log Indicators:

Multiple failed authentication attempts from same source
Unusual authentication patterns
OPC UA security audit log anomalies

Network Indicators:

Unencrypted OPC UA traffic (if not using encryption)
Suspicious man-in-the-middle activity on OPC UA ports (typically 4840, 4841)

SIEM Query:

source="opc-ua-server" AND (event_type="authentication_failure" OR event_type="security_violation")

📊 Metadata

CVE ID: CVE-2019-19135

CVSS v3 Score: 7.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE: CWE-330

Published: March 16, 2020

Last Updated: November 21, 2024

🔗 References

https://opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2019-19135.pdf Patch,Vendor Advisory
https://opcfoundation.org/security-bulletins/ Vendor Advisory
https://opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2019-19135.pdf Patch,Vendor Advisory
https://opcfoundation.org/security-bulletins/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-19135, you might also want to check these: